diff options
| author | Thomas <> | 2024-09-05 09:57:10 +0200 |
|---|---|---|
| committer | Thomas <> | 2024-09-05 09:57:10 +0200 |
| commit | e8b4bcaddffef3bf937142d2fe06efd709632cee (patch) | |
| tree | 67b7e8663704e17b27bdf693658460c81af23ad6 | |
| parent | d46ce27508d11be00ce247457f30e5381e7d280b (diff) | |
| download | pdf-as-4-e8b4bcaddffef3bf937142d2fe06efd709632cee.tar.gz pdf-as-4-e8b4bcaddffef3bf937142d2fe06efd709632cee.tar.bz2 pdf-as-4-e8b4bcaddffef3bf937142d2fe06efd709632cee.zip | |
feat(web): add configuration property to disable implicated signature-verification on signing Web-Service interface
3 files changed, 106 insertions, 62 deletions
diff --git a/pdf-as-web/src/main/configuration/pdf-as-web.properties b/pdf-as-web/src/main/configuration/pdf-as-web.properties index fe6c9576..845a82e0 100644 --- a/pdf-as-web/src/main/configuration/pdf-as-web.properties +++ b/pdf-as-web/src/main/configuration/pdf-as-web.properties @@ -1,12 +1,10 @@ - +############################################################################## pdfas.dir=conf/pdf-as +public.url=http://localhost:8080/pdf-as-web +#public.data.url=http://localhost:8088/pdf-as-web error.showdetails=false -bku.local.url=http://127.0.0.1:3495/http-security-layer-request - -bku.mobile.url=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx - # Allow configuration overwrite from external sources # use with care! allow.ext.overwrite=false @@ -18,6 +16,14 @@ allow.ext.overwrite=false # by external components ext.overwrite.wl.1=^$ + +############################################################################## +## Signing by Security-Layer +bku.local.url=http://127.0.0.1:3495/http-security-layer-request +bku.mobile.url=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx + + +############################################################################## ks.enabled=false ks.file=test.p12 ks.type=PKCS12 @@ -25,6 +31,8 @@ ks.pass=123456 ks.key.alias=ecc_test ks.key.pass=123456 + +############################################################################## ## KeyStore List # Entries are addressable via KeyIdentifier # Example Entry with address "test" @@ -35,6 +43,8 @@ ksl.test.pass=123456 ksl.test.key.alias=test1 ksl.test.key.pass=123456 + +############################################################################## ## Moa List # Entries are addressable via KeyIdentifier # Example Entry with address "test" @@ -43,16 +53,26 @@ moal.test.url=http://localhost:8080/moa-spss/services/SignatureCreation moal.test.KeyIdentifier=KG_ECC_TEST moal.test.Certificate=KG_ECC_TEST.crt -#Enable SOAP Service + +############################################################################## +###### Enable SOAP Service +# Enable signing endpoint soap.sign.enabled=true +# Enable implicide signature-verification during WebService signing +soap.sign.with.verify.enabled=true + +# Enable signature-verification endpoint +# soap.verify.enabled=false + + +############################################################################## whitelist.enabled=true # Matches everything whitelist.url.01=^.*$ -public.url=http://localhost:8080/pdf-as-web -#public.data.url=http://localhost:8088/pdf-as-web +############################################################################## #Request Store # Default In Memory Store request.store=at.gv.egiz.pdfas.web.store.InMemoryRequestStore @@ -74,8 +94,9 @@ request.store=at.gv.egiz.pdfas.web.store.InMemoryRequestStore #hibernate.props.hibernate.show_sql=true #hibernate.props.hibernate.hbm2ddl.auto=update -#Security layer 2.0 config +############################################################################## +#Security layer 2.0 config #sl20.sign.enabled=true #sl20.mobile.url=http://localhost:7080/vda/services/getCertificate sl20.keystore.file= @@ -89,4 +110,4 @@ sl20.debug.signed.result.enabled=false sl20.debug.signed.result.required=false sl20.debug.encryption.enabled=false sl20.debug.encryption.required=false -sl20.transfermode.filesize=20000000
\ No newline at end of file +sl20.transfermode.filesize=20000000 diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java index 81b60131..7177541c 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java @@ -58,6 +58,7 @@ public class WebConfiguration implements IConfigurationConstants { public static final String MOA_SS_ENABLED = "moa.enabled"; public static final String SOAP_SIGN_ENABLED = "soap.sign.enabled"; + public static final String SOAP_SIGN_WITH_VERIFY_ENABLED = "soap.sign.with.verify.enabled"; public static final String SOAP_VERIFY_ENABLED = "soap.verify.enabled"; public static final String RELOAD_PASSWORD = "reload.pwd"; public static final String RELOAD_ENABLED = "reload.enabled"; @@ -506,6 +507,15 @@ public class WebConfiguration implements IConfigurationConstants { return false; } + public static boolean isSoapSignWithVerifyEnabled() { + String value = properties.getProperty(SOAP_SIGN_WITH_VERIFY_ENABLED); + if (value != null) { + return value.equals("true"); + + } + return getSoapSignEnabled(); + } + public static boolean getSoapVerifyEnabled() { String value = properties.getProperty(SOAP_VERIFY_ENABLED); if (value != null) { diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/ws/PDFASSigningImpl.