From cf01ed53c99960c88483ae9a000b2284421f281b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 10 Dec 2019 08:52:24 +0100 Subject: add assembly plugin to build release packages --- LICENSES.txt | 18 +++ basicConfig/default_config.properties | 1 + connector/pom.xml | 22 ++++ connector/src/assembly/assembly_dir.xml | 49 ++++++++ connector/src/assembly/assembly_zip.xml | 49 ++++++++ infos/readme_1.0.3-snapshot.txt | 22 ++++ infos/readme_1.1.txt | 36 ++++++ licenses/IAIK-LICENSE.txt | 108 +++++++++++++++++ licenses/SIC_LICENSE.txt | 197 ++++++++++++++++++++++++++++++++ licenses/eupl_v1.2_en.pdf | Bin 0 -> 340835 bytes pom.xml | 32 +++++- 11 files changed, 533 insertions(+), 1 deletion(-) create mode 100644 LICENSES.txt create mode 100644 connector/src/assembly/assembly_dir.xml create mode 100644 connector/src/assembly/assembly_zip.xml create mode 100644 infos/readme_1.0.3-snapshot.txt create mode 100644 infos/readme_1.1.txt create mode 100644 licenses/IAIK-LICENSE.txt create mode 100644 licenses/SIC_LICENSE.txt create mode 100644 licenses/eupl_v1.2_en.pdf diff --git a/LICENSES.txt b/LICENSES.txt new file mode 100644 index 00000000..f8fb488a --- /dev/null +++ b/LICENSES.txt @@ -0,0 +1,18 @@ +Copyright 2018 A-SIT Plus GmbH +AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, +A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + +Licensed under the EUPL, Version 1.2 or - as soon they will be approved by +the European Commission - subsequent versions of the EUPL (the "Licence"); +You may not use this work except in compliance with the Licence. +You may obtain a copy of the Licence at: +https://joinup.ec.europa.eu/news/understanding-eupl-v12 + +Unless required by applicable law or agreed to in writing, software +distributed under the Licence is distributed on an "AS IS" basis, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the Licence for the specific language governing permissions and +limitations under the Licence. + +This product includes software developed by third parties +and provided under an open source license (www.opensource.org). \ No newline at end of file diff --git a/basicConfig/default_config.properties b/basicConfig/default_config.properties index 6e547b4a..81ce2f6a 100644 --- a/basicConfig/default_config.properties +++ b/basicConfig/default_config.properties @@ -17,6 +17,7 @@ eidas.ms.revisionlog.logIPAddressOfUser=true eidas.ms.webcontent.static.directory=webcontent/ eidas.ms.webcontent.templates=templates/ eidas.ms.webcontent.properties=properties/messages +eidas.ms.webcontent.templates.countryselection=countrySelection_example.html ## extended validation of pending-request Id's eidas.ms.core.pendingrequestid.maxlifetime=300 diff --git a/connector/pom.xml b/connector/pom.xml index af1d5947..52addf4d 100644 --- a/connector/pom.xml +++ b/connector/pom.xml @@ -134,6 +134,28 @@ + + org.apache.maven.plugins + maven-assembly-plugin + + + src/assembly/assembly_dir.xml + src/assembly/assembly_zip.xml + + ${project.artifactId}-${project.version} + ${project.parent.build.directory} + + + + make-assembly + package + + single + + + + + diff --git a/connector/src/assembly/assembly_dir.xml b/connector/src/assembly/assembly_dir.xml new file mode 100644 index 00000000..cba3ed24 --- /dev/null +++ b/connector/src/assembly/assembly_dir.xml @@ -0,0 +1,49 @@ + + + dir + + dir + + false + + + ${project.build.directory}/${project.build.finalName}.war + ./ + + + + + ${project.parent.basedir} + ./ + + LICENSES.txt + + true + + + ${project.parent.basedir}/licenses + ./licenses + + + ${project.build.directory}/thirdparty_licenses + ./licenses + + + ${project.parent.basedir}/basicConfig/ + ./config + + **/extconfig/** + + + + ${project.parent.basedir}/infos/ + ./infos + + + readme_${project.version}.txt + + + + diff --git a/connector/src/assembly/assembly_zip.xml b/connector/src/assembly/assembly_zip.xml new file mode 100644 index 00000000..579da2e1 --- /dev/null +++ b/connector/src/assembly/assembly_zip.xml @@ -0,0 +1,49 @@ + + + dist + + zip + + false + + + ${project.build.directory}/${project.build.finalName}.war + ./ + + + + + ${project.parent.basedir} + ./ + + LICENSES.txt + + true + + + ${project.parent.basedir}/licenses + ./licenses + + + ${project.build.directory}/thirdparty_licenses + ./licenses + + + ${project.parent.basedir}/basicConfig/ + ./config + + **/extconfig/** + + + + ${project.parent.basedir}/infos/ + ./infos + + + readme_${project.version}.txt + + + + diff --git a/infos/readme_1.0.3-snapshot.txt b/infos/readme_1.0.3-snapshot.txt new file mode 100644 index 00000000..b0b255af --- /dev/null +++ b/infos/readme_1.0.3-snapshot.txt @@ -0,0 +1,22 @@ +MS-Connector v1.0.2 Release vom 11.09.2019 + +Dieses Release erlaubt die Konfiguration eines mindest LoA, welche für Requests +an eIDAS Proxy-Services verwendet wird. + +MS-Connector v1.0.2: + - Der MS-Connector v1.0.2 umfasst eine Anpassung bezüglich des erforderlichen + LoA am eIDAS Proxy-Service. Ab dieser Version ist es möglich einen mindest LoA + am MS-Connector zu konfigurieren, welcher auf jeden Fall am eIDAS Proxy-Service + requested wird. + + - Mit diesem Update ergibt sich eine optionale Anpassungen an der Konfiguration: + - Das Property "eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum" + (z.B. eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high ) + definiert das erforderliche mindest LoA. Als Defaultwert ist LoA 'high' hinterlegt, falls + der Konfigurationsparameter nicht vorhanden ist. + + - Der Releasebuild für die Version v1.0.2 befindet sich unter $RELEASEPACKAGE/ms_connector-1.0.2.war + + + + \ No newline at end of file diff --git a/infos/readme_1.1.txt b/infos/readme_1.1.txt new file mode 100644 index 00000000..cfbe8c6f --- /dev/null +++ b/infos/readme_1.1.txt @@ -0,0 +1,36 @@ +MS-Connector v1.1.0 Release vom 13.12.2019 + +Der Releasebuild für die Version v1.1.0 befindet sich unter "$RELEASEPACKAGE/ms_connector-1.1.0.war" + + +Mit dieser Version ergeben sich folgende funktionale Änderungen: + - Mindest LoA, welche für Requests an eIDAS Proxy-Services verwendet wird. + - ... + + +Configurationsanpassungen: + Eine vollständige Beispielkonfiguration befindet sich im Verzeichnis + "$RELEASEPACKAGE/config". Nachfolgend eine kurze Aufstellung der Konfigurations- + änderungen in dieser Version. + + - Erforderlich + - + + - Optiona: + - Das Property "eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum" + (z.B. eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high ) + definiert das erforderliche mindest LoA. Als Defaultwert ist LoA 'high' hinterlegt, falls + der Konfigurationsparameter nicht vorhanden ist. + + - Das Property "eidas.ms.webcontent.templates.countryselection" + (z.B. eidas.ms.webcontent.templates.countryselection=countrySelection_example.html) + definiert das Länderauswahltemplete welches für die Darstellung der Länderauswahl + verwendet werden soll. Als Defaultparameter ist 'countrySelection.html' hinterlegt. + + + + + + + + \ No newline at end of file diff --git a/licenses/IAIK-LICENSE.txt b/licenses/IAIK-LICENSE.txt new file mode 100644 index 00000000..4fa412cf --- /dev/null +++ b/licenses/IAIK-LICENSE.txt @@ -0,0 +1,108 @@ +Stiftung SIC License Agreement for "IAIK MOA" + +Valid from December 1st, 2005 + +The Stiftung SIC +Stiftung Secure Information and Communication Technologies +Inffeldgasse16a, A-8010 Graz, Austria, hereafter referred to as "Stiftung SIC", +offers to grant licences for the SOFTWARE defined below according to the following conditions: + +1. DEFINITIONS +For the purpose of this Licence Agreement, the following definitions are valid: + +a. The term "SOFTWARE" refers to the "IAIK MOA" bundle in any +form (object code or other) including documentation. The +SOFTWARE is the sole property of Stiftung SIC and protected by +Austrian, International Copyright Law, e.g. the Revised Berne +Convention, and the US Copyright Act. + +b. "IAIK MOA" is distributed in documentation, manuals, and user +guides, tools - including any revisions, patches and updates +downloaded by the customer. + +c."IAIK MOA Runtime Modules" means the runtime object code +modules provided with, or derived from the SOFTWARE. + +d. "MOA modules" mean the modules for online applications made +available by the Austrian Federal Chancellery and they consist of +MOA-Signature