From 0b46b0b5cbdbdcf11859365891cff57e227eff1c Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Fri, 20 Mar 2015 13:55:15 +0100 Subject: added KeyIdentifier selection for MOA via PDF-AS-WEB --- .../src/main/configuration/pdf-as-web.properties | 18 +++++++++ .../gv/egiz/pdfas/web/config/WebConfiguration.java | 27 +++++++++++++ .../at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 44 ++++++++++++++++++++-- 3 files changed, 86 insertions(+), 3 deletions(-) (limited to 'pdf-as-web/src/main') diff --git a/pdf-as-web/src/main/configuration/pdf-as-web.properties b/pdf-as-web/src/main/configuration/pdf-as-web.properties index 8cf5f815..f6b7ddd8 100644 --- a/pdf-as-web/src/main/configuration/pdf-as-web.properties +++ b/pdf-as-web/src/main/configuration/pdf-as-web.properties @@ -16,6 +16,24 @@ ks.pass=123456 ks.key.alias=ecc_test ks.key.pass=123456 +## KeyStore List +# Entries are addressable via KeyIdentifier +# Example Entry with address "test" +ksl.test.enabled=true +ksl.test.file=test1.p12 +ksl.test.type=PKCS12 +ksl.test.pass=123456 +ksl.test.key.alias=test1 +ksl.test.key.pass=123456 + +## Moa List +# Entries are addressable via KeyIdentifier +# Example Entry with address "test" +moal.test.enabled=true +moal.test.url=http://localhost:8080/moa-spss/services/SignatureCreation +moal.test.KeyIdentifier=KG_ECC_TEST +moal.test.Certificate=KG_ECC_TEST.crt + #Enable SOAP Service soap.sign.enabled=true diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java index 8404fa65..0e6f2c67 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java @@ -55,6 +55,11 @@ public class WebConfiguration implements IConfigurationConstants { public static final String RELOAD_PASSWORD = "reload.pwd"; public static final String RELOAD_ENABLED = "reload.enabled"; + public static final String MOA_LIST = "moal"; + public static final String MOA_URL = "url"; + public static final String MOA_KEYID = "KeyIdentifier"; + public static final String MOA_CERT = "Certificate"; + public static final String KEYSTORE_LIST = "ksl"; public static final String KEYSTORE_DEFAULT = "ks"; @@ -233,6 +238,28 @@ public class WebConfiguration implements IConfigurationConstants { return properties.getProperty(KEYSTORE_DEFAULT_KEY_PASS); } + public static boolean isMoaEnabled(String keyIdentifier) { + String value = properties.getProperty(MOA_LIST + "." + keyIdentifier + ".enabled"); + if (value != null) { + if (value.equals("true")) { + return true; + } + } + return false; + } + + public static String getMoaURL(String keyIdentifier) { + return properties.getProperty(MOA_LIST + "." + keyIdentifier + "." + MOA_URL); + } + + public static String getMoaKeyID(String keyIdentifier) { + return properties.getProperty(MOA_LIST + "." + keyIdentifier + "." + MOA_KEYID); + } + + public static String getMoaCertificate(String keyIdentifier) { + return properties.getProperty(MOA_LIST + "." + keyIdentifier + "." + MOA_CERT); + } + public static String getKeystoreFile(String keyIdentifier) { return properties.getProperty(KEYSTORE_LIST + "." + keyIdentifier + "." + KEYSTORE_FILE); } diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 2e337f04..b1dd3831 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -61,6 +61,7 @@ import at.gv.egiz.pdfas.api.ws.PDFASVerificationResponse; import at.gv.egiz.pdfas.common.exceptions.PDFASError; import at.gv.egiz.pdfas.lib.api.ByteArrayDataSource; import at.gv.egiz.pdfas.lib.api.Configuration; +import at.gv.egiz.pdfas.lib.api.IConfigurationConstants; import at.gv.egiz.pdfas.lib.api.PdfAs; import at.gv.egiz.pdfas.lib.api.PdfAsFactory; import at.gv.egiz.pdfas.lib.api.StatusRequest; @@ -375,6 +376,27 @@ public class PdfAsHelper { IPlainSigner signer; if (connector.equals("moa")) { + + String keyIdentifier = PdfAsParameterExtractor.getKeyIdentifier(request); + + if (keyIdentifier != null) { + if(!WebConfiguration.isMoaEnabled(keyIdentifier)) { + throw new PdfAsWebException("MOA connector [" + keyIdentifier + "] disabled or not existing."); + } + + String url = WebConfiguration.getMoaURL(keyIdentifier); + String keyId = WebConfiguration.getMoaKeyID(keyIdentifier); + String certificate = WebConfiguration.getMoaCertificate(keyIdentifier); + + config.setValue(IConfigurationConstants.MOA_SIGN_URL, url); + config.setValue(IConfigurationConstants.MOA_SIGN_KEY_ID, keyId); + config.setValue(IConfigurationConstants.MOA_SIGN_CERTIFICATE, certificate); + } else { + if (!WebConfiguration.getMOASSEnabled()) { + throw new PdfAsWebException("MOA connector disabled."); + } + } + signer = new PAdESSigner(new MOAConnector(config)); } else if (connector.equals("jks")) { @@ -491,10 +513,26 @@ public class PdfAsHelper { IPlainSigner signer; if (params.getConnector().equals(Connector.MOA)) { - if (!WebConfiguration.getMOASSEnabled()) { - throw new PdfAsWebException("MOA connector disabled."); - } + String keyIdentifier = params.getKeyIdentifier(); + if (keyIdentifier != null) { + if(!WebConfiguration.isMoaEnabled(keyIdentifier)) { + throw new PdfAsWebException("MOA connector [" + keyIdentifier + "] disabled or not existing."); + } + + String url = WebConfiguration.getMoaURL(keyIdentifier); + String keyId = WebConfiguration.getMoaKeyID(keyIdentifier); + String certificate = WebConfiguration.getMoaCertificate(keyIdentifier); + + config.setValue(IConfigurationConstants.MOA_SIGN_URL, url); + config.setValue(IConfigurationConstants.MOA_SIGN_KEY_ID, keyId); + config.setValue(IConfigurationConstants.MOA_SIGN_CERTIFICATE, certificate); + } else { + if (!WebConfiguration.getMOASSEnabled()) { + throw new PdfAsWebException("MOA connector disabled."); + } + } + signer = new PAdESSigner(new MOAConnector(config)); } else if (params.getConnector().equals(Connector.JKS)) { String keyIdentifier = params.getKeyIdentifier(); -- cgit v1.2.3