From 78806dca7951288aaca027a8675eaf1970f8921d Mon Sep 17 00:00:00 2001 From: Tobias Kellner Date: Mon, 9 Mar 2015 16:55:12 +0100 Subject: Reload XAdES14 Blacklist after set time --- .../egiz/bku/binding/HTTPBindingProcessorImpl.java | 2 + .../impl/CreateXMLSignatureCommandImpl.java | 46 ++++++++++++++++------ 2 files changed, 37 insertions(+), 11 deletions(-) diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java index 943e8707..0308930f 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java @@ -125,6 +125,8 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement public static final String XADES_1_4_BLACKLIST_URL = "http://www.buergerkarte.at/BKU_XAdES_14_blacklist.txt"; + public static final int XADES_1_4_BLACKLIST_EXPIRY = 60*60*24; //1 day + public static final String ALLOW_OTHER_REDIRECTS = "AllowOtherRedirects"; public int getMaxDataUrlHops() { diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java index 174a8884..1b9ab06c 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java @@ -26,6 +26,7 @@ package at.gv.egiz.bku.slcommands.impl; import java.io.InputStream; import java.net.URL; +import java.net.URLConnection; import java.security.NoSuchAlgorithmException; import java.security.cert.X509Certificate; import java.util.ArrayList; @@ -107,6 +108,10 @@ public class CreateXMLSignatureCommandImpl extends HTTPBindingProcessorImpl.ConfigurationFacade.USE_XADES_1_4; public static final String USE_XADES_1_4_BLACKLIST = HTTPBindingProcessorImpl.ConfigurationFacade.USE_XADES_1_4_BLACKLIST; + public static final String XADES_1_4_BLACKLIST_URL = + HTTPBindingProcessorImpl.ConfigurationFacade.XADES_1_4_BLACKLIST_URL; + public static final int XADES_1_4_BLACKLIST_EXPIRY = + HTTPBindingProcessorImpl.ConfigurationFacade.XADES_1_4_BLACKLIST_EXPIRY; public void setConfiguration(Configuration configuration) { this.configuration = configuration; @@ -125,12 +130,20 @@ public class CreateXMLSignatureCommandImpl extends } } + private static long XADES_1_4_BLACKLIST_TS; private static final List XADES_1_4_BLACKLIST; static { XADES_1_4_BLACKLIST = new ArrayList(); + loadXAdES14Blacklist(); + } + + private static void loadXAdES14Blacklist() { + XADES_1_4_BLACKLIST_TS = System.currentTimeMillis(); + XADES_1_4_BLACKLIST.clear(); try { - URL bl = new URL(HTTPBindingProcessorImpl.ConfigurationFacade.XADES_1_4_BLACKLIST_URL); - InputStream in = bl.openStream(); + URLConnection blc = new URL(ConfigurationFacade.XADES_1_4_BLACKLIST_URL).openConnection(); + blc.setUseCaches(false); + InputStream in = blc.getInputStream(); Scanner s = new Scanner(in); while (s.hasNext()){ XADES_1_4_BLACKLIST.add(s.next()); @@ -141,6 +154,24 @@ public class CreateXMLSignatureCommandImpl extends } } + private static boolean matchesXAdES14Blacklist(String url) { + log.debug("Checking DataURL against XAdES14 blacklist: {}", url); + if ((System.currentTimeMillis() - XADES_1_4_BLACKLIST_TS) > + (ConfigurationFacade.XADES_1_4_BLACKLIST_EXPIRY * 1000)) { + log.debug("Updating XAdES14 blacklist"); + loadXAdES14Blacklist(); + } + if (url != null) { + for (String bl_entry : XADES_1_4_BLACKLIST) { + if (url.matches(bl_entry)) { + log.debug("XAdES14 blacklist match"); + return true; + } + } + } + return false; + } + public void setConfiguration(Configuration configuration) { configurationFacade.setConfiguration(configuration); } @@ -167,15 +198,8 @@ public class CreateXMLSignatureCommandImpl extends boolean useXAdES14 = configurationFacade.getUseXAdES14(); if (useXAdES14 && configurationFacade.getUseXAdES14Blacklist()) { String dataURL = commandContext.getDataURL(); - log.debug("Checking DataURL against XAdES14 blacklist: {}", dataURL); - if (dataURL != null) { - for (String bl_entry : XADES_1_4_BLACKLIST) { - if (dataURL.matches(bl_entry)) { - log.debug("XAdES14 blacklist match"); - useXAdES14 = false; - } - } - } + if (matchesXAdES14Blacklist(dataURL)) + useXAdES14 = false; } signature = new Signature(commandContext.getURLDereferencer(), -- cgit v1.2.3