aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-03-20 13:46:11 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-03-20 13:46:11 +0100
commita81cea6b42fcc46ea1f1a6a2e263f1398464c638 (patch)
tree33539395ff60793f57d37ef4df41e80ae84e3c88
parent97535aec057fa529c5e7bb16799e33831c1f5e87 (diff)
parentfa1389bd2c34f5230afccbeb516cbcf7a17ba97f (diff)
downloadmoa-id-spss-a81cea6b42fcc46ea1f1a6a2e263f1398464c638.tar.gz
moa-id-spss-a81cea6b42fcc46ea1f1a6a2e263f1398464c638.tar.bz2
moa-id-spss-a81cea6b42fcc46ea1f1a6a2e263f1398464c638.zip
Merge remote-tracking branch 'remotes/origin/moa_spss_1.5.2' into moa2_0_tlenz
-rw-r--r--common/src/main/java/at/gv/egovernment/moa/util/MiscUtil.java28
-rw-r--r--pom.xml24
-rw-r--r--repository/iaik/iaik_javax_crypto/1.0/iaik_javax_crypto-1.0.pom9
-rw-r--r--repository/iaik/iaik_jce_eval_signed/3.181/iaik_jce_eval_signed-3.181.jarbin890328 -> 921338 bytes
-rw-r--r--repository/iaik/iaik_jce_eval_signed/3.181/iaik_jce_eval_signed-3.181.pom9
-rw-r--r--repository/iaik/iaik_jsse/4.4/iaik_jsse-4.4.pom9
-rw-r--r--repository/iaik/iaik_pki_module/1.0/iaik_pki_module-1.0.pom9
-rw-r--r--repository/iaik/iaik_ssl/4.4/iaik_ssl-4.4.pom9
-rw-r--r--repository/iaik/iaik_tsl/1.0/iaik_tsl-1.0.jarbin0 -> 549794 bytes
-rw-r--r--repository/iaik/iaik_tsl/1.0/iaik_tsl-1.0.pom251
-rw-r--r--repository/iaik/iaik_util/0.23/iaik_util-0.23.jarbin39377 -> 39372 bytes
-rw-r--r--repository/iaik/iaik_util/0.23/iaik_util-0.23.pom9
-rw-r--r--repository/iaik/iaik_xsect_eval/1.1709142/iaik_xsect_eval-1.1709142.pom9
-rw-r--r--repository/iaik/w3c_http/1.0/w3c_http-1.0.pom9
-rw-r--r--spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.resp.xml50
-rw-r--r--spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.xml6
-rw-r--r--spss/handbook/conf/moa-spss/certstore/54A361D38F73772377E15E145772C03EC0197142/F86591A6D86718886A0234B8E54E21AAEA63E24Bbin0 -> 1586 bytes
-rw-r--r--spss/handbook/conf/moa-spss/certstore/CCBA90ED697BA209AB6093FC19FB15B53EE26933/159E42D4A53599389431771D5C936552BB22B084bin0 -> 1576 bytes
-rw-r--r--spss/handbook/conf/moa-spss/certstore/D866A07634012B24DB601087D8B3A9FFEDF5CADB/969A71FDCC5302167A60158828B9E7862DED3B4Dbin0 -> 1580 bytes
-rw-r--r--spss/handbook/conf/moa-spss/certstore/E583DB7202A8D1570A18CD11146B0CBCA438F71A/2A5945E1FC2006BE0D59C3375253C9D3327D197Dbin0 -> 1580 bytes
-rw-r--r--spss/handbook/conf/moa-spss/certstore/FE51079176B9F46204816CABA94824B3B14A3830/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02bin0 -> 1485 bytes
-rw-r--r--spss/handbook/conf/moa-spss/log4j.properties2
-rw-r--r--spss/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml4
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-Enc-05.20130923-20230920.SerNoFCDEE.cerbin0 -> 1580 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cerbin0 -> 1580 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-corporate-05.20130923-20230920.SerNoFCE21.cerbin0 -> 1576 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cerbin0 -> 1485 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cerbin0 -> 1580 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/a-sign-premium-mobile-05.20130923-20230920.SerNoFCDD4.cerbin0 -> 1586 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/secureSignature/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cerbin0 -> 1485 bytes
-rw-r--r--spss/handbook/handbook/config/MOA-SPSS-config-2.0.0.xsd (renamed from spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd)0
-rw-r--r--spss/handbook/handbook/config/config.html2
-rw-r--r--spss/handbook/handbook/index.html2
-rw-r--r--spss/handbook/handbook/install/install.html6
-rw-r--r--spss/handbook/handbook/intro/intro.html2
-rw-r--r--spss/handbook/handbook/spec/MOA-SPSS-1.5.2.pdfbin555449 -> 0 bytes
-rw-r--r--spss/handbook/handbook/spec/MOA-SPSS-2.0.0.pdfbin0 -> 291606 bytes
-rw-r--r--spss/handbook/handbook/spec/MOA-SPSS-2.0.0.wsdl (renamed from spss/handbook/handbook/spec/MOA-SPSS-1.5.2.wsdl)2
-rw-r--r--spss/handbook/handbook/spec/MOA-SPSS-2.0.0.xsd (renamed from spss/handbook/handbook/spec/MOA-SPSS-1.5.2.xsd)0
-rw-r--r--spss/handbook/handbook/usage/usage.html64
-rw-r--r--spss/server/history.txt10
-rw-r--r--spss/server/readme.update.txt16
-rw-r--r--spss/server/serverlib/pom.xml10
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java2
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java147
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java81
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java8
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java1
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java46
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java343
-rw-r--r--spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties1
-rw-r--r--spss/server/serverws/pom.xml19
52 files changed, 951 insertions, 248 deletions
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/MiscUtil.java b/common/src/main/java/at/gv/egovernment/moa/util/MiscUtil.java
index 043baea0e..c2f2c9f47 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/MiscUtil.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/MiscUtil.java
@@ -143,20 +143,20 @@ public class MiscUtil {
return out.toByteArray();
}
- public static Document parseDocument(InputStream inputStream)
- throws IOException {
- try {
- DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory
- .newInstance();
- docBuilderFactory.setNamespaceAware(true);
- DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
- return docBuilder.parse(inputStream);
- } catch (ParserConfigurationException e) {
- throw new IOException(e);
- } catch (SAXException e) {
- throw new IOException(e);
- }
- }
+// public static Document parseDocument(InputStream inputStream)
+// throws IOException {
+// try {
+// DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory
+// .newInstance();
+// docBuilderFactory.setNamespaceAware(true);
+// DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
+// return docBuilder.parse(inputStream);
+// } catch (ParserConfigurationException e) {
+// throw new IOException(e);
+// } catch (SAXException e) {
+// throw new IOException(e);
+// }
+// }
public static String removePrecedingSlash(String path, String slash) {
assertNotEmpty(slash, "Shash");
diff --git a/pom.xml b/pom.xml
index a34b8f662..b1fbefef0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -9,6 +9,7 @@
<properties>
<repositoryPath>${basedir}/repository</repositoryPath>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<profiles>
@@ -23,7 +24,7 @@
<modules>
<module>common</module>
<module>spss</module>
- <module>id</module>
+ <!-- <module>id</module>-->
</modules>
</profile>
</profiles>
@@ -64,12 +65,13 @@
<plugin>
<inherited>false</inherited>
<artifactId>maven-assembly-plugin</artifactId>
- <version>2.4</version>
+ <version>2.2-beta-1</version>
+ <!-- TODO Update Version 2.2-beta-1 for MOA-SPSS -->
<configuration>
<finalName>moa</finalName>
<descriptors>
- <descriptor>id/assembly-auth.xml</descriptor>
- <descriptor>id/assembly-proxy.xml</descriptor>
+ <!-- <descriptor>id/assembly-auth.xml</descriptor>
+ <descriptor>id/assembly-proxy.xml</descriptor>-->
<descriptor>spss/assembly.xml</descriptor>
<descriptor>spss/assembly-lib.xml</descriptor>
</descriptors>
@@ -195,12 +197,12 @@
<version>2.0.0</version>
<scope>compile</scope>
</dependency>
- <dependency>
+ <!-- <dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
<version>2.0-RC2</version>
<scope>compile</scope>
- </dependency>
+ </dependency>-->
<dependency>
<groupId>MOA.spss.server</groupId>
<artifactId>moa-spss-lib</artifactId>
@@ -352,18 +354,18 @@
<!-- TSL -->
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_tsl</artifactId>
<version>1.0</version>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_util</artifactId>
<version>0.23</version>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_xsect</artifactId>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_xsect_eval</artifactId>
<version>1.1709142</version>
</dependency>
<dependency>
@@ -382,7 +384,7 @@
<version>3.7.8-SNAPSHOT</version>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_jsse</artifactId>
