From ac5be55b6300718d64e19b01a36181ecf57c9987 Mon Sep 17 00:00:00 2001 From: Tobias Kellner Date: Tue, 13 Jan 2015 02:02:32 +0100 Subject: XAdES1.4 Blacklist added --- .../egiz/bku/binding/HTTPBindingProcessorImpl.java | 7 ++- .../gv/egiz/bku/slcommands/SLCommandContext.java | 22 +++++---- .../impl/CreateXMLSignatureCommandImpl.java | 54 +++++++++++++++++++--- 3 files changed, 67 insertions(+), 16 deletions(-) (limited to 'bkucommon/src/main') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java index 98218e52..943e8707 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java @@ -121,6 +121,10 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement public static final String USE_XADES_1_4 = "UseXAdES14"; + public static final String USE_XADES_1_4_BLACKLIST = "UseXAdES14Blacklist"; + + public static final String XADES_1_4_BLACKLIST_URL = "http://www.buergerkarte.at/BKU_XAdES_14_blacklist.txt"; + public static final String ALLOW_OTHER_REDIRECTS = "AllowOtherRedirects"; public int getMaxDataUrlHops() { @@ -340,7 +344,8 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement log.info("Entered State: {}, Processing {}.", State.PROCESS, slCommand.getName()); SLCommandContext commandCtx = new SLCommandContext( getSTAL(), - new FormDataURLDereferencer(urlDereferencer, this), + new FormDataURLDereferencer(urlDereferencer, this), + getDataUrl(), locale); commandInvoker.setCommand(commandCtx, slCommand); responseCode = 200; diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java index 6615f767..cf2e4875 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java @@ -30,22 +30,25 @@ import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; import at.gv.egiz.stal.STAL; public class SLCommandContext { - + private STAL stal; - + private URLDereferencer urlDereferencer; - + private Locale locale; - public SLCommandContext(STAL stal, URLDereferencer urlDereferencer) { + private String dataURL; + + public SLCommandContext(STAL stal, URLDereferencer urlDereferencer, + String dataURL) { this.stal = stal; this.urlDereferencer = urlDereferencer; + this.dataURL = dataURL; } public SLCommandContext(STAL stal, URLDereferencer urlDereferencer, - Locale locale) { - this.stal = stal; - this.urlDereferencer = urlDereferencer; + String dataURL, Locale locale) { + this(stal, urlDereferencer, dataURL); this.locale = locale; } @@ -72,5 +75,8 @@ public class SLCommandContext { public void setLocale(Locale locale) { this.locale = locale; } - + + public String getDataURL() { + return dataURL; + } } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java index 93b118e5..174a8884 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java @@ -24,11 +24,15 @@ package at.gv.egiz.bku.slcommands.impl; +import java.io.InputStream; +import java.net.URL; import java.security.NoSuchAlgorithmException; import java.security.cert.X509Certificate; +import java.util.ArrayList; import java.util.Collections; import java.util.Date; import java.util.List; +import java.util.Scanner; import javax.xml.crypto.MarshalException; import javax.xml.crypto.URIReferenceException; @@ -73,7 +77,7 @@ public class CreateXMLSignatureCommandImpl extends /** * Logging facility. */ - private final Logger log = LoggerFactory.getLogger(CreateXMLSignatureCommandImpl.class); + private final static Logger log = LoggerFactory.getLogger(CreateXMLSignatureCommandImpl.class); /** * The signing certificate. @@ -100,20 +104,42 @@ public class CreateXMLSignatureCommandImpl extends public static final String USE_STRONG_HASH = "UseStrongHash"; public static final String USE_XADES_1_4 = - HTTPBindingProcessorImpl.ConfigurationFacade.USE_XADES_1_4; + HTTPBindingProcessorImpl.ConfigurationFacade.USE_XADES_1_4; + public static final String USE_XADES_1_4_BLACKLIST = + HTTPBindingProcessorImpl.ConfigurationFacade.USE_XADES_1_4_BLACKLIST; public void setConfiguration(Configuration configuration) { - this.configuration = configuration; + this.configuration = configuration; } public boolean getUseStrongHash() { - return configuration.getBoolean(USE_STRONG_HASH, true); + return configuration.getBoolean(USE_STRONG_HASH, true); } public boolean getUseXAdES14() { - return configuration.getBoolean(USE_XADES_1_4, false); + return configuration.getBoolean(USE_XADES_1_4, false); } -} + + public boolean getUseXAdES14Blacklist() { + return configuration.getBoolean(USE_XADES_1_4_BLACKLIST, false); + } + } + + private static final List XADES_1_4_BLACKLIST; + static { + XADES_1_4_BLACKLIST = new ArrayList(); + try { + URL bl = new URL(HTTPBindingProcessorImpl.ConfigurationFacade.XADES_1_4_BLACKLIST_URL); + InputStream in = bl.openStream(); + Scanner s = new Scanner(in); + while (s.hasNext()){ + XADES_1_4_BLACKLIST.add(s.next()); + } + s.close(); + } catch (Exception e) { + log.error("Blacklist load error", e); + } + } public void setConfiguration(Configuration configuration) { configurationFacade.setConfiguration(configuration); @@ -138,8 +164,22 @@ public class CreateXMLSignatureCommandImpl extends throw new SLCommandException(4006); } + boolean useXAdES14 = configurationFacade.getUseXAdES14(); + if (useXAdES14 && configurationFacade.getUseXAdES14Blacklist()) { + String dataURL = commandContext.getDataURL(); + log.debug("Checking DataURL against XAdES14 blacklist: {}", dataURL); + if (dataURL != null) { + for (String bl_entry : XADES_1_4_BLACKLIST) { + if (dataURL.matches(bl_entry)) { + log.debug("XAdES14 blacklist match"); + useXAdES14 = false; + } + } + } + } + signature = new Signature(commandContext.getURLDereferencer(), - idValueFactory, algorithmMethodFactory, configurationFacade.getUseXAdES14()); + idValueFactory, algorithmMethodFactory, useXAdES14); // SigningTime signature.setSigningTime(new Date()); -- cgit v1.2.3