Creation (MOA-SS), MOA-Signature Verification +(MOA-SP) and MOA-Identification (MOA-ID). + +2. GRANTING of LICENCES + +The licensee is granted as specified below: + +o IAIK MOA Runtime License +Stiftung SIC grants the Licensee a non-exclusive, non-transferable runtime licence to use the +"IAIK MOA" modules in the context of unmodified MOA modules. Any attempt to use any parts or +the whole IAIK Crypto Toolkits which come bundled together with the MOA modules for any +purpose other than accessing these MOA modules by applications, including, but not limited to, +the development of applications, the creation of a toolkit, or inclusion in a different toolkit, is not +permitted without additional licenses. These licences are not transferable to contractors or any +other persons, organisations or companies outside the licensee's organisation without making +such persons, organisations or companies explicitly aware of the restrictions of these licenses +and such persons, organisations or companies explicitly agree to observe these restrictions. + +3. LIMITATIONS for all LICENCES: +LICENSEES must not attempt to reverse engineer, decompile, disassemble, reverse, translate or in +any other manner decode the computer programmes in the IAIK libraries in order to derive the +source code there from. + +4. WARRANTY: +Stiftung SIC guarantees that the SOFTWARE is free of any computer virus or other malicious +hidden routines that would intentionally cause damage to or corrupt data, storage media or +equipment. For proving the integrity of the SOFTWARE, Stiftung SIC may calculate a SHA-1 hash +value over the distribution file and publish it on its web site. It is the duty of the licensee to verify this +hash value. If the hash value cannot be verified, Stiftung SIC declines any warranties on that +software, and the licensee should immediately (or within 30 days of delivery at the latest), contact +Stiftung SIC for verification and reshipment. +The SOFTWARE is provided "as is" and except for the declaration and warranty stated in this +section, Stiftung SIC makes no representations, conditions or warranties, either express or implied, +relative to the SOFTWARE or services provided hereunder, including all implied conditions or +warranties of merchantability and fitness for a particular purpose and all conditions with respect to +intellectual property infringement. Stiftung SIC may, but shall not be obliged to, fix errors in any +SOFTWARE. + +5. PROPRIETARY INFORMATION and CONFIDENTIALITY: +The LICENSEE acknowledges that the SOFTWARE remains the property of, and is confidential to, +Stiftung SIC and incorporates trade secrets of Stiftung SIC, and that Stiftung SIC shall have the +exclusive right to any copyrights or patents in respect of the SOFTWARE. The LICENSEE agrees to +maintain the confidentiality of the SOFTWARE. +The LICENSEE further agrees that (with the exception of paragraph 2 above), he shall not make +any disclosure of the SOFTWARE (including copies thereof or methods or concepts utilised therein) +to any person or entity, other than employees of the LICENSEE, to whom such disclosure is +necessary in order to use the SOFTWARE as provided herein. The LICENSEE shall appropriately +notify each employee to whom any such disclosure is made. Such disclosure must be made in +confidence and shall be kept in confidence by the employee in question. +The LICENSEE agrees to use diligent and determined efforts to secure and protect the +SOFTWARE and copies thereof in a manner consistent with their proprietary character and the +maintenance of Licensor's rights therein, and without limitation thereof, to take appropriate action, +by instruction or agreement with its employees who are permitted access to the SOFTWARE or +copies thereof, or otherwise, to satisfy its obligations as hereby stated. + +6. TERMINATION: +Stiftung SIC may terminate this Agreement without prior notice, if the licensee 1. neglects or fails to +perform or observe, or correct a breach of its obligations to Stiftung SIC; 2. goes out of business, +files a bankruptcy petition or has such a petition filed involuntarily against it or