aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorkstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>2012-02-14 13:44:52 +0000
committerkstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>2012-02-14 13:44:52 +0000
commit5d5eaaa2580163023dbc8f2336c5e996e0bcbad0 (patch)
treeae1381255198fd1cb225387370f93874c30279c6
parent94eeead3b212889231ef633c4a721bba6993d8af (diff)
downloadmoa-id-spss-5d5eaaa2580163023dbc8f2336c5e996e0bcbad0.tar.gz
moa-id-spss-5d5eaaa2580163023dbc8f2336c5e996e0bcbad0.tar.bz2
moa-id-spss-5d5eaaa2580163023dbc8f2336c5e996e0bcbad0.zip
* Update DOMUtils
* Update MOA-SPSS Konfiguration Dokumentation * Update Resolver git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1240 d688527b-c9ab-4aba-bd8d-4036d912da1d
-rw-r--r--common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java68
-rw-r--r--common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.1.xsd2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java2
-rw-r--r--spss/handbook/conf/moa-spss/sp.minimum.config.xml14
-rw-r--r--spss/handbook/handbook/config/MOA-SPSS-config-1.5.1.xsd (renamed from spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd)22
-rw-r--r--spss/handbook/handbook/config/config.html37
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java2
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java1
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java4
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java27
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java1
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java13
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java16
-rw-r--r--spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties2
15 files changed, 177 insertions, 36 deletions
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index a3416d44a..102d3a31f 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -535,6 +535,74 @@ public class DOMUtils {
return true;
}
+
+ /**
+ * Schema validate a given DOM element.
+ *
+ * @param element The element to validate.
+ * @param externalSchemaLocations A <code>String</code> containing namespace
+ * URI to schema location pairs, the same way it is accepted by the <code>xsi:
+ * schemaLocation</code> attribute.
+ * @param externalNoNamespaceSchemaLocation The schema location of the
+ * schema for elements without a namespace, the same way it is accepted by the
+ * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+ * @return <code>true</code>, if the <code>element</code> validates against
+ * the schemas declared in it.
+ * @throws SAXException An error occurred parsing the document.
+ * @throws IOException An error occurred reading the document from its
+ * serialized representation.
+ * @throws ParserConfigurationException An error occurred configuring the XML
+ * @throws TransformerException An error occurred serializing the element.
+ */
+ public static boolean validateElement(
+ Element element,
+ String externalSchemaLocations,
+ String externalNoNamespaceSchemaLocation,
+ EntityResolver entityResolver)
+ throws
+ ParserConfigurationException,
+ IOException,
+ SAXException,
+ TransformerException {
+
+ byte[] docBytes;
+ SAXParser parser;
+
+ // create the SAX parser
+ if (symbolTable != null) {
+ parser = new SAXParser(symbolTable, grammarPool);
+ } else {
+ parser = new SAXParser();
+ }
+
+ // serialize the document
+ docBytes = serializeNode(element, "UTF-8");
+
+ // set up parser features and attributes
+ parser.setFeature(NAMESPACES_FEATURE, true);
+ parser.setFeature(VALIDATION_FEATURE, true);
+ parser.setFeature(SCHEMA_VALIDATION_FEATURE, true);
+
+ if (externalSchemaLocations != null) {
+ parser.setProperty(
+ EXTERNAL_SCHEMA_LOCATION_PROPERTY,
+ externalSchemaLocations);
+ }
+ if (externalNoNamespaceSchemaLocation != null) {
+ parser.setProperty(
+ EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY,
+ "externalNoNamespaceSchemaLocation");
+ }
+
+ // set up entity resolver and error handler
+ parser.setEntityResolver(entityResolver);
+ parser.setErrorHandler(new MOAErrorHandler());
+
+ // parse validating
+ parser.parse(new InputSource(new ByteArrayInputStream(docBytes)));
+ return true;
+ }
+
/**
* Serialize the given DOM node.