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/ws/PDFASSigningImpl.java index 2c248059..dce3e34c 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/ws/PDFASSigningImpl.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/ws/PDFASSigningImpl.java @@ -455,67 +455,80 @@ public class PDFASSigningImpl implements PDFASSigning { @SneakyThrows private void validatePdfSignature(SignedDocument el, PdfasSignRequest request, StatisticEvent statisticEvent) { - - Map<String, String> preProcessor = null; - if (request.getCoreParams().getPreprocessor() != null) { - preProcessor = request.getCoreParams().getPreprocessor(); - - } - - VerifyResult verifyResult = null; - if (request.getVerificationLevel() != null && - request.getVerificationLevel().equals( - VerificationLevel.FULL_CERT_PATH)) { - final List<VerifyResult> verResults = PdfAsHelper - .synchronousVerify( - el.getOutputData(), - -1, - SignatureVerificationLevel.FULL_VERIFICATION, - preProcessor); - - if (verResults.size() < 1) { - throw new WebServiceException( - "Document verification failed! " + verResults.size()); + + if (WebConfiguration.isSoapSignWithVerifyEnabled()) { + Map<String, String> preProcessor = null; + if (request.getCoreParams().getPreprocessor() != null) { + preProcessor = request.getCoreParams().getPreprocessor(); + } - verifyResult = verResults.get(verResults.size() - 1); - } else { - final List<VerifyResult> verResults = PdfAsHelper - .synchronousVerify( - el.getOutputData(), - -1, - SignatureVerificationLevel.INTEGRITY_ONLY_VERIFICATION, - preProcessor); - - if (verResults.size() < 1) { - throw new WebServiceException( - "Document verification failed! " + verResults.size()); + + VerifyResult verifyResult = null; + if (request.getVerificationLevel() != null && + request.getVerificationLevel().equals( + VerificationLevel.FULL_CERT_PATH)) { + final List<VerifyResult> verResults = PdfAsHelper + .synchronousVerify( + el.getOutputData(), + -1, + SignatureVerificationLevel.FULL_VERIFICATION, + preProcessor); + + if (verResults.size() < 1) { + throw new WebServiceException( + "Document verification failed! " + verResults.size()); + } + verifyResult = verResults.get(verResults.size() - 1); + } else { + final List<VerifyResult> verResults = PdfAsHelper + .synchronousVerify( + el.getOutputData(), + -1, + SignatureVerificationLevel.INTEGRITY_ONLY_VERIFICATION, + preProcessor); + + if (verResults.size() < 1) { + throw new WebServiceException( + "Document verification failed! " + verResults.size()); + } + + verifyResult = verResults.get(verResults.size() - 1); + } + + if (verifyResult.getValueCheckCode().getCode() == 0) { + statisticEvent.setStatus(Status.OK); + statisticEvent.setEndNow(); + statisticEvent.setTimestampNow(); + statisticEvent.setFilesize(el.getOutputData().length); + StatisticFrontend.getInstance().storeEvent(statisticEvent); + statisticEvent.setLogged(true); + + } else { + statisticEvent.setStatus(Status.ERROR); + statisticEvent.setErrorCode(verifyResult.getValueCheckCode().getCode()); + statisticEvent.setEndNow(); + statisticEvent.setTimestampNow(); + statisticEvent.setFilesize(el.getOutputData().length); + StatisticFrontend.getInstance().storeEvent(statisticEvent); + statisticEvent.setLogged(true); + } + + el.getVerificationResponse().setCertificateCode( + verifyResult.getCertificateCheck().getCode()); + el.getVerificationResponse().setValueCode( + verifyResult.getValueCheckCode().getCode()); - verifyResult = verResults.get(verResults.size() - 1); - - } - - if (verifyResult.getValueCheckCode().getCode() == 0) { - statisticEvent.setStatus(Status.OK); - statisticEvent.setEndNow(); - statisticEvent.setTimestampNow(); - statisticEvent.setFilesize(el.getOutputData().length); - StatisticFrontend.getInstance().storeEvent(statisticEvent); - statisticEvent.setLogged(true); } else { - statisticEvent.setStatus(Status.ERROR); - statisticEvent.setErrorCode(verifyResult.getValueCheckCode().getCode()); + log.debug("Implicite signature-verification skipped by configuration"); + statisticEvent.setStatus(Status.OK); statisticEvent.setEndNow(); statisticEvent.setTimestampNow(); statisticEvent.setFilesize(el.getOutputData().length); StatisticFrontend.getInstance().storeEvent(statisticEvent); statisticEvent.setLogged(true); + } - - el.getVerificationResponse().setCertificateCode( - verifyResult.getCertificateCheck().getCode()); - el.getVerificationResponse().setValueCode( - verifyResult.getValueCheckCode().getCode()); - + } } |