becomes insolvent; 3. +develops, sells, licenses or distributes or attempts to develop, sell, license or distribute any software +based on the SOFTWARE which is outside the scope of the limited rights granted herein, to any +third party. In the event of such a termination, the Licensee shall immediately destroy all copies and +ensure that all backup copies are destroyed as well. + +Stiftung SIC may at any time stop granting free licenses of the SOFTWARE in combination with the +MOA modules without prior notice. In this case, all licenses granted until that time remain valid, i.e. +allow the licensee to continue using the SOFTWARE in combination with the unmodified MOA +modules. + +7. LIABILITY: +To the maximum extent allowed by applicable law Stiftung SIC shall not be liable for any damages +whatsoever (including, without limitation, damages for loss of business profits, business interruption, +loss of business information, or other pecuniary loss) arising out of the use of or inability to use the +SOFTWARE, even if Stiftung SIC has been advised of the possibility of such damages. + +8. WAIVER: +Invalidity, on legal grounds, of any term of this Agreement does not render the Agreement as a whole +invalid. + +9. GOVERNING LAW, ARBITRATION: +This Agreement is governed by Austrian law. diff --git a/licenses/SIC_LICENSE.txt b/licenses/SIC_LICENSE.txt new file mode 100644 index 00000000..5452d915 --- /dev/null +++ b/licenses/SIC_LICENSE.txt @@ -0,0 +1,197 @@ +License for Open Source Projects + +Stiftung SIC Java Crypto-Software Development Kit Licence Agreement for +Free Licenses Valid from February 19, 2010, amended May 13, 2011 + +The Stiftung SIC (Stiftung Secure Information and Communication +Technologies, Inffeldgasse16a, A-8010 Graz, Austria / Europe) hereafter +referred to as "Stiftung SIC" offers to grant licences for the SOFTWARE +defined below according to the following conditions: + +1. DEFINITIONS + +a. "LICENSEE" refers to the person, organisation or company, to whom the +licenses are granted under this license agreement. + +b. The term "SOFTWARE" refers to IAIK Java Crypto Software in any form +(source code, object code or other) including documentation. The +SOFTWARE is the sole property of Stiftung SIC and protected by Austrian, +International Copyright Law, e.g. the Revised Berne Convention, and the +US Copyright Act. + +c. "IAIK Java Crypto Software" means either IAIK-JCE, iSaSiLk or any +other Java-based Crypto-Software development kit which usually consists +of source code (if applicable; for source licences only), Java byte code +or any other form of object code. The Software and additional tools are +distributed in documentation, manuals, user guides, sample application +code, tools - including any revisions, patches and updates delivered or +downloaded by the LICENSEE. + +d. "IAIK Java Crypto Software Runtime Modules" means the runtime object +code modules provided with, or derived from, an IAIK-Java-Crypto +Software Development Kit, which are usually distributed as a +Java-Archive in JAR or ZIP-Format, or in any other format suitable for +use by application programmes or other software. + +e. "IAIK-Crypto Software based Application" means any computer programme +created by the LICENSEE using any of the IAIK-Toolkits, with the +exception of server software, which is considered as a different +category. + +f. "Server software" means IAIK-Crypto Software based applications run +or published on a server (like but not limited to a web server). +Examples for server software are applets, midlets, servlets, CGI-scripts +or software that is run on a server. + +g. "To publish" means that an application is retrievable or accessible +from a certain server, but not installed on another machine. + +h. "DERIVED SOFTWARE" refers to software (excluding any of our SOFTWARE) +in any form (source code, object code or other) that uses the IAIK Java +Crypto Software Runtime Modules. It also includes parts where LICENSEE +acts as a licensor or sub-licensor. + +i. “Open Source Software Development” means development under an +ACCEPTED LICENSE. + +j. "ACCEPTED LICENSE" means the following