<version>4.4</version>
</dependency>
diff --git a/repository/iaik/iaik_javax_crypto/1.0/iaik_javax_crypto-1.0.pom b/repository/iaik/iaik_javax_crypto/1.0/iaik_javax_crypto-1.0.pom
new file mode 100644
index 000000000..b4ff61576
--- /dev/null
+++ b/repository/iaik/iaik_javax_crypto/1.0/iaik_javax_crypto-1.0.pom
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_javax_crypto</artifactId>
+ <version>1.0</version>
+ <description>POM was created from install:install-file</description>
+</project>
diff --git a/repository/iaik/iaik_jce_eval_signed/3.181/iaik_jce_eval_signed-3.181.jar b/repository/iaik/iaik_jce_eval_signed/3.181/iaik_jce_eval_signed-3.181.jar
index 98b5e27a2..932e4310f 100644
--- a/repository/iaik/iaik_jce_eval_signed/3.181/iaik_jce_eval_signed-3.181.jar
+++ b/repository/iaik/iaik_jce_eval_signed/3.181/iaik_jce_eval_signed-3.181.jar
Binary files differ
diff --git a/repository/iaik/iaik_jce_eval_signed/3.181/iaik_jce_eval_signed-3.181.pom b/repository/iaik/iaik_jce_eval_signed/3.181/iaik_jce_eval_signed-3.181.pom
new file mode 100644
index 000000000..9bcbb93a5
--- /dev/null
+++ b/repository/iaik/iaik_jce_eval_signed/3.181/iaik_jce_eval_signed-3.181.pom
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_jce_eval_signed</artifactId>
+ <version>3.181</version>
+ <description>POM was created from install:install-file</description>
+</project>
diff --git a/repository/iaik/iaik_jsse/4.4/iaik_jsse-4.4.pom b/repository/iaik/iaik_jsse/4.4/iaik_jsse-4.4.pom
new file mode 100644
index 000000000..382c12003
--- /dev/null
+++ b/repository/iaik/iaik_jsse/4.4/iaik_jsse-4.4.pom
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_jsse</artifactId>
+ <version>4.4</version>
+ <description>POM was created from install:install-file</description>
+</project>
diff --git a/repository/iaik/iaik_pki_module/1.0/iaik_pki_module-1.0.pom b/repository/iaik/iaik_pki_module/1.0/iaik_pki_module-1.0.pom
new file mode 100644
index 000000000..e78656647
--- /dev/null
+++ b/repository/iaik/iaik_pki_module/1.0/iaik_pki_module-1.0.pom
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_pki_module</artifactId>
+ <version>1.0</version>
+ <description>POM was created from install:install-file</description>
+</project>
diff --git a/repository/iaik/iaik_ssl/4.4/iaik_ssl-4.4.pom b/repository/iaik/iaik_ssl/4.4/iaik_ssl-4.4.pom
new file mode 100644
index 000000000..32c610268
--- /dev/null
+++ b/repository/iaik/iaik_ssl/4.4/iaik_ssl-4.4.pom
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_ssl</artifactId>
+ <version>4.4</version>
+ <description>POM was created from install:install-file</description>
+</project>
diff --git a/repository/iaik/iaik_tsl/1.0/iaik_tsl-1.0.jar b/repository/iaik/iaik_tsl/1.0/iaik_tsl-1.0.jar
new file mode 100644
index 000000000..596ec60ea
--- /dev/null
+++ b/repository/iaik/iaik_tsl/1.0/iaik_tsl-1.0.jar
Binary files differ
diff --git a/repository/iaik/iaik_tsl/1.0/iaik_tsl-1.0.pom b/repository/iaik/iaik_tsl/1.0/iaik_tsl-1.0.pom
new file mode 100644
index 000000000..2ffb92b70
--- /dev/null
+++ b/repository/iaik/iaik_tsl/1.0/iaik_tsl-1.0.pom
@@ -0,0 +1,251 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_tsl</artifactId>
+ <packaging>jar</packaging>
+ <version>1.0</version>
+ <name>TSL_library</name>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+ <endorsed.dir>${project.build.directory}/endorsed</endorsed.dir>
+ </properties>
+
+
+ <build>
+ <resources>
+ <resource>
+ <filtering>true</filtering>
+ <directory>src/main/resources</directory>
+ </resource>
+ </resources>
+
+ <finalName>${project.artifactId}</finalName>
+
+ <plugins>
+ <plugin>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>copy-dependencies</id>
+ <phase>validate</phase>
+ <goals>
+ <goal>copy-dependencies</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${endorsed.dir}</outputDirectory>
+ <excludeTransitive>true</excludeTransitive>
+ <includeArtifactIds>jaxb-api,jaxb-impl</includeArtifactIds>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
+ <plugin>
+ <artifactId>maven-resources-plugin</artifactId>
+ <version>2.5</version>
+ <configuration>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>3.0</version>
+ <configuration>
+ <compilerArguments>
+ <verbose />
+ <endorseddirs>${endorsed.dir}</endorseddirs>
+ </compilerArguments>
+ <source>${java.version}</source>
+ <target>${java.version}</target>
+ <fork>true</fork>
+ <compilerVersion>${java.version}</compilerVersion>
+ <encoding>${project.build.sourceEncoding}</encoding>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <version>1.2</version>
+ <executions>
+ <execution>
+ <id>enforce-versions</id>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <requireJavaVersion>
+ <version>1.5</version>
+ </requireJavaVersion>
+ </rules>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.eclipse.m2e</groupId>
+ <artifactId>lifecycle-mapping</artifactId>
+ <version>1.0.0</version>
+ <configuration>
+ <lifecycleMappingMetadata>
+ <pluginExecutions>
+ <pluginExecution>
+ <pluginExecutionFilter>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <versionRange>[2.0,)</versionRange>
+ <goals>
+ <goal>copy-dependencies</goal>
+ </goals>
+ </pluginExecutionFilter>
+ <action>
+ <ignore />
+ </action>
+ </pluginExecution>
+ </pluginExecutions>
+ </lifecycleMappingMetadata>
+ </configuration>
+ </plugin>
+ </plugins>
+ </pluginManagement>
+ </build>
+
+ <profiles>
+ <profile>
+ <id>profile-for-jdk1.6</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ <jdk>[1.6,)</jdk>
+ </activation>
+ <properties>
+ <java.version>1.6</java.version>
+ <envClassifier>jdk${java.version}</envClassifier>
+ </properties>
+ <build>
+ <finalName>${project.artifactId}-${project.version}-${envClassifier}</finalName>
+ </build>
+ <dependencies>
+ <!-- Requires JAVA 1.6 -->
+ <dependency>
+ <groupId>javax.xml.bind</groupId>
+ <artifactId>jaxb-api</artifactId>
+ <version>2.2.6</version>
+ </dependency>
+ <dependency>
+ <groupId>com.sun.xml.bind</groupId>
+ <artifactId>jaxb-impl</artifactId>
+ <version>2.2.6</version>
+ </dependency>
+
+ </dependencies>
+ </profile>
+ <profile>
+ <id>profile-for-jdk1.5</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ <jdk>(,1.5]</jdk>
+ </activation>
+ <properties>
+ <java.version>1.5</java.version>
+ <envClassifier>jdk${java.version}</envClassifier>
+ </properties>
+ <build>
+ <finalName>${project.artifactId}-${project.version}-${envClassifier}</finalName>
+ </build>
+ <dependencies>
+ <!-- Last Version with JAVA 1.5 -->
+ <dependency>
+ <groupId>javax.xml.bind</groupId>
+ <artifactId>jaxb-api</artifactId>
+ <version>2.2.4</version>
+ </dependency>
+ <dependency>
+ <groupId>com.sun.xml.bind</groupId>
+ <artifactId>jaxb-impl</artifactId>
+ <version>2.2.4-1</version>
+ </dependency>
+ </dependencies>
+ </profile>
+ </profiles>
+
+ <dependencies>
+
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_xsect_eval</artifactId>
+ <version>1.1709142</version>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_ecc_signed</artifactId>
+ <version>2.19</version>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_jce_eval_signed</artifactId>
+ <version>3.181</version>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_pki_module</artifactId>
+ <version>1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_javax_crypto</artifactId>
+ <version>1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_util</artifactId>
+ <!-- <version>0.23 (snapshot 20121011-125127 eval)</version>-->
+ <version>0.23</version>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_jsse</artifactId>
+ <version>4.4</version>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_ssl</artifactId>
+ <version>4.4</version>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>w3c_http</artifactId>
+ <version>1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.xerial</groupId>
+ <artifactId>sqlite-jdbc</artifactId>
+ <version>3.7.2</version>
+ </dependency>
+
+
+ <dependency>
+ <groupId>javax.activation</groupId>
+ <artifactId>activation</artifactId>
+ <version>1.1.1</version>
+ </dependency>
+ <dependency>
+ <groupId>stax</groupId>