*
diff --git a/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.1.xsd b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.1.xsd
index d91f8f46e..01cd7c426 100644
--- a/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.1.xsd
+++ b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.1.xsd
@@ -25,7 +25,7 @@
<xs:element name="BlackListUri">
<xs:complexType>
<xs:sequence>
- <xs:element name="Host" type="xs:anyURI"/>
+ <xs:element name="IP" type="xs:string"/>
<xs:element name="Port" type="xs:int" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index cc283b8ac..90282a28c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -133,7 +133,7 @@ public class VerifyXMLSignatureResponseValidator {
catch (RFC2253NameParserException e) {
throw new ValidateException("validator.17", null);
}
- System.out.println("subjectDN: " + subjectDN);
+ //System.out.println("subjectDN: " + subjectDN);
// check the authorisation to sign the identity link
if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) {
// subject DN check failed, try OID check:
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java
index c152d815b..74b18a662 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java
@@ -192,7 +192,7 @@ public class InOrderServletRequestWrapper extends HttpServletRequestWrapper {
}
catch (IOException e)
{
- System.out.println("Exception =" + e);
+ //System.out.println("Exception =" + e);
return null;
}
diff --git a/spss/handbook/conf/moa-spss/sp.minimum.config.xml b/spss/handbook/conf/moa-spss/sp.minimum.config.xml
index 572df10d6..6673d4308 100644
--- a/spss/handbook/conf/moa-spss/sp.minimum.config.xml
+++ b/spss/handbook/conf/moa-spss/sp.minimum.config.xml
@@ -1,6 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--MOA SP 1.5 Configuration File-->
<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<!-- Aus Sicherheitsgründen ist das Auflösen von externen URIs und localhost defaultmäßig deaktiviert -->
+<!-- Siehe auch MOA-SPSS Dokumentation - Konfiguration Abschnitt 2.1.2 Auflösen externer URIs -->
+<!-- Mittels cfg:PermitExternalUris kann das Auflösen externe URIs (optional mit Angabe einer Blacklist) aktiviert werden. -->
+<!-- Empfehlung: Bei aktiviertem Auflösen von externen URIs sollten sowohl localhost als auch der gesamte Intranetbereich in die Blacklist eingetragen werden. -->
+<!-- <cfg:Common>
+ <cfg:PermitExternalUris>
+ <cfg:BlackListUri>
+ <cfg:Host>192.168</cfg:Host>
+ </cfg:BlackListUri>
+ <cfg:BlackListUri>
+ <cfg:Host>127.0</cfg:Host>
+ </cfg:BlackListUri>
+ </cfg:PermitExternalUris>
+ </cfg:Common>-->
<cfg:SignatureVerification>
<cfg:CertificateValidation>
<cfg:PathConstruction>
diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-1.5.1.xsd
index ce1dd3747..01cd7c426 100644
--- a/spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd
+++ b/spss/handbook/handbook/config/MOA-SPSS-config-1.5.1.xsd
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- MOA SP/SS 1.4.7 Configuration Schema
+ MOA SP/SS 1.5.1 Configuration Schema
-->
-<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+<xs:schema xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified">
<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
<xs:element name="MOAConfiguration">
<xs:complexType>
@@ -19,6 +19,20 @@
</xs:sequence>
</xs:complexType>
</xs:element>
+ <xs:element name="PermitExternalUris" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence minOccurs="0" maxOccurs="unbounded">
+ <xs:element name="BlackListUri">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="IP" type="xs:string"/>
+ <xs:element name="Port" type="xs:int" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
@@ -138,7 +152,7 @@
<xs:sequence>
<xs:element name="Id" type="xs:token"/>
<xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>
- <xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
+ <xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
@@ -152,7 +166,7 @@
<xs:element name="MaxRevocationAge" type="xs:integer"/>
<xs:element name="ServiceOrder" minOccurs="0">
<xs:complexType>
- <xs:sequence minOccurs="1" maxOccurs="2">
+ <xs:sequence maxOccurs="2">