licenses: + +j1. GPL Version 2, June 1991 (http: //www.fsf.org/licenses/gpl.html). + +j2. European Union Public License (EUPL) Version 1.1, January 2009 +(http://www.osor.eu/eupl) - for distribution under compatible licenses +defined in the licenses above or under any other license, the LICENSEE +needs explicit permission by Stiftung SIC. + +2. GRANTING of LICENCES Stiftung SIC grants free licenses of the +SOFTWARE for development of free of charge open source software. The +SOFTWARE may be distributed bundled with the free of charge open source +software in binary form only. The type of open source development is +generally unrestricted; the only exception is a product that contains or +is an API or a service of which most of the functionality is provided by +the SOFTWARE. The derived product must not offer features that are +similar to that of the SOFTWARE. This means, this license does not allow +developing a product that contains or is a wrapper around the SOFTWARE. + +The LICENSEE and his licensees are granted a non-exclusive, +non-transferable license to run and redistribute the IAIK Java Crypto +Software Runtime Modules in unmodified, binary form under the following +conditions. + + * The LICENSEE and his licensees are not permitted to charge any + royalties or fees for DERIVED SOFTWARE. + + * The LICENSEE of "IAIK Java Crypto Software Runtime Modules", has to + make the source code of his product publicly available under an + ACCEPTED LICENSE. + + * The LICENSEE is further hereby obliged and authorized to bind his + licensees to all these conditions. + +If LICENSEE licenses DERIVED SOFTWARE under any other free software +licensing scheme that is similar to an ACCEPTED LICENSE, it may be +possible to grant a free license. Stiftung SIC will decide on this +individually after inspecting the intended use and license conditions. + +This free license shall NOT be construed or otherwise interpreted as any +kind of express or implied representation that this SOFTWARE is +licensable under an ACCEPTED LICENSE or any free license other than the +one laid out in this document. + +3. LIMITATIONS for all LICENCES: LICENSEES must not attempt to reverse +engineer, decompile, disassemble, reverse, translate or in any other +manner decode the computer programmes in the IAIK-Toolkit in order to +derive the source code there from. + +ATTENTION: THIS LICENSE AGREEMENT DOES NOT INCLUDE LICENSING OF THE +INCLUDED ALGORITHMS, when appropriate. Please see +http://jce.iaik.tugraz.at/sic/sales/patent_issues_algorithms for a +summary of the licence/patent status situation of algorithms used in +IAIK-JCE. It is the sole responsibility of LICENSEES to ensure the +legality of using the IAIK-Crypto software in their countries. Stiftung +SIC declares that to the best of its knowledge all parts of the +IAIK-Toolkits have been developed by Austrian citizens, except for the +HTTP implementation (w3c_http.jar) delivered with the iSaSiLk +distribution and free third party libraries (like Apache Xalan or +Xerces) that may be delivered with the toolkits for convenience. The +implementation of the Camellia cipher algorithm core has been provided +by NTT (Nippon Telegraph and Telephone Corporation) under BSD licence +terms +(see http://jce.iaik.tugraz.at/sic/sales/patent_issues_algorithms). + +4. TERMS of LICENSE: Free licenses for development of free of charge +open source software under ACCEPTED LICENSES are perpetual. Stiftung SIC +has no obligation to continue making free updates or new versions +available for LICENSEE + +5. DELIVERY: Free licenses are made available by download only. + +6. WARRANTY: Stiftung SIC guarantees that the SOFTWARE is free of any +computer virus or other malicious hidden routines that would +intentionally cause damage to or corrupt data, storage media or +equipment. + +The SOFTWARE is provided "as is" and except for the declaration and +warranty stated in this Section, Stiftung SIC makes no representations, +conditions or warranties, either express or implied, relative to the +IAIK-Toolkit or services provided hereunder, including all implied +conditions or warranties of merchantability