+ <artifactId>stax-api</artifactId>
+ <version>1.0.1</version>
+ </dependency>
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.7.1</version>
+ </dependency>
+ </dependencies>
+
+</project> \ No newline at end of file
diff --git a/repository/iaik/iaik_util/0.23/iaik_util-0.23.jar b/repository/iaik/iaik_util/0.23/iaik_util-0.23.jar
index 1bc0cde7c..78370c31e 100644
--- a/repository/iaik/iaik_util/0.23/iaik_util-0.23.jar
+++ b/repository/iaik/iaik_util/0.23/iaik_util-0.23.jar
Binary files differ
diff --git a/repository/iaik/iaik_util/0.23/iaik_util-0.23.pom b/repository/iaik/iaik_util/0.23/iaik_util-0.23.pom
new file mode 100644
index 000000000..75fdc3692
--- /dev/null
+++ b/repository/iaik/iaik_util/0.23/iaik_util-0.23.pom
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_util</artifactId>
+ <version>0.23</version>
+ <description>POM was created from install:install-file</description>
+</project>
diff --git a/repository/iaik/iaik_xsect_eval/1.1709142/iaik_xsect_eval-1.1709142.pom b/repository/iaik/iaik_xsect_eval/1.1709142/iaik_xsect_eval-1.1709142.pom
new file mode 100644
index 000000000..2697348bd
--- /dev/null
+++ b/repository/iaik/iaik_xsect_eval/1.1709142/iaik_xsect_eval-1.1709142.pom
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_xsect_eval</artifactId>
+ <version>1.1709142</version>
+ <description>POM was created from install:install-file</description>
+</project>
diff --git a/repository/iaik/w3c_http/1.0/w3c_http-1.0.pom b/repository/iaik/w3c_http/1.0/w3c_http-1.0.pom
new file mode 100644
index 000000000..81f3e826c
--- /dev/null
+++ b/repository/iaik/w3c_http/1.0/w3c_http-1.0.pom
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>iaik</groupId>
+ <artifactId>w3c_http</artifactId>
+ <version>1.0</version>
+ <description>POM was created from install:install-file</description>
+</project>
diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.resp.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.resp.xml
new file mode 100644
index 000000000..8691c4563
--- /dev/null
+++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.resp.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyXMLSignatureResponse xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <SignerInfo>
+ <dsig:X509Data>
+ <dsig:X509SubjectName>T=DI,serialNumber=847206943023,givenName=Klaus,SN=Stranacher,CN=Klaus Stranacher,C=AT</dsig:X509SubjectName>
+ <dsig:X509IssuerSerial>
+ <dsig:X509IssuerName>CN=a-sign-premium-mobile-03,OU=a-sign-premium-mobile-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>685117</dsig:X509SerialNumber>
+ </dsig:X509IssuerSerial>
+ <dsig:X509Certificate>MIIEtTCCA52gAwIBAgIDCnQ9MA0GCSqGSIb3DQEBBQUAMIGdMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSEwHwYDVQQLDBhhLXNpZ24tcHJl
+bWl1bS1tb2JpbGUtMDMxITAfBgNVBAMMGGEtc2lnbi1wcmVtaXVtLW1vYmlsZS0w
+MzAeFw0xMjAxMTkxMDUwNDRaFw0xNzAxMTkxMDUwNDRaMHExCzAJBgNVBAYTAkFU
+MRkwFwYDVQQDDBBLbGF1cyBTdHJhbmFjaGVyMRMwEQYDVQQEDApTdHJhbmFjaGVy
+MQ4wDAYDVQQqDAVLbGF1czEVMBMGA1UEBRMMODQ3MjA2OTQzMDIzMQswCQYDVQQM
+DAJESTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCl9cWMwe9LaXbcwuLCMRXS6
+KYhou9Fzvo7ScXpwcRn1sbTSjUIIhLUTrqfqO/pnwoKd87PmNcGUFoCXvsb4lUqj
+ggHyMIIB7jARBgNVHQ4ECgQITPnzawkXeUUwDgYDVR0PAQH/BAQDAgbAMBMGA1Ud
+IwQMMAqACEu4Yddf1khjMAkGA1UdEwQCMAAwfgYIKwYBBQUHAQEEcjBwMEUGCCsG
+AQUFBzAChjlodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLXByZW1p
+dW0tbW9iaWxlLTAzYS5jcnQwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLmEtdHJ1
+c3QuYXQvb2NzcDBgBgNVHSAEWTBXMEsGBiooABEBFDBBMD8GCCsGAQUFBwIBFjNo
+dHRwOi8vd3d3LmEtdHJ1c3QuYXQvZG9jcy9jcC9hLXNpZ24tcHJlbWl1bS1tb2Jp
+bGUwCAYGBACLMAEBMCcGCCsGAQUFBwEDAQH/BBgwFjAIBgYEAI5GAQEwCgYIKwYB
+BQUHCwEwgZ0GA1UdHwSBlTCBkjCBj6CBjKCBiYaBhmxkYXA6Ly9sZGFwLmEtdHJ1
+c3QuYXQvb3U9YS1zaWduLXByZW1pdW0tbW9iaWxlLTAzLG89QS1UcnVzdCxjPUFU
+P2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFzZT9vYmplY3RjbGFzcz1laWRD
+ZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQBWEeyDzBQA
+5O5CY7z6K9EwbXxxuuaEEb1GVIyTZ4DcfodjkEEdGqWicsPdUUJDZ7ETyaKucgVt
+WaOHaObkCua9tM5TP3YtaEyDRteqU7N6LMDcMrXle8WOTUcIhSFy5UU8SnFtbZyQ
+v+eeAW48PVq5pzBzizGNtMKCv9XC7df5ARhDEU7tYaVrKIobTdeq8D7zXnZ2Wdt9
+6VG6QBe8eH49bAxabnOk/rF6TMO2NX4h/tlQLBzOdOeEolUHOHkA3L01REL2m/6k
+lPNsA8mX++cD3yKuoCWxtl27peTscRyGKEo2EBLtt7mfaTFBbkdKo1WUkZ+dVesa
+XtKckFCEtW3r</dsig:X509Certificate>
+ <QualifiedCertificate/>
+ <SecureSignatureCreationDevice Source="Certificate"/>
+ <IssuerCountryCode>AT</IssuerCountryCode>
+ </dsig:X509Data>
+ </SignerInfo>
+ <SignatureCheck>
+ <Code>0</Code>
+ </SignatureCheck>
+ <SignatureManifestCheck>
+ <Code>0</Code>
+ </SignatureManifestCheck>
+ <CertificateCheck>
+ <Code>0</Code>
+ </CertificateCheck>
+ </VerifyXMLSignatureResponse>
diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.xml
new file mode 100644
index 000000000..efdc2a76a
--- /dev/null
+++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<moa:VerifyXMLSignatureRequest xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#"><moa:VerifySignatureInfo><moa:VerifySignatureEnvironment><moa:XMLContent>
+<dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/><dsig:Reference Id="reference-1-1" URI="#signed-data-1-1"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xpf:XPath Filter="intersect" xmlns:xpf="http://www.w3.org/2002/06/xmldsig-filter2">id('signed-data-1-1')/node()</xpf:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><dsig:DigestValue>ck5CfKRJ6J4x7YusP2LmJXRBo3sFoSgTCXlujYNSFvI=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="etsi-data-reference-1-1" Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xpf:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xpf="http://www.w3.org/2002/06/xmldsig-filter2">//*[@Id='etsi-signed-1-1']/etsi:QualifyingProperties/etsi:SignedProperties</xpf:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><dsig:DigestValue>twh9pMjAoknEfJ97w9PA8pEnVFrKb/14Mmdl6AhweE8=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>N5mPWLfwxBrJIVQEAktiZqStkManxG7P8GBE8rw5DCEB2k7OctmvlPLLy+JtQy11OVNU0ISQeJn3BprTxgU/tw==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIEtTCCA52gAwIBAgIDCnQ9MA0GCSqGSIb3DQEBBQUAMIGdMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSEwHwYDVQQLDBhhLXNpZ24tcHJlbWl1bS1tb2JpbGUtMDMxITAfBgNVBAMMGGEtc2lnbi1wcmVtaXVtLW1vYmlsZS0wMzAeFw0xMjAxMTkxMDUwNDRaFw0xNzAxMTkxMDUwNDRaMHExCzAJBgNVBAYTAkFUMRkwFwYDVQQDDBBLbGF1cyBTdHJhbmFjaGVyMRMwEQYDVQQEDApTdHJhbmFjaGVyMQ4wDAYDVQQqDAVLbGF1czEVMBMGA1UEBRMMODQ3MjA2OTQzMDIzMQswCQYDVQQMDAJESTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCl9cWMwe9LaXbcwuLCMRXS6KYhou9Fzvo7ScXpwcRn1sbTSjUIIhLUTrqfqO/pnwoKd87PmNcGUFoCXvsb4lUqjggHyMIIB7jARBgNVHQ4ECgQITPnzawkXeUUwDgYDVR0PAQH/BAQDAgbAMBMGA1UdIwQMMAqACEu4Yddf1khjMAkGA1UdEwQCMAAwfgYIKwYBBQUHAQEEcjBwMEUGCCsGAQUFBzAChjlodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLXByZW1pdW0tbW9iaWxlLTAzYS5jcnQwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLmEtdHJ1c3QuYXQvb2NzcDBgBgNVHSAEWTBXMEsGBiooABEBFDBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3LmEtdHJ1c3QuYXQvZG9jcy9jcC9hLXNpZ24tcHJlbWl1bS1tb2JpbGUwCAYGBACLMAEBMCcGCCsGAQUFBwEDAQH/BBgwFjAIBgYEAI5GAQEwCgYIKwYBBQUHCwEwgZ0GA1UdHwSBlTCBkjCBj6CBjKCBiYaBhmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLXByZW1pdW0tbW9iaWxlLTAzLG89QS1UcnVzdCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFzZT9vYmplY3RjbGFzcz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQBWEeyDzBQA5O5CY7z6K9EwbXxxuuaEEb1GVIyTZ4DcfodjkEEdGqWicsPdUUJDZ7ETyaKucgVtWaOHaObkCua9tM5TP3YtaEyDRteqU7N6LMDcMrXle8WOTUcIhSFy5UU8SnFtbZyQv+eeAW48PVq5pzBzizGNtMKCv9XC7df5ARhDEU7tYaVrKIobTdeq8D7zXnZ2Wdt96VG6QBe8eH49bAxabnOk/rF6TMO2NX4h/tlQLBzOdOeEolUHOHkA3L01REL2m/6klPNsA8mX++cD3yKuoCWxtl27peTscRyGKEo2EBLtt7mfaTFBbkdKo1WUkZ+dVesaXtKckFCEtW3r</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="etsi-signed-1-1"><etsi:QualifyingProperties Target="#signature-1-1" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2014-03-17T12:08:58Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>rUAiWR/xWih+N/Aa7AUvetg2FFU=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-premium-mobile-03,OU=a-sign-premium-mobile-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>685117</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-1-1"><etsi:MimeType>text/plain</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object><dsig:Object Id="signed-data-1-1">Ich bin ein einfacher Text.</dsig:Object></dsig:Signature>
