XAdES1.4 Blacklist added

7 files changed, 74 insertions, 23 deletions

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
index 98218e52..943e8707 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
@@ -121,6 +121,10 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
 
 		public static final String USE_XADES_1_4 = "UseXAdES14";
 
+		public static final String USE_XADES_1_4_BLACKLIST = "UseXAdES14Blacklist";
+
+		public static final String XADES_1_4_BLACKLIST_URL = "http://www.buergerkarte.at/BKU_XAdES_14_blacklist.txt";
+
 		public static final String ALLOW_OTHER_REDIRECTS = "AllowOtherRedirects";
 
 		public int getMaxDataUrlHops() {
@@ -340,7 +344,8 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
 		log.info("Entered State: {}, Processing {}.", State.PROCESS, slCommand.getName());
 		SLCommandContext commandCtx = new SLCommandContext(
 			getSTAL(),
-			new FormDataURLDereferencer(urlDereferencer, this), 
+			new FormDataURLDereferencer(urlDereferencer, this),
+			getDataUrl(),
 			locale);
 		commandInvoker.setCommand(commandCtx, slCommand);
 		responseCode = 200;
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java
index 6615f767..cf2e4875 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java
@@ -30,22 +30,25 @@ import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
 import at.gv.egiz.stal.STAL;

 

 public class SLCommandContext {

-  

+

   private STAL stal;
-  

+

   private URLDereferencer urlDereferencer;
-  
+
   private Locale locale;
 
-  public SLCommandContext(STAL stal, URLDereferencer urlDereferencer) {
+  private String dataURL;
+
+  public SLCommandContext(STAL stal, URLDereferencer urlDereferencer,
+      String dataURL) {
     this.stal = stal;
     this.urlDereferencer = urlDereferencer;
+    this.dataURL = dataURL;
   }
 
   public SLCommandContext(STAL stal, URLDereferencer urlDereferencer,
-      Locale locale) {
-    this.stal = stal;
-    this.urlDereferencer = urlDereferencer;
+      String dataURL, Locale locale) {
+    this(stal, urlDereferencer, dataURL);
     this.locale = locale;
   }
 
@@ -72,5 +75,8 @@ public class SLCommandContext {
   public void setLocale(Locale locale) {
     this.locale = locale;
   }
-  

+
+  public String getDataURL() {
+    return dataURL;
+  }

 }
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
index 93b118e5..174a8884 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
@@ -24,11 +24,15 @@
 
 package at.gv.egiz.bku.slcommands.impl;
 
+import java.io.InputStream;
+import java.net.URL;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Date;
 import java.util.List;
+import java.util.Scanner;
 
 import javax.xml.crypto.MarshalException;
 import javax.xml.crypto.URIReferenceException;
@@ -73,7 +77,7 @@ public class CreateXMLSignatureCommandImpl extends
   /**
    * Logging facility.
    */
-  private final Logger log = LoggerFactory.getLogger(CreateXMLSignatureCommandImpl.class);
+  private final static Logger log = LoggerFactory.getLogger(CreateXMLSignatureCommandImpl.class);
 
   /**
    * The signing certificate.
@@ -100,20 +104,42 @@ public class CreateXMLSignatureCommandImpl extends
 
     public static final String USE_STRONG_HASH = "UseStrongHash";
     public static final String USE_XADES_1_4 =
-        HTTPBindingProcessorImpl.ConfigurationFacade.USE_XADES_1_4;
+      HTTPBindingProcessorImpl.ConfigurationFacade.USE_XADES_1_4;
+    public static final String USE_XADES_1_4_BLACKLIST =
+      HTTPBindingProcessorImpl.ConfigurationFacade.USE_XADES_1_4_BLACKLIST;
 
     public void setConfiguration(Configuration configuration) {
-        this.configuration = configuration;
+      this.configuration = configuration;
     }
 
     public boolean getUseStrongHash() {
-        return configuration.getBoolean(USE_STRONG_HASH, true);
+      return configuration.getBoolean(USE_STRONG_HASH, true);
     }
 
     public boolean getUseXAdES14() {
-        return configuration.getBoolean(USE_XADES_1_4, false);
+      return configuration.getBoolean(USE_XADES_1_4, false);
     }
-}
+
+    public boolean getUseXAdES14Blacklist() {
+      return configuration.getBoolean(USE_XADES_1_4_BLACKLIST, false);
+    }
+  }
+
+  private static final List<String> XADES_1_4_BLACKLIST;
+  static {
+    XADES_1_4_BLACKLIST = new ArrayList<String>();
+    try {
+      URL bl = new URL(HTTPBindingProcessorImpl.ConfigurationFacade.XADES_1_4_BLACKLIST_URL);
+      InputStream in = bl.openStream();
+      Scanner s = new Scanner(in);
+      while (s.hasNext()){
+        XADES_1_4_BLACKLIST.add(s.next());
+      }
+    s.close();
+    } catch (Exception e) {
+      log.error("Blacklist load error", e);
+    }
+  }
 
   public void setConfiguration(Configuration configuration) {
     configurationFacade.setConfiguration(configuration);
@@ -138,8 +164,22 @@ public class CreateXMLSignatureCommandImpl extends
       throw new SLCommandException(4006);
     }
 