and fitness for a particular +purpose and all conditions with respect to intellectual property +infringement. + +7. PROPRIETARY INFORMATION and CONFIDENTIALITY: The LICENSEE +acknowledges that the SOFTWARE remains the property of, and is +confidential to, Stiftung SIC and incorporates trade secrets of Stiftung +SIC, and that Stiftung SIC shall have the exclusive right to any +copyrights or patents in respect of the SOFTWARE. The LICENSEE agrees to +maintain the confidentiality of the SOFTWARE. The LICENSEE further +agrees that (with the exception of paragraph 2 above), he shall not make +any disclosure of the SOFTWARE (including copies thereof or methods or +concepts utilised therein) to any person or entity, other than employees +of the LICENSEE, to whom such disclosure is necessary in order to use +the SOFTWARE as provided herein. The LICENSEE shall appropriately notify +each employee to whom any such disclosure is made. Such disclosure must +be made in confidence and shall be kept in confidence by the employee in +question. The LICENSEE agrees to use diligent and determined efforts to +secure and protect the SOFTWARE and copies thereof in a manner +consistent with their proprietary character and the maintenance of +LICENSOR`s rights therein, and without limitation thereof, to take +appropriate action, by instruction or agreement with its employees who +are permitted access to the SOFTWARE or copies thereof, or otherwise, to +satisfy its obligations as hereby stated. + +8. TERMINATION: Stiftung SIC may terminate this Agreement without prior +notice, if the LICENSEE 1. neglects or fails to perform or observe, or +correct a breach of its obligations to Stiftung SIC; 2. goes out of +business, files a bankruptcy petition or has such a petition filed +involuntarily against it or becomes insolvent; 3. develops, sells, +licenses or distributes or attempts to develop, sell, license or +distribute any software based on the IAIK-Toolkit which is outside the +scope of the limited rights granted herein, to any third party. In the +event of such a termination, the LICENSEE shall immediately delete all +electronic versions from his systems and ensure that all backup copies +are destroyed as well. + +9. LIABILITY: To the maximum extent allowed by applicable law Stiftung +SIC shall not be liable for any damages whatsoever (including, without +limitation, damages for loss of business profits, business interruption, +loss of business information, or other pecuniary loss) arising out of +the use of or inability to use the IAIK-Toolkit, even if Stiftung SIC +has been advised of the possibility of such damages. + +10. EXPORT RESTRICTIONS: In some countries, the IAIK-Toolkits may be +subject to export and import restrictions. Their re-export may require +the approval of the competent authorities. The LICENSEE shall be liable +for the observance of any control regulation and explicitly agrees to +hold Stiftung SIC fully harmless. + +11. WAIVER: Invalidity, on legal grounds, of any term of this Agreement +does not render the Agreement as a whole invalid. + +12. SURVIVAL: Irrespective of expiration or termination of this +Agreement, the provisions of Articles 2, 4, and 8 shall survive the +termination or the expiry of this Agreement. + +13. GOVERNING LAW, ARBITRATION: This Agreement is governed by Austrian +law. + diff --git a/licenses/eupl_v1.2_en.pdf b/licenses/eupl_v1.2_en.pdf new file mode 100644 index 00000000..b3abd455 Binary files /dev/null and b/licenses/eupl_v1.2_en.pdf differ diff --git a/pom.xml b/pom.xml index ee85e79a..042fe2e7 100644 --- a/pom.xml +++ b/pom.xml @@ -44,6 +44,11 @@ ${project.build.directory}/thirdparty_licenses https://apps.egiz.gv.at/checkstyle/egiz_pmd_checks.xml + + + 1.20 + 3.2.0 + @@ -273,9 +278,34 @@ 2.7 + + org.apache.maven.plugins + maven-assembly-plugin + ${maven-assembly-plugin.version} + + + + org.codehaus.mojo + license-maven-plugin + ${license-maven-plugin} + + + download-licenses + prepare-package + + add-third-party + + + + + test + iaik.*|MOA.spss.* + + + @@ -384,7 +414,7 @@ ${pmw_rules_location} - target/generated/cxf + target/generated/cxf -- cgit v1.2.3