+</moa:XMLContent></moa:VerifySignatureEnvironment><moa:VerifySignatureLocation xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">//dsig:Signature</moa:VerifySignatureLocation></moa:VerifySignatureInfo>
+<moa:TrustProfileID>Test-TSLProfil</moa:TrustProfileID>
+</moa:VerifyXMLSignatureRequest> \ No newline at end of file
diff --git a/spss/handbook/conf/moa-spss/certstore/54A361D38F73772377E15E145772C03EC0197142/F86591A6D86718886A0234B8E54E21AAEA63E24B b/spss/handbook/conf/moa-spss/certstore/54A361D38F73772377E15E145772C03EC0197142/F86591A6D86718886A0234B8E54E21AAEA63E24B
new file mode 100644
index 000000000..2bf4ad712
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/54A361D38F73772377E15E145772C03EC0197142/F86591A6D86718886A0234B8E54E21AAEA63E24B
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/certstore/CCBA90ED697BA209AB6093FC19FB15B53EE26933/159E42D4A53599389431771D5C936552BB22B084 b/spss/handbook/conf/moa-spss/certstore/CCBA90ED697BA209AB6093FC19FB15B53EE26933/159E42D4A53599389431771D5C936552BB22B084
new file mode 100644
index 000000000..9a777fd34
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/CCBA90ED697BA209AB6093FC19FB15B53EE26933/159E42D4A53599389431771D5C936552BB22B084
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/certstore/D866A07634012B24DB601087D8B3A9FFEDF5CADB/969A71FDCC5302167A60158828B9E7862DED3B4D b/spss/handbook/conf/moa-spss/certstore/D866A07634012B24DB601087D8B3A9FFEDF5CADB/969A71FDCC5302167A60158828B9E7862DED3B4D
new file mode 100644
index 000000000..d17d07619
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/D866A07634012B24DB601087D8B3A9FFEDF5CADB/969A71FDCC5302167A60158828B9E7862DED3B4D
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/certstore/E583DB7202A8D1570A18CD11146B0CBCA438F71A/2A5945E1FC2006BE0D59C3375253C9D3327D197D b/spss/handbook/conf/moa-spss/certstore/E583DB7202A8D1570A18CD11146B0CBCA438F71A/2A5945E1FC2006BE0D59C3375253C9D3327D197D
new file mode 100644
index 000000000..a6a9acdc3
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/E583DB7202A8D1570A18CD11146B0CBCA438F71A/2A5945E1FC2006BE0D59C3375253C9D3327D197D
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/certstore/FE51079176B9F46204816CABA94824B3B14A3830/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 b/spss/handbook/conf/moa-spss/certstore/FE51079176B9F46204816CABA94824B3B14A3830/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02
new file mode 100644
index 000000000..b9a0e5a61
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/FE51079176B9F46204816CABA94824B3B14A3830/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/log4j.properties b/spss/handbook/conf/moa-spss/log4j.properties
index 02b767b87..67bd58309 100644
--- a/spss/handbook/conf/moa-spss/log4j.properties
+++ b/spss/handbook/conf/moa-spss/log4j.properties
@@ -8,7 +8,7 @@ org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFacto
# Configure root logger and loggers for moa-spss
log4j.rootLogger=info, stdout
log4j.logger.moa.spss.server=info, moaspss
-log4j.logger.iaik.server=info, moaspss
+log4j.logger.iaik.server=warn, moaspss
# Configure the 'stdout' appender to write logging output to the console
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
diff --git a/spss/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml b/spss/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml
index 79345890a..8d7541b73 100644
--- a/spss/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml
+++ b/spss/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml
@@ -119,13 +119,13 @@
</cfg:RevocationChecking>
<!-- Optionale Angabe einer TSL Konfiguration-->
<!-- Wichtig: Das WorkingDirectory muss jedenfalls den Unterordner „trust“ aus der Beispielkonfiguration beinhalten. -->
- <cfg:TSLConfiguration>
+ <!-- <cfg:TSLConfiguration>
<cfg:UpdateSchedule>
<cfg:StartTime>02:00:00</cfg:StartTime>
<cfg:Period>86400000</cfg:Period>
</cfg:UpdateSchedule>
<cfg:WorkingDirectory>tslworking</cfg:WorkingDirectory>
- </cfg:TSLConfiguration>
+ </cfg:TSLConfiguration>-->
</cfg:CertificateValidation>
</cfg:SignatureVerification>
</cfg:MOAConfiguration>
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-Enc-05.20130923-20230920.SerNoFCDEE.cer b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-Enc-05.20130923-20230920.SerNoFCDEE.cer
new file mode 100644
index 000000000..d17d07619
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-Enc-05.20130923-20230920.SerNoFCDEE.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cer b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cer
new file mode 100644
index 000000000..a6a9acdc3
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-corporate-05.20130923-20230920.SerNoFCE21.cer b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-corporate-05.20130923-20230920.SerNoFCE21.cer
new file mode 100644
index 000000000..9a777fd34
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-corporate-05.20130923-20230920.SerNoFCE21.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
new file mode 100644
index 000000000..b9a0e5a61
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cer
new file mode 100644
index 000000000..a6a9acdc3
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/a-sign-premium-mobile-05.20130923-20230920.SerNoFCDD4.cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/a-sign-premium-mobile-05.20130923-20230920.SerNoFCDD4.cer
new file mode 100644
index 000000000..2bf4ad712
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/a-sign-premium-mobile-05.20130923-20230920.SerNoFCDD4.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
new file mode 100644
index 000000000..b9a0e5a61
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
Binary files differ
diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-2.0.0.xsd
index 391ef4133..391ef4133 100644
--- a/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd
+++ b/spss/handbook/handbook/config/MOA-SPSS-config-2.0.0.xsd
diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html
index f44bd7dc0..3ef04f90c 100644
--- a/spss/handbook/handbook/config/config.html
+++ b/spss/handbook/handbook/config/config.html
@@ -143,7 +143,7 @@
</tr>
</table>
<h2><a name="uebersicht_zentraledatei" id="uebersicht_zentraledatei"></a>1.2 Zentrale Konfigurationsdatei</h2>
- <p>Die Konfiguration von MOA SP/SS erfolgt zentral &uuml;ber eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema <a href="./MOA-SPSS-config-1.5.2.xsd">MOA-SPSS-config-1.5.2.xsd</a> entsprechen. <a href="#konfigurationsparameter">Abschnitt 2</a> erl&auml;utert die Konfigurationsm&ouml;glichkeiten im Einzelnen.</p>
+ <p>Die Konfiguration von MOA SP/SS erfolgt zentral &uuml;ber eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema <a href="./MOA-SPSS-config-2.0.0.xsd">MOA-SPSS-config-2.0.0.xsd</a> entsprechen. <a href="#konfigurationsparameter">Abschnitt 2</a> erl&auml;utert die Konfigurationsm&ouml;glichkeiten im Einzelnen.</p>
<h3><a name="uebersicht_zentraledatei_aktualisierung" id="uebersicht_zentraledatei_aktualisierung"></a>1.2.1
Aktualisierung auf das Format von MOA SP/SS 1.3</h3>
<p>Mit dem Wechsel auf Version 1.3 verwendet MOA SP/SS ein neues, &uuml;bersichtlicheres Format f&uuml;r die
diff --git a/spss/handbook/handbook/index.html b/spss/handbook/handbook/index.html
index 69edc2437..f84920d0a 100644
--- a/spss/handbook/handbook/index.html
+++ b/spss/handbook/handbook/index.html
@@ -15,7 +15,7 @@
</table>
<hr/>
<p class="title">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP) </p>
- <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 1.5.2 </p>
+ <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 2.0.0</p>
<hr/>
<dl>
<dt><a href="./intro/intro.html">Einf&uuml;hrung</a></dt>
diff --git a/spss/handbook/handbook/install/install.html b/spss/handbook/handbook/install/install.html
