From df1f2ef69011c6754030fa22a42c080e31b99b03 Mon Sep 17 00:00:00 2001 From: tkellner Date: Tue, 17 May 2011 14:04:25 +0000 Subject: Enable switching to SHA-2 mode via config parameter git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@935 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../egiz/bku/binding/HTTPBindingProcessorImpl.java | 8 +++--- .../impl/CreateXMLSignatureCommandFactory.java | 7 +++-- .../impl/CreateXMLSignatureCommandImpl.java | 30 ++++++++++++++++++---- .../impl/xsect/AlgorithmMethodFactoryImpl.java | 14 +++++----- 4 files changed, 40 insertions(+), 19 deletions(-) (limited to 'bkucommon/src/main/java/at/gv') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java index f63289e3..9b3abcb6 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java @@ -281,10 +281,10 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement protected void processRequest() { log.info("Entered State: {}, Processing {}.", State.PROCESS, slCommand.getName()); - SLCommandContext commandCtx = new SLCommandContext( - getSTAL(), - new FormDataURLDereferencer(urlDereferencer, this), - locale); + SLCommandContext commandCtx = new SLCommandContext( + getSTAL(), + new FormDataURLDereferencer(urlDereferencer, this), + locale); commandInvoker.setCommand(commandCtx, slCommand); responseCode = 200; responseHeaders = Collections.EMPTY_MAP; diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandFactory.java index 750c2838..55bfa3ce 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandFactory.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandFactory.java @@ -32,20 +32,19 @@ public class CreateXMLSignatureCommandFactory extends AbstractSLCommandFactory { private ConfigurationFacade configurationFacade = new ConfigurationFacade(); private class ConfigurationFacade implements MoccaConfigurationFacade { - public static final String VALIDATE_HASH_DATA_INPUTS = "ValidateHashDataInputs"; - + public boolean getValidateHashDataInputs() { return configuration.getBoolean(VALIDATE_HASH_DATA_INPUTS, true); } - } - + @Override public SLCommand createSLCommand(JAXBElement element) throws SLCommandException { CreateXMLSignatureCommandImpl command = new CreateXMLSignatureCommandImpl(); command.init(element); + command.setConfiguration(configuration); return command; } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java index d52027b2..f372a5ec 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java @@ -26,6 +26,7 @@ import javax.xml.crypto.MarshalException; import javax.xml.crypto.URIReferenceException; import javax.xml.crypto.dsig.XMLSignatureException; +import org.apache.commons.configuration.Configuration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.w3c.dom.ls.DOMImplementationLS; @@ -33,6 +34,7 @@ import org.w3c.dom.ls.LSSerializer; import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureRequestType; import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType; +import at.gv.egiz.bku.conf.MoccaConfigurationFacade; import at.gv.egiz.bku.slcommands.CreateXMLSignatureCommand; import at.gv.egiz.bku.slcommands.SLCommandContext; import at.gv.egiz.bku.slcommands.SLResult; @@ -78,12 +80,30 @@ public class CreateXMLSignatureCommandImpl extends * The to-be signed signature. */ protected Signature signature; - + /** - * Disable hash data input validation? + * The configuration facade used to access the MOCCA configuration. */ - protected boolean disableHashdataInputValidation; - + private ConfigurationFacade configurationFacade = new ConfigurationFacade(); + + private class ConfigurationFacade implements MoccaConfigurationFacade { + private Configuration configuration; + + public static final String USE_SHA2 = "useSHA2"; + + public void setConfiguration(Configuration configuration) { + this.configuration = configuration; + } + + public boolean getUseSHA2() { + return configuration.getBoolean(USE_SHA2, false); + } + } + + public void setConfiguration(Configuration configuration) { + configurationFacade.setConfiguration(configuration); + } + @Override public void prepareXMLSignature(SLCommandContext commandContext) throws SLCommandException, SLRequestException { @@ -97,7 +117,7 @@ public class CreateXMLSignatureCommandImpl extends AlgorithmMethodFactory algorithmMethodFactory; try { algorithmMethodFactory = new AlgorithmMethodFactoryImpl( - signingCertificate); + signingCertificate, configurationFacade.getUseSHA2()); } catch (NoSuchAlgorithmException e) { log.error("Failed to get DigestMethod.", e); throw new SLCommandException(4006); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java index f1219a6c..49ed4486 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java @@ -45,7 +45,7 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { /** * Use SHA-2? */ - private static boolean SHA2 = false; + private boolean SHA2 = false; /** * The signature algorithm URI. @@ -61,19 +61,21 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { * The algorithm parameters for the signature algorithm. */ private SignatureMethodParameterSpec signatureMethodParameterSpec; - + /** - * Creates a new AlgrithmMethodFactory with the given + * Creates a new AlgorithmMethodFactory with the given * signingCertificate. * - * @param signingCertificate + * @param signingCertificate * * @throws NoSuchAlgorithmException * if the public key algorithm of the given * signingCertificate is not supported */ - public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate) - throws NoSuchAlgorithmException { + public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useSHA2) + throws NoSuchAlgorithmException { + + SHA2 = useSHA2; PublicKey publicKey = signingCertificate.getPublicKey(); String algorithm = publicKey.getAlgorithm(); -- cgit v1.2.3