summaryrefslogtreecommitdiff
path: root/bkucommon/src/main/java/at/gv/egiz
diff options
context:
space:
mode:
Diffstat (limited to 'bkucommon/src/main/java/at/gv/egiz')
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java2
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java46
2 files changed, 37 insertions, 11 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
index 943e8707..0308930f 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
@@ -125,6 +125,8 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
public static final String XADES_1_4_BLACKLIST_URL = "http://www.buergerkarte.at/BKU_XAdES_14_blacklist.txt";
+ public static final int XADES_1_4_BLACKLIST_EXPIRY = 60*60*24; //1 day
+
public static final String ALLOW_OTHER_REDIRECTS = "AllowOtherRedirects";
public int getMaxDataUrlHops() {
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
index 174a8884..1b9ab06c 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
@@ -26,6 +26,7 @@ package at.gv.egiz.bku.slcommands.impl;
import java.io.InputStream;
import java.net.URL;
+import java.net.URLConnection;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -107,6 +108,10 @@ public class CreateXMLSignatureCommandImpl extends
HTTPBindingProcessorImpl.ConfigurationFacade.USE_XADES_1_4;
public static final String USE_XADES_1_4_BLACKLIST =
HTTPBindingProcessorImpl.ConfigurationFacade.USE_XADES_1_4_BLACKLIST;
+ public static final String XADES_1_4_BLACKLIST_URL =
+ HTTPBindingProcessorImpl.ConfigurationFacade.XADES_1_4_BLACKLIST_URL;
+ public static final int XADES_1_4_BLACKLIST_EXPIRY =
+ HTTPBindingProcessorImpl.ConfigurationFacade.XADES_1_4_BLACKLIST_EXPIRY;
public void setConfiguration(Configuration configuration) {
this.configuration = configuration;
@@ -125,12 +130,20 @@ public class CreateXMLSignatureCommandImpl extends
}
}
+ private static long XADES_1_4_BLACKLIST_TS;
private static final List<String> XADES_1_4_BLACKLIST;
static {
XADES_1_4_BLACKLIST = new ArrayList<String>();
+ loadXAdES14Blacklist();
+ }
+
+ private static void loadXAdES14Blacklist() {
+ XADES_1_4_BLACKLIST_TS = System.currentTimeMillis();
+ XADES_1_4_BLACKLIST.clear();
try {
- URL bl = new URL(HTTPBindingProcessorImpl.ConfigurationFacade.XADES_1_4_BLACKLIST_URL);
- InputStream in = bl.openStream();
+ URLConnection blc = new URL(ConfigurationFacade.XADES_1_4_BLACKLIST_URL).openConnection();
+ blc.setUseCaches(false);
+ InputStream in = blc.getInputStream();
Scanner s = new Scanner(in);
while (s.hasNext()){
XADES_1_4_BLACKLIST.add(s.next());
@@ -141,6 +154,24 @@ public class CreateXMLSignatureCommandImpl extends
}
}
+ private static boolean matchesXAdES14Blacklist(String url) {
+ log.debug("Checking DataURL against XAdES14 blacklist: {}", url);
+ if ((System.currentTimeMillis() - XADES_1_4_BLACKLIST_TS) >
+ (ConfigurationFacade.XADES_1_4_BLACKLIST_EXPIRY * 1000)) {
+ log.debug("Updating XAdES14 blacklist");
+ loadXAdES14Blacklist();
+ }
+ if (url != null) {
+ for (String bl_entry : XADES_1_4_BLACKLIST) {
+ if (url.matches(bl_entry)) {
+ log.debug("XAdES14 blacklist match");
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
public void setConfiguration(Configuration configuration) {
configurationFacade.setConfiguration(configuration);
}
@@ -167,15 +198,8 @@ public class CreateXMLSignatureCommandImpl extends
boolean useXAdES14 = configurationFacade.getUseXAdES14();
if (useXAdES14 && configurationFacade.getUseXAdES14Blacklist()) {
String dataURL = commandContext.getDataURL();
- log.debug("Checking DataURL against XAdES14 blacklist: {}", dataURL);
- if (dataURL != null) {
- for (String bl_entry : XADES_1_4_BLACKLIST) {
- if (dataURL.matches(bl_entry)) {
- log.debug("XAdES14 blacklist match");
- useXAdES14 = false;
- }
- }
- }
+ if (matchesXAdES14Blacklist(dataURL))
+ useXAdES14 = false;
}
signature = new Signature(commandContext.getURLDereferencer(),