index 3c3414d29..d44ce6514 100644
--- a/spss/handbook/handbook/install/install.html
+++ b/spss/handbook/handbook/install/install.html
@@ -131,7 +131,7 @@
<dt>Installation von Apache Tomcat</dt>
<dd> Installieren Sie Apache Tomcat in ein Verzeichnis, das keine Leerzeichen im Pfadnamen enth&auml;lt. Verwenden Sie bitte die zu Ihrer Java SE passende Distribution von Tomcat. Das Wurzelverzeichnis der Tomcat-Installation wird im weiteren Verlauf als <code>$CATALINA_HOME</code> bezeichnet.</dd>
<dt>Entpacken der MOA SP/SS Webservice Distribution</dt>
- <dd> Entpacken Sie die Datei <code>moa-spss-1.5.2.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_SPSS_INST</code> bezeichnet. </dd>
+ <dd> Entpacken Sie die Datei <code>moa-spss-2.0.0.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_SPSS_INST</code> bezeichnet. </dd>
<dt>Installation der Kryptographiebibliotheken von SIC/IAIK</dt>
<dd>
<p>Kopieren Sie alle Dateien aus dem Verzeichnis <code>$MOA_SPSS_INST/ext</code> in das Verzeichnis <code>$JAVA_HOME/jre/lib/ext</code>. Zus&auml;tzlich m&uuml;ssen Sie die Rechtedateien Ihrer Java SE austauschen. Laden Sie dazu die passenden <span class="term">Unlimited Strength
@@ -385,7 +385,7 @@ INFO | 01 21:25:26,540 | Thread-3 | TID=1049225059594-100 NID=&lt;null&gt;
<dt>Installation von Java SE</dt>
<dd>Installieren Sie Java SE in ein beliebiges Verzeichnis. Das Wurzelverzeichnis der Java SE Installation wird im weiteren Verlauf als <code>$JAVA_HOME</code> bezeichnet.</dd>
<dt>Entpacken der MOA SP/SS Klassenbibliotheks-Distribution</dt>
- <dd> Entpacken Sie die Datei <code>moa-spss-1.5.2-lib.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_SPSS_INST</code> bezeichnet. </dd>
+ <dd> Entpacken Sie die Datei <code>moa-spss-2.0.0-lib.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_SPSS_INST</code> bezeichnet. </dd>
<dt>Installation der Kryptographiebibliotheken von SIC/IAIK</dt>
<dd>
<p>Kopieren Sie alle Dateien aus dem Verzeichnis <code>$MOA_SPSS_INST/ext</code> in das Verzeichnis <code>$JAVA_HOME/jre/lib/ext</code>. Zus&auml;tzlich m&uuml;ssen Sie die Rechtedateien Ihrer Java SE austauschen. Laden Sie dazu die passenden <span class="term">Unlimited Strength
@@ -403,7 +403,7 @@ INFO | 01 21:25:26,540 | Thread-3 | TID=1049225059594-100 NID=&lt;null&gt;
</tr><tr>
<td>MOA SP/SS</td>
-<td>1.5.2&nbsp; </td>
+<td>2.0.0&nbsp; </td>
<td><code>moa-spss.jar</code>, <code>moa-common.jar</code></td>
</tr><tr>
<td>MOA IAIK</td>
diff --git a/spss/handbook/handbook/intro/intro.html b/spss/handbook/handbook/intro/intro.html
index 286ebb961..138ca61e8 100644
--- a/spss/handbook/handbook/intro/intro.html
+++ b/spss/handbook/handbook/intro/intro.html
@@ -30,7 +30,7 @@
<hr/>
<h1><a name="allgemeines"></a>1 Allgemeines</h1>
<p> Die Module Serversignatur (SS) und Signaturpr&uuml;fung (SP) k&ouml;nnen von Anwendungen verwendet werden, um elektronische Signaturen zu erstellen bzw. vorliegende elektronische Signaturen zu &uuml;berpr&uuml;fen.</p>
- <p>Die Funktionalit&auml;t und der Aufbau der Schnittstelle zu den beiden Modulen ist in der <a href="../spec/MOA-SPSS-1.5.2.pdf" target="_blank" class="term">Spezifikation MOA SP/SS (V1.5.2)</a> detailliert beschrieben. Da diese Spezifikation auf der <a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html#core" target="_blank" class="term"> Schnittstellenspezifikation des Security-Layers (V 1.2.7)</a> aufbaut, ist deren Kenntnis zum Verstehen der Schnittstellen zu SS und SP erforderlich. </p>
+ <p>Die Funktionalit&auml;t und der Aufbau der Schnittstelle zu den beiden Modulen ist in der <a href="../spec/MOA-SPSS-2.0.0.pdf" target="_blank" class="term">Spezifikation MOA SP/SS (V2.0.0)</a> detailliert beschrieben. Da diese Spezifikation auf der <a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html#core" target="_blank" class="term"> Schnittstellenspezifikation des Security-Layers (V 1.2.7)</a> aufbaut, ist deren Kenntnis zum Verstehen der Schnittstellen zu SS und SP erforderlich. </p>
<h1><a name="ss"></a>2 Modul Serversignatur (SS) </h1>
<p> Das Modul Serversignatur (SS) dient zum Erstellen von XML-Signaturen in Anlehnung an die <a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html#core" target="_blank" class="term"> Schnittstellenspezifikation des Security-Layers (V 1.2.7)</a>. Eine Signatur kann entweder rein in Software erstellt werden, oder aber unter Zuhilfenahme eines Hardware Security Modules (HSM), das den privaten Schl&uuml;ssel gesch&uuml;tzt enth&auml;lt und die Signatur berechnet.</p>
<p> Der Zugriff auf einzelne Signaturschl&uuml;ssel in MOA SS kann basierend auf dem f&uuml;r TLS-Client-Authentisierung verwendeten Zertifikat eingeschr&auml;nkt werden. </p>
diff --git a/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.pdf b/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.pdf
deleted file mode 100644
index 25c0c091e..000000000
--- a/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.pdf
+++ /dev/null
Binary files differ
diff --git a/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.pdf b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.pdf
new file mode 100644
index 000000000..6cf538229
--- /dev/null
+++ b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.pdf
Binary files differ
diff --git a/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.wsdl b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.wsdl
index 7c1b0c438..c8bf32950 100644
--- a/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.wsdl
+++ b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.wsdl
@@ -3,7 +3,7 @@
Web Service Description for MOA SP/SS 1.5
-->
<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
- <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-1.5.2.xsd"/>
+ <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-2.0.0.xsd"/>
<message name="CreateCMSSignatureInput">
<part name="body" element="moa:CreateCMSSignatureRequest"/>
</message>
diff --git a/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.xsd b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.xsd
index 739b12431..739b12431 100644
--- a/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.xsd
+++ b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.xsd
diff --git a/spss/handbook/handbook/usage/usage.html b/spss/handbook/handbook/usage/usage.html
index dee5a08fd..690b7120f 100644
--- a/spss/handbook/handbook/usage/usage.html
+++ b/spss/handbook/handbook/usage/usage.html
@@ -52,6 +52,7 @@
<li><a href="#webservice_xmlrequests_pruefungxml_xmldsigmanifest">Pr&uuml;fung eines XMLDSIG-Manifests</a></li>
<li><a href="#webservice_xmlrequests_pruefungxml_ergaenzungsobjekte">Erg&auml;nzungsobjekte</a></li>
<li><a href="#webservice_xmlrequests_pruefungxml_signaturmanifest">Signatur-Manifest des Security-Layers</a></li>
+ <li><a href="#webservice_xmlrequests_pruefungxml_tsl">Pr&uuml;fung gegen Trustprofil mit TSL Unterst&uuml;tzung</a></li>
</ol>
</li>
</ol>
@@ -1185,6 +1186,69 @@ Ich habe weiters ein eigenens ID-Attribut bekommen.&lt;/doc:Paragraph&gt;
&lt;/VerifyXMLSignatureResponse&gt;
</pre>
<p>Das Element<code> CertificateCheck</code> enth&auml;lt das Resultat der Zertifikatspr&uuml;fung (siehe <a href="#webservice_xmlrequests_pruefungxml_einfach">Einfaches Beispiel</a>).</p>
+<!-- TSL -->
+<h4><a name="webservice_xmlrequests_pruefungxml_tsl"></a>2.1.4.6 Pr&uuml;fung gegen Trustprofil mit TSL Unterst&uuml;tzung</h4>
+<h5>Request</h5>
+<p><code><a href="../../clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.xml" target="_blank">VerifyXMLSignatureRequest.TSL.xml</a></code> ist ein einfacher XML-Request zur Pr&uuml;fung einer XML-Signatur. Sein Aufbau wird nachfolgend analysiert. Bitte beachten Sie, dass der dargestellte Request zur bessernen Lesbarkeit einger&uuml;ckt und gek&uuml;rzt wurde.</p>
+<pre>
+&lt;VerifyXMLSignatureRequest xmlns=&quot;http://reference.e-government.gv.at/namespace/moa/20020822#&quot;&gt;
+ &lt;VerifySignatureInfo&gt;
+ &lt;VerifySignatureEnvironment&gt;
+ &lt;XMLContent&gt;
+ &lt;dsig:Signature Id=&quot;signature-1-1&quot; xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;
+ [..]