<xs:element name="Service">
<xs:simpleType>
<xs:restriction base="xs:token">
diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html
index 7d2ea6b71..d9534e0ef 100644
--- a/spss/handbook/handbook/config/config.html
+++ b/spss/handbook/handbook/config/config.html
@@ -46,6 +46,7 @@
<ol>
<li><a href="#konfigurationsparameter_allgemein">Allgemeines Parameter</a> <ol>
<li><a href="#konfigurationsparameter_allgemein_hardwarecryptomodule">Hardwarebasiertes Kryptographiemodul</a></li>
+ <li><a href="#konfigurationsparameter_allgemein_permitexternaluris">Aufl&ouml;sen externer URIs</a></li>
</ol>
</li>
<li><a href="#konfigurationsparameter_ss">Parameter f&uuml;r MOA SS</a> <ol>
@@ -135,7 +136,7 @@
</tr>
</table>
<h2><a name="übersicht_zentraledatei" id="übersicht_zentraledatei"></a>1.2 Zentrale Konfigurationsdatei</h2>
- <p>Die Konfiguration von MOA SP/SS erfolgt zentral &uuml;ber eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema <a href="./MOA-SPSS-config-1.4.7.xsd">MOA-SPSS-config-1.4.7.xsd</a> entsprechen. <a href="#konfigurationsparameter">Abschnitt 2</a> erl&auml;utert die Konfigurationsm&ouml;glichkeiten im Einzelnen.</p>
+ <p>Die Konfiguration von MOA SP/SS erfolgt zentral &uuml;ber eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema <a href="./MOA-SPSS-config-1.5.1.xsd">MOA-SPSS-config-1.5.1.xsd</a> entsprechen. <a href="#konfigurationsparameter">Abschnitt 2</a> erl&auml;utert die Konfigurationsm&ouml;glichkeiten im Einzelnen.</p>
<h3><a name="&uuml;bersicht_zentraledatei_aktualisierung" id="&uuml;bersicht_zentraledatei_aktualisierung"></a>1.2.1
Aktualisierung auf das Format von MOA SP/SS 1.3</h3>
<p>Mit dem Wechsel auf Version 1.3 verwendet MOA SP/SS ein neues, &uuml;bersichtlicheres Format f&uuml;r die
@@ -208,7 +209,39 @@
</ul></td>
</tr>
</table>
- <h2><a name="konfigurationsparameter_ss" id="konfigurationsparameter_ss"></a>2.2 Parameter f&uuml;r MOA SS</h2>
+
+ <h3><a name="konfigurationsparameter_allgemein_permitexternaluris" id="konfigurationsparameter_allgemein_permitexternaluris"></a>2.1.2 Aufl&ouml;sen externer URIs</h3>
+ <table class="fixedWidth" border="1" cellpadding="2">
+ <tr>
+ <td>Name</td>
+ <td><code>cfg:Common/cfg:PermitExternalUris</code></td>
+ </tr>
+ <tr>
+ <td> Gebrauch</td>
+ <td>Null mal bis einmal </td>
+ </tr>
+ <tr>
+ <td>Erl&auml;uterung</td>
+ <td><p>Mit diesem Element wird MOA SP bzw. SS mitgeteilt ob das Aufl&ouml;sen externer URIs (inkl. localhost) erlaubt ist. Fehlt dieses Element, so ist das Aufl&ouml;sen externer URIs deaktiviert. Ist dieses Element vorhanden, so ist das Aufl&ouml;sen aller externer URIs aktiviert. Durch einen Blacklist-Mechanismus kann jedoch eingeschr&auml;nkt werden, dass bestimmte URIs, die sich auf dieser Blacklist befinden, nicht aufgel&ouml;st werden. Diese Blacklist kann in dem folgenden Kindelement angegeben werden:</p>
+ <ul>
+ <li>Element <code>cfg:BlackListUri</code>: Dieses optionale und unbegrenzten Element gibt einen Blacklist-Eintrag an und besteht aus folgenden zwei weiteren Kindelementen:</li>
+ <ul>
+ <li>Element <code>cfg:IP</code>: Dieses Element vom Type <code>xs:string</code> gibt eine IP-Adresse (z.B.: 127.0.0.1) oder einen IP-Adress-Bereich (z.B.: 192.168) an. Bei Angabe einer IP-Adresse werden nur URIs mit exakt dieser IP-Adresse nicht aufgel&ouml;st. Bei Angabe eines IP-Adress-Bereichs werden s&auml;mtliche URIs, die mit diesem IP-Bereich beginnen nicht aufgel&ouml;st (z.B.: alle IPs im Bereich 192.168.0.0 bis 192.168.255.255)</li>
+ <li>Element <code>cfg:Port</code>: Dieses optionale Element vom Typ <code>xs:int</code> legt eine bestimmte Portnummer fest. Ist eine Portnummer angegeben werden alle URIs mit obiger IP-Adresse und dieser Portnummer nicht aufgel&ouml;st.</li>
+ </ul>
+ </ul>
+
+ <p><b>Empfehlung:</b> Bei aktiviertem Aufl&ouml;sen von externen URIs sollten sowohl <em>localhost</em> als auch der <em>gesamte Intranetbereich</em> in die Blacklist eingetragen werden. Hierzu eine beispielhafte Blacklist: </p>
+ <p><code>&lt;cfg:BlackListUri&gt;<br>
+ &lt;cfg:Host&gt;192.168&lt;/cfg:Host&gt;<br>