+    boolean useXAdES14 = configurationFacade.getUseXAdES14();
+    if (useXAdES14 && configurationFacade.getUseXAdES14Blacklist()) {
+      String dataURL = commandContext.getDataURL();
+      log.debug("Checking DataURL against XAdES14 blacklist: {}", dataURL);
+      if (dataURL != null) {
+        for (String bl_entry : XADES_1_4_BLACKLIST) {
+          if (dataURL.matches(bl_entry)) {
+            log.debug("XAdES14 blacklist match");
+            useXAdES14 = false;
+          }
+        }
+      }
+    }
+
     signature = new Signature(commandContext.getURLDereferencer(),
-        idValueFactory, algorithmMethodFactory, configurationFacade.getUseXAdES14());
+        idValueFactory, algorithmMethodFactory, useXAdES14);
 
     // SigningTime
     signature.setSigningTime(new Date());
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateCMSSignatureCommandImplTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateCMSSignatureCommandImplTest.java
index 94f03584..b1ec7777 100644
--- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateCMSSignatureCommandImplTest.java
+++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateCMSSignatureCommandImplTest.java
@@ -96,7 +96,7 @@ public class CreateCMSSignatureCommandImplTest {
     SLCommand command = factory.createSLCommand(new StreamSource(new InputStreamReader(inputStream)));

     assertTrue(command instanceof CreateCMSSignatureCommand);

     

-    SLCommandContext context = new SLCommandContext(stal, urlDereferencer);
+    SLCommandContext context = new SLCommandContext(stal, urlDereferencer, null);
     SLResult result = command.execute(context);

     result.writeTo(new StreamResult(System.out), false);

   }

diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImplTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImplTest.java
index d4694c40..f80ef965 100644
--- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImplTest.java
+++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImplTest.java
@@ -97,7 +97,7 @@ public class CreateXMLSignatureCommandImplTest {
     SLCommand command = factory.createSLCommand(new StreamSource(new InputStreamReader(inputStream)));

     assertTrue(command instanceof CreateXMLSignatureCommand);

     

-    SLCommandContext context = new SLCommandContext(stal, urlDereferencer);
+    SLCommandContext context = new SLCommandContext(stal, urlDereferencer, null);
     SLResult result = command.execute(context);

     result.writeTo(new StreamResult(System.out), false);

   }

@@ -119,7 +119,7 @@ public class CreateXMLSignatureCommandImplTest {
     SLCommand command = factory.createSLCommand(new StreamSource(new InputStreamReader(inputStream)));

     assertTrue(command instanceof InfoboxReadCommandImpl);
     

-    SLCommandContext context = new SLCommandContext(stal, urlDereferencer);
+    SLCommandContext context = new SLCommandContext(stal, urlDereferencer, null);
     SLResult result = command.execute(context);
     assertTrue(result instanceof ErrorResult);
   }

diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadComandImplTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadComandImplTest.java
index 42cf0232..437278e4 100644
--- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadComandImplTest.java
+++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadComandImplTest.java
@@ -91,7 +91,7 @@ public class InfoboxReadComandImplTest {
     InputStream inputStream = getClass().getClassLoader().getResourceAsStream("at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.xml");

     assertNotNull(inputStream);

     

-    SLCommandContext context = new SLCommandContext(stal, urlDereferencer);
+    SLCommandContext context = new SLCommandContext(stal, urlDereferencer, null);
     context.setSTAL(stal);

     SLCommand command = factory.createSLCommand(new StreamSource(new InputStreamReader(inputStream)));

     assertTrue(command instanceof InfoboxReadCommand);

@@ -113,7 +113,7 @@ public class InfoboxReadComandImplTest {
     InputStream inputStream = getClass().getClassLoader().getResourceAsStream("at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.Invalid-2.xml");

     assertNotNull(inputStream);

     

-    SLCommandContext context = new SLCommandContext(stal, urlDereferencer);
+    SLCommandContext context = new SLCommandContext(stal, urlDereferencer, null);
     SLCommand command = factory.createSLCommand(new StreamSource(new InputStreamReader(inputStream)));

     assertTrue(command instanceof InfoboxReadCommand);
     
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/SVPersonendatenInfoboxImplTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/SVPersonendatenInfoboxImplTest.java
index 9281efcb..7f205eb1 100644
--- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/SVPersonendatenInfoboxImplTest.java
+++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/SVPersonendatenInfoboxImplTest.java
@@ -134,7 +134,7 @@ public class SVPersonendatenInfoboxImplTest {
     InputStream inputStream = getClass().getClassLoader().getResourceAsStream("at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.xml");

     assertNotNull(inputStream);

     

-    SLCommandContext context = new SLCommandContext(stal, urlDereferencer);

+    SLCommandContext context = new SLCommandContext(stal, urlDereferencer, null);

     SLCommand command = factory.createSLCommand(new StreamSource(new InputStreamReader(inputStream)));

     assertTrue(command instanceof InfoboxReadCommand);

     

@@ -156,7 +156,7 @@ public class SVPersonendatenInfoboxImplTest {
     InputStream inputStream = getClass().getClassLoader().getResourceAsStream("at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.Invalid-2.xml");

     assertNotNull(inputStream);

     

-    SLCommandContext context = new SLCommandContext(stal, urlDereferencer);
+    SLCommandContext context = new SLCommandContext(stal, urlDereferencer, null);
     SLCommand command = factory.createSLCommand(new StreamSource(new InputStreamReader(inputStream)));

     assertTrue(command instanceof InfoboxReadCommand);