+ &lt;/dsig:Signature&gt;
+ &lt;/XMLContent&gt;
+ &lt;/VerifySignatureEnvironment&gt;
+</pre>
+<p>Das Element <code>VerifySignatureEnvironment</code> enth&auml;lt jenes XML-Dokument, das die zu pr&uuml;fende XML-Signatur enth&auml;lt. </p>
+<pre>
+ &lt;VerifySignatureLocation
+ xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;//dsig:Signature&lt;/VerifySignatureLocation&gt;
+ &lt;/VerifySignatureInfo&gt;
+</pre>
+<p>Das Element <code>VerifySignatureLocation</code> enth&auml;lt als Text den XPath-Ausdruck zur Selektion der XML-Signatur innerhalb des zu pr&uuml;fenden XML-Dokuments. Die Auswertung des XPath-Ausdrucks muss genau ein Element <code>dsig:Signature</code> ergeben. Bitte beachten Sie, dass im Kontext des Elements <code>VerifySignatureLocation</code> alle im XPath-Ausdruck verwendeten Namespace-Pr&auml;fixe bekannt sein m&uuml;ssen (hier das Pr&auml;fix <code>dsig</code>). </p>
+<pre>
+ &lt;TrustProfileID&gt;Test-TSLProfil&lt;/TrustProfileID&gt;
+&lt;/VerifyXMLSignatureRequest&gt;
+</pre>
+<p>Das Element <code>TrustProfileID</code> schlie&szlig;lich enth&auml;lt den Bezeichner des Vertrauensprofils, gegen das die Zertifikatspr&uuml;fung von MOA SP durchgef&uuml;hrt wird. In diesem Falle muss f&uuml;r das Vertrauenprofil die TSL Unterst&uuml;tzung aktiviert sein. In der beispielhaften Konfiguration <a href="../../../conf/moa-spss/sp.minimum_with_tsl.config.xml" target="_blank">sp.minimum_with_tsl.config.xml</a> ist so eine Vertrauensprofile mit der ID Test-TSLProfil eingerichtet.</p>
+<h5>Response</h5>
+<p><code><a href="../../clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.resp.xml" target="_blank">VerifyXMLSignatureRequest.TSL.resp.xml</a></code> ist eine typische Response des SP Webservices auf den obigen Request. Sein Aufbau wird nachfolgend analysiert. Bitte beachten Sie, dass die dargestellte Response zur bessernen Lesbarkeit einger&uuml;ckt und gek&uuml;rzt wurde.</p>
+<pre>
+&lt;VerifyXMLSignatureResponse
+ xmlns=&quot;http://reference.e-government.gv.at/namespace/moa/20020822#&quot;
+ xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;
+ &lt;SignerInfo&gt;
+ &lt;dsig:X509Data&gt;
+ &lt;dsig:X509SubjectName&gt;T=DI,serialNumber=847206943023,givenName=Klaus,SN=Stranacher,
+ CN=Klaus Stranacher,C=AT&lt;/dsig:X509SubjectName&gt;
+ &lt;dsig:X509IssuerSerial&gt;
+ &lt;dsig:X509IssuerName&gt;CN=a-sign-premium-mobile-03,OU=a-sign-premium-mobile-03,
+ O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT&lt;/dsig:X509IssuerName&gt;
+ &lt;dsig:X509SerialNumber&gt;685117&lt;/dsig:X509SerialNumber&gt;
+ &lt;/dsig:X509IssuerSerial&gt;
+ &lt;dsig:X509Certificate&gt;...&lt;/dsig:X509Certificate&gt;
+ &lt;QualifiedCertificate/&gt;<br> &lt;SecureSignatureCreationDevice Source=&quot;Certificate&quot;/&gt;<br> &lt;IssuerCountryCode&gt;AT&lt;/IssuerCountryCode&gt;<br> &lt;/dsig:X509Data&gt;
+ &lt;/SignerInfo&gt;
+</pre>
+<p>Die Response enth&auml;lt zun&auml;chst in <code>SignerInfo/dsig:X509Data</code> Informationen &uuml;ber den Signator, die aus dem in der XML-Signatur enthaltenen Signatorzertifikat entnommen sind. </p>
+<p><code>dsig:X509SubjectName</code> ist immer vorhanden und enth&auml;lt den Namen des Signators. <code>dsig:X509IssuerSerial</code> ist ebenfalls immer vorhanden und enth&auml;lt den Namen des Austellers des Signatorzertifikats (<code>dsig:X509IssuerName</code>) sowie die Seriennummer des Zertifikats (<code>dsig:X509SerialNumber</code>). Auch <code>dsig:X509Certificate</code> ist ist immer vorhanden und enth&auml;lt das Signatorzertifikat in base64 kodierter Form. </p>
+<p>Optional vorhanden ist das inhaltslose Element <code>QualifiedCertificate</code>, und zwar dann, wenn es sich beim Signatorzertifikat um ein qualifiziertes Zertifikat handelt. Optional vorhanden ist das Element <code>SecureSignatureCreationDevice</code>, und zwar dann wenn die Signatur mittels einer sicheren Signaturerstellungseinheit erzeugt wurde. Das Attribut <code>Source</code>, gibt dabei an ob diese Information &uuml;ber die entsprechende TSL (<code>Source=TSL</code>) oder &uuml;ber das Zertifikat ermittelt wurde (<code>Source=Certificate</code>). Das weitere optionale Element <code>IssuerCountryCode</code> gibt dabei den L&auml;ndercode des Zertifizierungsdiensteanbieters an, der das Signaturzertifikat ausgestellt hat. Ebenfalls optional vorhanden (nicht in diesem Beispiel) ist schlie&szlig;lich das Element <code>PublicAuthority</code>, und zwar dann, wenn das Signatorzertifikat die &ouml;sterreichspezifische Zertifikatserweiterung <a href="http://www.digitales.oesterreich.gv.at/site/cob__28513/5580/default.aspx" target="_blank">Verwaltungseigenschaft</a> aufweist. Ist in dieser Zertifikatserweiterung das Verwaltungskennzeichen mitkodiert, wird dieses Kennzeichen als Textinhalt des optionalen Elements <code>PublicAuthority/Code</code> geliefert.</p>
+<pre>
+ &lt;SignatureCheck&gt;
+ &lt;Code&gt;0&lt;/Code&gt;
+ &lt;/SignatureCheck&gt;
+</pre>
+<p> Anschlie&szlig;end an <code>SignerInfo</code> enth&auml;lt die Response mit <code>SignatureCheck/Code</code> das Resultat der kryptographischen Pr&uuml;fung der Signatur. In unserem Beispiel ist dort der Wert <code>0</code> enthalten, d. h. die Signatur konnte erfolgreich validiert werden. F&uuml;r eine &Uuml;bersicht der m&ouml;glichen Kodes siehe <a href="#sl"> Security-Layer Spezifikation</a>.</p>
+<pre>
+ &lt;CertificateCheck&gt;
+ &lt;Code&gt;0&lt;/Code&gt;
+ &lt;/CertificateCheck&gt;
+</pre>
+<p>Abschlie&szlig;end enth&auml;lt die Response mit <code>CertificateCheck/Code</code> das Resultat der Pr&uuml;fung des Signatorzertifikats. Zun&auml;chst pr&uuml;ft MOA SP, ob ausgehend vom Signatorzertifikat eine Zertifikatskette zu einem im zugeh&ouml;rigen Vertrauensprofil konfigurierten sog. <span class="term">Trust Anchor</span> gebildet werden kann. Gelingt dies, wird die G&uuml;ltigkeit jedes Zertifikats dieser Kette &uuml;berpr&uuml;ft. In unserem Beispiel enth&auml;lt <code>Code</code> den Wert <code>0</code>, d. h. MOA SP konnte die Kette bilden, und alle Zertifikate der Kette sind g&uuml;ltig. F&uuml;r eine &Uuml;bersicht der m&ouml;glichen Kodes siehe <a href="#sl"> Security-Layer Spezifikation</a>.</p>
+
+<!-- TSL -->
<h2><a name="webservice_clients" id="webservice_clients"></a>2.2 Webservice-Clients</h2>
<p><a href="#webservice_xmlrequests">Abschnitt 2.1</a> bespricht eine Reihe von typischen XML-Requests, die &uuml;ber die Webservice-Schnittstelle an MOA SP/SS gesendet werden k&ouml;nnen, um entweder Signaturen zu erstellen (MOA SS) oder Signaturen zu pr&uuml;fen (MOA SP). Dieser Abschnitt zeigt die Verwendung des prototypischen Webservice-Clients, der mit dieser Dokumentation zu MOA SP/SS ausgeliefert wird.</p>
<h3><a name="webservice_clients_übersicht" id="webservice_clients_übersicht"></a>2.2.1 &Uuml;bersicht</h3>
diff --git a/spss/server/history.txt b/spss/server/history.txt
index 02419a3fa..651524419 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -1,16 +1,18 @@
##############
-1.5.2
+2.0.0
##############
- Signaturerstellung:
- Unterstuetzung von XAdES Version 1.4.2
- Unterstuetzung von CMS/CAdES Signaturen Version 2.2.1
-- TSL Unterstuetzung
+- Signaturpruefung:
+ - Trust-service Status List (TSL) Unterstuetzung
+- Update der Standard Trustprofile und Standard Konfigurationen
- Sicherheitsupdates
- Angabe einer Whitelist um das Aufloesen externer Referenzen von den angegebenen Quellen zu aktivieren.
