From c9421495bf0f6e5918cb17595a2fab677aec69a2 Mon Sep 17 00:00:00 2001 From: bschnalzer Date: Mon, 30 Oct 2017 08:09:48 +0100 Subject: Updated Certs in TrustStore, added Access-Controll-Allow-Origin (Response Header), applied Patch for Signature-Exception-Handling --- .../GeoTrustPrimaryCertificationAuthority-G3.crt | 24 +++++++++++++++ .../certStore/toBeAdded/GeoTrustSHA256SSLCA.crt | 28 +++++++++++++++++ .../GeoTrustPrimaryCertificationAuthority-G3.crt | 24 +++++++++++++++ .../bku/certs/trustStore/GeoTrustSHA256SSLCA.crt | 28 +++++++++++++++++ .../egiz/bku/local/webapp/BKURequestHandler.java | 2 ++ .../slcommands/impl/cms/STALSecurityProvider.java | 9 ++++-- .../gv/egiz/bku/slcommands/impl/cms/Signature.java | 35 +++++++--------------- 7 files changed, 124 insertions(+), 26 deletions(-) create mode 100644 BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/certStore/toBeAdded/GeoTrustPrimaryCertificationAuthority-G3.crt create mode 100644 BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/certStore/toBeAdded/GeoTrustSHA256SSLCA.crt create mode 100644 BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/trustStore/GeoTrustPrimaryCertificationAuthority-G3.crt create mode 100644 BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/trustStore/GeoTrustSHA256SSLCA.crt diff --git a/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/certStore/toBeAdded/GeoTrustPrimaryCertificationAuthority-G3.crt b/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/certStore/toBeAdded/GeoTrustPrimaryCertificationAuthority-G3.crt new file mode 100644 index 00000000..243e48ba --- /dev/null +++ b/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/certStore/toBeAdded/GeoTrustPrimaryCertificationAuthority-G3.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB +mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT +MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ +BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg +MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 +BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz ++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm +hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn +5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W +JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL +DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC +huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB +AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB +zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN +kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD +AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH +SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G +spki4cErx5z481+oghLrGREt +-----END CERTIFICATE----- diff --git a/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/certStore/toBeAdded/GeoTrustSHA256SSLCA.crt b/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/certStore/toBeAdded/GeoTrustSHA256SSLCA.crt new file mode 100644 index 00000000..6f97a544 --- /dev/null +++ b/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/certStore/toBeAdded/GeoTrustSHA256SSLCA.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIExzCCA6+gAwIBAgIQQYISfRLZxrMhOUMSVmQAuDANBgkqhkiG9w0BAQsFADCB +mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT +MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eSAtIEczMB4XDTEzMDUyMzAwMDAwMFoXDTIzMDUyMjIzNTk1OVowRjELMAkG +A1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHzAdBgNVBAMTFkdlb1Ry +dXN0IFNIQTI1NiBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQDGqQtdF6V9xs8q78Zm0UIeX4N4aJGv5qeL8B1EAQoZypzUix3hoZCjwVu011tq +i/wOSR7CYin+gBU5i4EqJ7X7EqgFIgvFLPXZmN0WLztm52KiQzKsj7WFyFIGLFzA +d/pn94PoXgWNyKuhFjKK0kDshjocI6mNtQDecr2FVf4GAWBdrbPgZXOlkhSelFZv +k+6vqTowJUqOCYTvt9LV15tJzenAXmdxIqxQkEMgXaGjFYP9/Kc5vGtlSBJg/90j +szqq9J+cN1NBokeTgTMJ5SLGyBxJoW6NzIOzms3qQ/IZ0yTLqCmuUsz0CCewhOrO +J7XhNBNzklyHhirGsGg2rcsJAgMBAAGjggFcMIIBWDA7BggrBgEFBQcBAQQvMC0w +KwYIKwYBBQUHMAGGH2h0dHA6Ly9wY2EtZzMtb2NzcC5nZW90cnVzdC5jb20wEgYD +VR0TAQH/BAgwBgEB/wIBADBMBgNVHSAERTBDMEEGCmCGSAGG+EUBBzYwMzAxBggr +BgEFBQcCARYlaHR0cDovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwczA7 +BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9HZW9UcnVz +dFBDQS1HMy5jcmwwDgYDVR0PAQH/BAQDAgEGMCoGA1UdEQQjMCGkHzAdMRswGQYD +VQQDExJWZXJpU2lnbk1QS0ktMi00MTYwHQYDVR0OBBYEFBRnju2DT9YenUAEDARG +oXA0sg9yMB8GA1UdIwQYMBaAFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3 +DQEBCwUAA4IBAQAQEOryENYIRuLBjz42WcgrD/5N7OP4tlYxeCXUdvII3e8/zYsc +fqp//AuoI2RRs4fWCfoi+scKUejOuPYDcOAbWrmxspMREPmXBQcpbG1XJVTo+Wab +Dvvbn+6Wb2XLH9hVzjH6zwL00H9QZv8veZulwt/Wz8gVg5aEmLJG1F8TqD6nNJwF +ONrP1mmVqSaHdgHXslEPgWlGJhyZtoNY4ztYj9y0ccC5v0KcHAOe5Eao6rnBzfZb +qTyW+3mkM3Onnni5cNxydMQyyAAbye9I0/s6m/r+eppAaRzI2ig3C9OjuX6WzCso +w1Zsb+nbUrH6mvvnr7WXpiLDxaiTsQDJB7J9 +-----END CERTIFICATE----- diff --git a/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/trustStore/GeoTrustPrimaryCertificationAuthority-G3.crt b/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/trustStore/GeoTrustPrimaryCertificationAuthority-G3.crt new file mode 100644 index 00000000..243e48ba --- /dev/null +++ b/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/trustStore/GeoTrustPrimaryCertificationAuthority-G3.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB +mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT +MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ +BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg +MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 +BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz ++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm +hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn +5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W +JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL +DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC +huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB +AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB +zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN +kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD +AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH +SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G +spki4cErx5z481+oghLrGREt +-----END CERTIFICATE----- diff --git a/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/trustStore/GeoTrustSHA256SSLCA.crt b/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/trustStore/GeoTrustSHA256SSLCA.crt new file mode 100644 index 00000000..6f97a544 --- /dev/null +++ b/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/trustStore/GeoTrustSHA256SSLCA.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIExzCCA6+gAwIBAgIQQYISfRLZxrMhOUMSVmQAuDANBgkqhkiG9w0BAQsFADCB +mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT +MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eSAtIEczMB4XDTEzMDUyMzAwMDAwMFoXDTIzMDUyMjIzNTk1OVowRjELMAkG +A1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHzAdBgNVBAMTFkdlb1Ry +dXN0IFNIQTI1NiBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQDGqQtdF6V9xs8q78Zm0UIeX4N4aJGv5qeL8B1EAQoZypzUix3hoZCjwVu011tq +i/wOSR7CYin+gBU5i4EqJ7X7EqgFIgvFLPXZmN0WLztm52KiQzKsj7WFyFIGLFzA +d/pn94PoXgWNyKuhFjKK0kDshjocI6mNtQDecr2FVf4GAWBdrbPgZXOlkhSelFZv +k+6vqTowJUqOCYTvt9LV15tJzenAXmdxIqxQkEMgXaGjFYP9/Kc5vGtlSBJg/90j +szqq9J+cN1NBokeTgTMJ5SLGyBxJoW6NzIOzms3qQ/IZ0yTLqCmuUsz0CCewhOrO +J7XhNBNzklyHhirGsGg2rcsJAgMBAAGjggFcMIIBWDA7BggrBgEFBQcBAQQvMC0w +KwYIKwYBBQUHMAGGH2h0dHA6Ly9wY2EtZzMtb2NzcC5nZW90cnVzdC5jb20wEgYD +VR0TAQH/BAgwBgEB/wIBADBMBgNVHSAERTBDMEEGCmCGSAGG+EUBBzYwMzAxBggr +BgEFBQcCARYlaHR0cDovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwczA7 +BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9HZW9UcnVz +dFBDQS1HMy5jcmwwDgYDVR0PAQH/BAQDAgEGMCoGA1UdEQQjMCGkHzAdMRswGQYD +VQQDExJWZXJpU2lnbk1QS0ktMi00MTYwHQYDVR0OBBYEFBRnju2DT9YenUAEDARG +oXA0sg9yMB8GA1UdIwQYMBaAFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3 +DQEBCwUAA4IBAQAQEOryENYIRuLBjz42WcgrD/5N7OP4tlYxeCXUdvII3e8/zYsc +fqp//AuoI2RRs4fWCfoi+scKUejOuPYDcOAbWrmxspMREPmXBQcpbG1XJVTo+Wab +Dvvbn+6Wb2XLH9hVzjH6zwL00H9QZv8veZulwt/Wz8gVg5aEmLJG1F8TqD6nNJwF +ONrP1mmVqSaHdgHXslEPgWlGJhyZtoNY4ztYj9y0ccC5v0KcHAOe5Eao6rnBzfZb +qTyW+3mkM3Onnni5cNxydMQyyAAbye9I0/s6m/r+eppAaRzI2ig3C9OjuX6WzCso +w1Zsb+nbUrH6mvvnr7WXpiLDxaiTsQDJB7J9 +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java index d607f67f..07cecbc4 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java @@ -140,6 +140,8 @@ public class BKURequestHandler extends SpringBKUServlet { for (String header : responseHeaders.keySet()) { resp.setHeader(header, responseHeaders.get(header)); } + //set response header for CORS manually + resp.setHeader("Access-Control-Allow-Origin", "*"); String serverHeader = bindingProcessor.getServerHeaderValue(); if (serverHeader != null && !serverHeader.isEmpty()) { resp.setHeader(HttpUtil.HTTP_HEADER_SERVER, serverHeader); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java index 77bfaaa7..87c00644 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java @@ -67,6 +67,7 @@ public class STALSecurityProvider extends IaikProvider { private STAL stal; private List hashDataInput; private ExcludedByteRangeType excludedByteRange; + private STALSignatureException stalSignatureException; public STALSecurityProvider(STAL stal, String keyboxIdentifier, HashDataInput hashDataInput, ExcludedByteRangeType excludedByteRange) { @@ -106,8 +107,8 @@ public class STALSecurityProvider extends IaikProvider { return wrapSignatureValue(sig, signatureAlgorithm); } else if (response instanceof ErrorResponse) { ErrorResponse err = (ErrorResponse) response; - STALSignatureException se = new STALSignatureException(err.getErrorCode(), err.getErrorMessage()); - throw new SignatureException(se); + stalSignatureException = new STALSignatureException(err.getErrorCode(), err.getErrorMessage()); + throw new SignatureException(stalSignatureException); } else { throw new SignatureException("Failed to access STAL."); } @@ -151,4 +152,8 @@ public class STALSecurityProvider extends IaikProvider { return sig; } + public STALSignatureException getStalSignatureException() { + return stalSignatureException; + } + } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java index 9c89906e..7be546de 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java @@ -50,7 +50,6 @@ import java.security.InvalidParameterException; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; -import java.security.SignatureException; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -252,26 +251,6 @@ public class Signature { return data; } - private void setSignerInfo() throws SLCommandException, CMSException, CMSSignatureException { - try { - signedData.addSignerInfo(signerInfo); - } catch (NoSuchAlgorithmException e) { - if (e.getCause() instanceof CMSException) { - CMSException e2 = (CMSException) e.getCause(); - if (e2.getCause() instanceof SignatureException) - { - SignatureException e3 = (SignatureException) e2.getCause(); - if (e3.getCause() instanceof STALSignatureException) { - STALSignatureException e4 = (STALSignatureException) e3.getCause(); - throw new SLCommandException(e4.getErrorCode()); - } - } - throw e2; - } - throw new CMSSignatureException(e); - } - } - private void setAlgorithmIDs(X509Certificate signingCertificate, boolean useStrongHash) throws NoSuchAlgorithmException { PublicKey publicKey = signingCertificate.getPublicKey(); String algorithm = publicKey.getAlgorithm(); @@ -332,9 +311,17 @@ public class Signature { } public byte[] sign(STAL stal, String keyboxIdentifier) throws CMSException, CMSSignatureException, SLCommandException { - signedData.setSecurityProvider(new STALSecurityProvider( - stal, keyboxIdentifier, getHashDataInput(), this.excludedByteRange)); - setSignerInfo(); + STALSecurityProvider securityProvider = new STALSecurityProvider(stal, keyboxIdentifier, getHashDataInput(), this.excludedByteRange); + signedData.setSecurityProvider(securityProvider); + try { + signedData.addSignerInfo(signerInfo); + } catch (NoSuchAlgorithmException e) { + STALSignatureException stalSignatureException = securityProvider.getStalSignatureException(); + if (stalSignatureException != null) { + throw new SLCommandException(stalSignatureException.getErrorCode()); + } + throw new CMSSignatureException(e); + } ContentInfo contentInfo = new ContentInfo(signedData); return contentInfo.getEncoded(); } -- cgit v1.2.3