+ &lt;/cfg:BlackListUri&gt;<br>
+ &lt;cfg:BlackListUri&gt;<br>
+ &lt;cfg:Host&gt;127.0.0.1&lt;/cfg:Host&gt;<br>
+ &lt;/cfg:BlackListUri&gt;</code></p></td>
+ </tr>
+ </table>
+
+<h2><a name="konfigurationsparameter_ss" id="konfigurationsparameter_ss"></a>2.2 Parameter f&uuml;r MOA SS</h2>
<h3><a name="konfigurationsparameter_ss_keymodules" id="konfigurationsparameter_ss_keymodules"></a>2.2.1 Schl&uuml;sselspeicher</h3>
<h4><a name="konfigurationsparameter_ss_keymodules_hardwarekeymodule" id="konfigurationsparameter_ss_keymodules_hardwarekeymodule"></a>2.2.1.1 Hardware-Schl&uuml;sselspeicher</h4>
<table class="fixedWidth" border="1" cellpadding="2">
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 1211b5e94..40416f121 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -408,7 +408,7 @@ public class ConfigurationPartsBuilder {
Element permitExtElem = null;
while ((permitExtElem = (Element) permitExtIter.nextNode()) != null) {
- String host = getElementValue(permitExtElem, CONF + "Host", null);
+ String host = getElementValue(permitExtElem, CONF + "IP", null);
String port = getElementValue(permitExtElem, CONF + "Port", null);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
index 0d100676b..148be664b 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
@@ -72,7 +72,6 @@ import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.EntityResolverChain;
-import at.gv.egovernment.moa.util.MOAEntityResolver;
import at.gv.egovernment.moa.util.MOAErrorHandler;
import at.gv.egovernment.moa.util.StreamEntityResolver;
import at.gv.egovernment.moa.util.StreamUtils;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java
index e09ade231..84172a4d5 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java
@@ -101,7 +101,7 @@ public class ExternalURIResolver {
try {
// create the URL
url = new URL(uriStr);
- System.out.println("ExternalURIResolver: " + url);
+ //System.out.println("ExternalURIResolver: " + url);
ExternalURIVerifier.verify(url.getHost(), url.getPort());
} catch (MalformedURLException e) {
@@ -113,6 +113,8 @@ public class ExternalURIResolver {
connection = url.openConnection();
if ("http".equals(url.getProtocol())) {
HttpURLConnection httpConnection = (HttpURLConnection) connection;
+ // disallow redirects
+ httpConnection.setInstanceFollowRedirects(false);
httpConnection.connect();
if (httpConnection.getResponseCode() != HttpURLConnection.HTTP_OK) {
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
index a088916a9..1bb125c74 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
@@ -29,10 +29,12 @@ import java.io.ByteArrayInputStream;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.util.MOASPSSEntityResolver;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
-
-import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.util.MOAEntityResolver;
+import at.gv.egovernment.moa.util.MOAErrorHandler;
/**
* Helper methods for the Service classes.
@@ -56,7 +58,8 @@ public class ServiceUtils {
DOMUtils.validateElement(
request[0],
Constants.ALL_SCHEMA_LOCATIONS,
- null);
+ null,
+ new MOASPSSEntityResolver());
} catch (Exception e) {
throw new MOAApplicationException(
"1100",
@@ -78,12 +81,18 @@ public class ServiceUtils {
try {
byte[] requestBytes = DOMUtils.serializeNode(request, "UTF-8");
- Document validatedRequest =
- DOMUtils.parseDocument(
- new ByteArrayInputStream(requestBytes),
- true,
- Constants.ALL_SCHEMA_LOCATIONS,
- null);
+ Document validatedRequest = DOMUtils.parseDocument(new ByteArrayInputStream(requestBytes),
+ true,
+ Constants.ALL_SCHEMA_LOCATIONS,
+ null,
+ new MOASPSSEntityResolver(),
+ new MOAErrorHandler());
+
+// DOMUtils.parseDocument(
+// new ByteArrayInputStream(requestBytes),
+// true,
+// Constants.ALL_SCHEMA_LOCATIONS,
+// null);
return validatedRequest.getDocumentElement();
} catch (Exception e) {
throw new MOAApplicationException(
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
index 3304e262f..7a7bb88bb 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
@@ -94,6 +94,7 @@ public class SignatureCreationService {
//since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler.
TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+
// validate the request
reparsedReq = ServiceUtils.reparseRequest(request[0]);//context.getRequest());
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
index 1f1282e66..dafb89f16 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
@@ -5,6 +5,8 @@ import java.net.UnknownHostException;
import java.util.Iterator;
import java.util.List;
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
@@ -13,7 +15,6 @@ public class ExternalURIVerifier {
public static void verify(String host, int port) throws MOAApplicationException {
- System.out.println("ExternalURIVerifier: " + host + ":" + port);
if (host == null)
return;
@@ -39,15 +40,15 @@ public class ExternalURIVerifier {
if (bport == null || port == -1) {
// check only host
if (ip.startsWith(bhost)) {
- System.out.println("Blacklist check: " + host + " (" + ip + ") blacklisted");
+ Logger.debug(new LogMsg("Blacklist check: " + host + " (" + ip + ") blacklisted"));
throw new MOAApplicationException("4002", new Object[]{host + "(" + ip + ")"});
}
}
else {
// check host and port
int iport = new Integer(bport).intValue();
- if (ip.startsWith(bhost) && (iport == port)) {
- System.out.println("Blacklist check: " + host + ":" + port + " (" + ip + ":" + port + " blacklisted");
+ if (ip.startsWith(bhost) && (iport == port)) {
+ Logger.debug(new LogMsg("Blacklist check: " + host + ":" + port + " (" + ip + ":" + port + " blacklisted"));
throw new MOAApplicationException("4002", new Object[]{host + ":" + port + " (" + ip + ":" + port + ")"});
}
@@ -55,11 +56,11 @@ public class ExternalURIVerifier {
}
}
else {
- System.out.println("No external URIs allowed (" + host + ")");
+ Logger.debug(new LogMsg("No external URIs allowed (" + host + ")"));
throw new MOAApplicationException("4001", new Object[]{host});
}
- System.out.println("URI allowed: " + ip + ":" + port);
+ Logger.debug(new LogMsg("URI allowed: " + ip + ":" + port));
} catch (ConfigurationException e) {
throw new MOAApplicationException("config.10", null);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java
index 1f12fb869..b5f72c4ab 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java
@@ -29,6 +29,7 @@ import org.apache.xerces.util.URI;
import org.apache.xerces.util.URI.MalformedURIException;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
@@ -68,12 +69,10 @@ public class MOASPSSEntityResolver implements EntityResolver {
* <code>null</code>, if the entity could not be found.
* @see org.xml.sax.EntityResolver#resolveEntity(java.lang.String, java.lang.String)
*/
- public InputSource resolveEntity(String publicId, String systemId) {
+ public InputSource resolveEntity(String publicId, String systemId) throws SAXException {
InputStream stream;
int slashPos;
- System.out.println("MOASPSSEntityResover: " + publicId + " - " + systemId);
-
if (Logger.isDebugEnabled()) {
Logger.debug(
new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));
@@ -95,21 +94,22 @@ public class MOASPSSEntityResolver implements EntityResolver {
try {
URI uri = new URI(systemId);
systemId = uri.getPath();
- System.out.println("MOASPSSEntityResover: " + uri);
- if (!"file".equals(uri.getScheme()) || "".equals(systemId.trim())) {
+ if ("".equals(systemId.trim())) {
return null;
}
-
+// if (!"file".equals(uri.getScheme()) || "".equals(systemId.trim())) {
+// return null;
+// }
+
ExternalURIVerifier.verify(uri.getHost(), uri.getPort());
} catch (MalformedURIException e) {
return null;
}
catch (MOAApplicationException e) {
- e.printStackTrace();
- return null;
+ throw new SAXException(e);
}
// try to get the resource from the full path
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
index debb70b31..fbd0cd7c2 100644
--- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
+++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
@@ -89,7 +89,7 @@
3203=Signaturumgebung kann nicht geladen werden (Reference="{0}", LocRef-URI="{1}")
4001=Externe URI {0} darf nicht geladen werden (externe URIs generell verboten)
-4002=Externe URI {0} befindet sich auf der Blackliste und darf nicht geladen werden
+4002=Externe URI {0} befindet sich auf der Blacklist und darf nicht geladen werden
4003=IP-Adresse für {0} konnte nicht ermitteln werden