- Libraries aktualisiert bzw. hinzugefuegt:
iaik-moa: Version 1.5
- iaik-tsl Version 1.0.0
+ iaik-tsl Version 1.0
##############
1.5.1
@@ -18,7 +20,7 @@
- Sicherheitsupdates
- Defaultmaessiges Deaktiveren des Aufloesens von externen Referenzen
- - Angabe einer Blacklist in der Konfiguration um den Intranetbereich zu sch�tzen, so das Aufloesen externer Referenzen aktiviert wird
+ - Angabe einer Blacklist in der Konfiguration um den Intranetbereich zu schützen, so das Aufloesen externer Referenzen aktiviert wird
- Update der Standard Trustprofile und Standard Konfigurationen
- Standard Trustprofil "OfficialSignature" fuer Amtssignaturen hinzugefuegt
- Libraries aktualisiert:
diff --git a/spss/server/readme.update.txt b/spss/server/readme.update.txt
index 28796ddcb..07d100272 100644
--- a/spss/server/readme.update.txt
+++ b/spss/server/readme.update.txt
@@ -1,11 +1,11 @@
======================================================================
- Update einer bestehenden MOA-SPSS-Installation auf Version 1.5.2
+ Update einer bestehenden MOA-SPSS-Installation auf Version 2.0.0
======================================================================
Es gibt zwei Moeglichkeiten (im Folgenden als "Update Variante A" und
"Update Variante B" bezeichnet), das Update von MOA-SPSS auf Version
-1.5.2 durchzufuehren. Update Variante A geht dabei den Weg ueber eine
+2.0.0 durchzufuehren. Update Variante A geht dabei den Weg ueber eine
vorangestellte Neuinstallation, waehrend Variante B direkt eine
bestehende Installation aktualisiert.
@@ -16,7 +16,7 @@ JAVA_HOME bezeichnet das Wurzelverzeichnis der JDK-Installation
CATALINA_HOME bezeichnet das Wurzelverzeichnis der Tomcat-Installation
MOA_SPSS_INST bezeichnet das Verzeichnis, in das Sie die Datei
-moa-spss-1.5.2.zip entpackt haben.
+moa-spss-2.0.0.zip entpackt haben.
=================
Update Variante A
@@ -26,9 +26,9 @@ Update Variante A
Ihrer MOA-SPSS-Installation.
2.) Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
- JAVA_HOME\jre\lib\ext, und l�schen Sie diese Dateien danach.
+ JAVA_HOME\jre\lib\ext, und loeschen Sie diese Dateien danach.
-3.) F�hren Sie eine Neuinstallation gemaess Handbuch durch.
+3.) Fuehren Sie eine Neuinstallation gemaess Handbuch durch.
4.) Kopieren Sie etwaige Konfigurationsdateien, Trust-Profile und Key-Stores,
die Sie aus Ihrer alten Installation beibehalten moechten, aus Ihrer
@@ -53,7 +53,7 @@ Update Variante B
1.) Erstellen Sie eine Sicherungskopie des kompletten Tomcat-Verzeichnisses
Ihrer MOA-SPSS-Installation.
-2.) Entpacken Sie die Datei "moa-spss-1.5.2.zip" in das Verzeichnis MOA_SPSS_INST.
+2.) Entpacken Sie die Datei "moa-spss-2.0.0.zip" in das Verzeichnis MOA_SPSS_INST.
3.) Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
@@ -110,7 +110,7 @@ Update Variante B
10.) Update des Cert-Stores.
a) Kopieren Sie den Inhalt des Verzeichnisses MOA_SPSS_INST\conf\moa-spss\certstore
in das Verzeichnis CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
- vorhandene Dateien oder Unterverzeichnisse �berschreiben sollen, dann bejahen Sie das.
+ vorhandene Dateien oder Unterverzeichnisse ueberschreiben sollen, dann bejahen Sie das.
b) Falls vorhanden, loeschen Sie die Datei "890A4C8282E95EBB398685D9501486EF213941B5" aus dem
Verzeichnis CATALINA_HOME\conf\moa-spss\certstore\10F17BDACD8DEAA1E8F23FBEAE7B3EC3D9773D1D.
@@ -123,7 +123,7 @@ Update Variante B
CATALINA_HOME\conf\moa-spss\certstore\10F17BDACD8DEAA1E8F23FBEAE7B3EC3D9773D1D.
11.) Nur wenn alte Installation aelter als Version 1.3.0:
- Mit dem Wechsel auf Version 1.3.0 verwendet MOA SP ein neues Format f�r die
+ Mit dem Wechsel auf Version 1.3.0 verwendet MOA SP ein neues Format fuer die
XML-Konfigurationsdatei. Sie muessen die Konfigurationsdatei fuer MOA-SP aus
Ihrer alten Installation auf das neue Format konvertieren. Details dazu
finden Sie im MOA-SPSS-Installationshandbuch. \ No newline at end of file
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index 1c756d4d4..88d3fb90d 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -143,16 +143,16 @@
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_tsl</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_util</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_xsect</artifactId>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_xsect_eval</artifactId>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
@@ -167,7 +167,7 @@
<artifactId>sqlite-jdbc</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_jsse</artifactId>
</dependency>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
index 6209d8ef9..6b3f4301f 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
@@ -175,7 +175,7 @@ public class VerifyCMSSignatureRequestParser {
excludeByteRangeFrom = new BigDecimal(excludeByteRangeFromStr);
if (excludeByteRangeToStr != null)
excludeByteRangeTo = new BigDecimal(excludeByteRangeToStr);
-
+
return factory.createCMSDataObject(metaInfo, content, excludeByteRangeFrom, excludeByteRangeTo);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 0908d88c9..3d2da8384 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -1268,6 +1268,111 @@ public class ConfigurationPartsBuilder {
}
/**
+ * Build the trust profile mapping.
+ *
+ * @return The profile ID to profile mapping.
+ */
+ public Map buildTrustProfiles()
+ {
+ Map trustProfiles = new HashMap();
+ NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+ Element profileElem;
+
+ while ((profileElem = (Element) profileIter.nextNode()) != null)
+ {
+ String id = getElementValue(profileElem, CONF + "Id", null);
+ String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null);
+ String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null);
+
+ URI trustAnchorsLocURI = null;
+ try
+ {
+ trustAnchorsLocURI = new URI(trustAnchorsLocStr);
+ if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file
+ trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr);
+ }
+ }
+ catch (URIException e) {
+ warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e);
+ continue;
+ }
+ catch (MalformedURLException e)
+ {
+ warn("config.15", new Object[] {id}, e);
+ continue;
+ }
+
+ File profileDir = new File(trustAnchorsLocURI.getPath());
+ if (!profileDir.exists() || !profileDir.isDirectory()) {
+ warn("config.27", new Object[] { "uri", id });
+ continue;
+ }
+
+
+
+ if (trustProfiles.containsKey(id)) {
+ warn("config.04", new Object[] { "TrustProfile", id });
+ continue;
+ }
+
+ URI signerCertsLocURI = null;
+ if (signerCertsLocStr != null && !"".equals(signerCertsLocStr))
+ {
+ try
+ {
+ signerCertsLocURI = new URI(signerCertsLocStr);
+ if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr);
+
+ File signerCertsDir = new File(signerCertsLocURI.getPath());
+ if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) {
+ warn("config.27", new Object[] { "signerCertsUri", id });
+ continue;
+ }
+ }
+ catch (URIException e) {
+ warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e);
+ continue;
+ }
+ catch (MalformedURLException e) {
+ warn("config.15", new Object[] {id}, e);
+ continue;
+ }
+ }
+
+ signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
+
+ TrustProfile profile = null;
+
+ profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, false, null);
+
+ trustProfiles.put(id, profile);
+
+ }
+
+ return trustProfiles;
+ }
+
+ /**
+ * checks if a trustprofile with TSL support is enabled
+ *
+ * @return true if TSL support is enabled in at least one trustprofile, else false
+ */
+ public boolean checkTrustProfilesTSLenabled()
+ {
+ NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+ Element profileElem;
+
+ boolean tslSupportEnabled = false;
+ while ((profileElem = (Element) profileIter.nextNode()) != null) {
+ Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL");
+ if (eutslElem != null) //EUTSL element found --> TSL enabled
+ tslSupportEnabled = true;
+ }
+
+ return tslSupportEnabled;
+ }
+
+ /**
* Returns the location of the certificate store.
*
* @return the location of the certificate store.
@@ -1385,6 +1490,22 @@ public class ConfigurationPartsBuilder {
Logger.warn(new LogMsg(txt));
warnings.add(txt);
}
+
+ /**
+ * Log a warning.
+ *
+ * @param messageId The message ID.
+ * @param args Additional parameters for the message.
+ * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+ */
+ private void debug(String messageId, Object[] args) {
+ MessageProvider msg = MessageProvider.getInstance();
+ String txt = msg.getMessage(messageId, args);
+
+ Logger.debug(new LogMsg(txt));
+
+ }
+
/**
* Log a debug message.
@@ -1577,31 +1698,31 @@ public class ConfigurationPartsBuilder {
public TSLConfiguration getTSLConfiguration() {
TSLConfigurationImpl tslconfiguration = new TSLConfigurationImpl();
-
+
String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null);
if (StringUtils.isEmpty(euTSLUrl)) {
euTSLUrl = TSLConfiguration.DEFAULT_EU_TSL_URL;
- warn("config.39", new Object[] { "EUTSL", euTSLUrl });
+ debug("config.39", new Object[] { "EUTSL", euTSLUrl });
}
String updateSchedulePeriod = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "Period" , null);
if (StringUtils.isEmpty(updateSchedulePeriod)) {
updateSchedulePeriod = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_PERIOD;
- warn("config.39", new Object[] { "UpdateSchedule/Period", updateSchedulePeriod });
+ debug("config.39", new Object[] { "UpdateSchedule/Period", updateSchedulePeriod });
}
String updateScheduleStartTime = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "StartTime", null);
if (StringUtils.isEmpty(updateScheduleStartTime)) {
updateScheduleStartTime = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_STARTTIME;
- warn("config.39", new Object[] { "UpdateSchedule/StartTime", updateScheduleStartTime });
+ debug("config.39", new Object[] { "UpdateSchedule/StartTime", updateScheduleStartTime });
}
String workingDirectoryStr = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "WorkingDirectory", null);
if (StringUtils.isEmpty(workingDirectoryStr)) {
workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR;
- warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr });
+ debug("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr });
}
// convert update schedule starting time to Date object
@@ -1638,24 +1759,12 @@ public class ConfigurationPartsBuilder {
return null;
}
- File hashcache = new File(tslWorkingDir, "hashcache");
- if (!hashcache.exists()) {
- hashcache.mkdir();
- }
- if (!hashcache.isDirectory()) {
- error("config.38", new Object[] { hashcache.getAbsolutePath() });
- return null;
- }
-
- System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath());
-// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
-// System.out.println("Hashcache: " + hashcachedir);
-
+
debug("TSL Konfiguration - EUTSLUrl: " + euTSLUrl);
debug("TSL Konfiguration - UpdateSchedule/Period: " + updateSchedulePeriod);
debug("TSL Konfiguration - UpdateSchedule/StartTime: " + updateScheduleStartTime);
debug("TSL Konfiguration - TSLWorkingDirectory: " + tslWorkingDir.getAbsolutePath());
- debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath());
+
// set TSL configuration
tslconfiguration.setEuTSLUrl(euTSLUrl);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 2cad35763..d67cbf1b4 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -347,6 +347,16 @@ public class ConfigurationProvider
try {
builder = new ConfigurationPartsBuilder(configElem, configRoot);
+ if (builder.checkTrustProfilesTSLenabled()) {
+ debug("TSL support enabled for at least one trustprofile.");
+ tslconfiguration_ = builder.getTSLConfiguration();
+ trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+ }
+ else {
+ tslconfiguration_ = null;
+ trustProfiles = builder.buildTrustProfiles();
+ }
+
digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName();
canonicalizationAlgorithmName =
builder.getCanonicalizationAlgorithmName();
@@ -361,14 +371,14 @@ public class ConfigurationProvider
keyGroupMappings =
builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL);
- tslconfiguration_ = builder.getTSLConfiguration();
-
xadesVersion = builder.getXAdESVersion();
defaultChainingMode = builder.getDefaultChainingMode();
chainingModes = builder.buildChainingModes();
useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess();
autoAddCertificates_ = builder.getAutoAddCertificates();
- trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+ //trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+
+
distributionPoints = builder.buildDistributionPoints();
enableRevocationChecking_ = builder.getEnableRevocationChecking();
maxRevocationAge_ = builder.getMaxRevocationAge();
@@ -379,6 +389,7 @@ public class ConfigurationProvider
revocationArchiveJDBCDriverClass_ = builder.getRevocationArchiveJDBCDriverClass();
+
//check TSL configuration
checkTSLConfiguration();
@@ -428,7 +439,21 @@ public class ConfigurationProvider
}
}
- private void checkTSLConfiguration() throws ConfigurationException {
+ private boolean checkTSLenableTrustprofilesExist()throws ConfigurationException {
+ boolean bTSLEnabledTPExist = false;
+ Iterator it = trustProfiles.entrySet().iterator();
+ while (it.hasNext()) {
+ Map.Entry pairs = (Map.Entry)it.next();
+ TrustProfile tp = (TrustProfile) pairs.getValue();
+ if (tp.isTSLEnabled())
+ bTSLEnabledTPExist = bTSLEnabledTPExist || true;
+ }
+
+ return bTSLEnabledTPExist;
+
+ }
+
+ private void checkTSLConfiguration() throws ConfigurationException {
boolean bTSLEnabledTPExist = false;
Iterator it = trustProfiles.entrySet().iterator();
while (it.hasNext()) {
@@ -449,6 +474,43 @@ public class ConfigurationProvider
throw new ConfigurationException("config.40", null);
}
+ File workingDir = new File(tslconfiguration_.getWorkingDirectory());
+ File eu_trust = new File(workingDir.getAbsolutePath() + "/trust/eu");
+ if (!eu_trust.exists()) {
+ error("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"});
+ throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"});
+ }
+ else {
+ File[] eutrustFiles = eu_trust.listFiles();
+ if (eutrustFiles == null) {
+ error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+ throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+ }
+ else {
+ if (eutrustFiles.length == 0) {
+ error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+ throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+ }
+ }
+
+ }
+
+ File hashcache = new File(tslconfiguration_.getWorkingDirectory(), "hashcache");
+ if (!hashcache.exists()) {
+ hashcache.mkdir();
+ }
+ if (!hashcache.isDirectory()) {
+ error("config.38", new Object[] { hashcache.getAbsolutePath() });
+ return;
+ }
+
+ System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath());
+// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
+// System.out.println("Hashcache: " + hashcachedir);
+
+
+ Logger.debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath());
+
}
@@ -759,6 +821,17 @@ public class ConfigurationProvider
Logger.info(new LogMsg(msg.getMessage(messageId, parameters)));
}
+ /**
+ * Log a debug message.
+ *
+ * @param messageId The message ID.
+ * @param parameters Additional parameters for the message.
+ * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+ */
+ private static void debug(String message) {
+ Logger.debug(message);
+ }
+
/**
* Log a warning.
*
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 0e5faf790..aca6f5895 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -311,6 +311,12 @@ public class CMSSignatureVerificationInvoker {
ByteArrayOutputStream contentOs = new ByteArrayOutputStream();
+ CMSDataObject dataobject = request.getDataObject();
+ BigDecimal from = dataobject.getExcludeByteRangeFrom();
+ BigDecimal to = dataobject.getExcludeByteRangeTo();
+
+ if ( (from == null) || (to == null))
+ return contentIs;
BigDecimal counter = new BigDecimal("0");
BigDecimal one = new BigDecimal("1");
@@ -318,7 +324,7 @@ public class CMSSignatureVerificationInvoker {
try {
while ((byteRead=contentIs.read()) >= 0) {
- if (inRange(counter, request.getDataObject())) {
+ if (inRange(counter, dataobject)) {
// if byte is in byte range, set byte to 0x00
contentOs.write(0);
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
index 07da0a998..3a004a81d 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.spss.tsl.connector;
import iaik.asn1.ObjectID;
+
import iaik.util._;
import iaik.util.logging._l;
import iaik.utils.RFC2253NameParser;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
index 5456701c0..e06abe44d 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
@@ -46,7 +46,9 @@ public class TSLUpdaterTimerTask extends TimerTask {
public void run() {
try {
+ Logger.info("Start TSL Update");
update();
+ Logger.info("Finished TSL Update");
} catch (TSLEngineDiedException e) {
MessageProvider msg = MessageProvider.getInstance();
Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
@@ -172,33 +174,33 @@ public class TSLUpdaterTimerTask extends TimerTask {
// convert ArrayList<File> to X509Certificate[]
if (tsl_certs == null) {
- Logger.error("No certificates from TSL imported.");
- throw new TSLSearchException("No certificates from TSL imported.");
+ Logger.warn("No certificates from TSL imported.");
+ //throw new TSLSearchException("No certificates from TSL imported.");
}
+ else {
- X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];
- Iterator itcert = tsl_certs.iterator();
- i = 0;
- File f = null;
- while(itcert.hasNext()) {
- f = (File)itcert.next();
- FileInputStream fis = new FileInputStream(f);
- X509Certificate cert = new X509Certificate(fis);
- addCertificatesTSL[i] = cert;
+ X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];
+ Iterator itcert = tsl_certs.iterator();
+ i = 0;
+ File f = null;
+ while(itcert.hasNext()) {
+ f = (File)itcert.next();
+ FileInputStream fis = new FileInputStream(f);
+ X509Certificate cert = new X509Certificate(fis);
+ addCertificatesTSL[i] = cert;
- i++;
- fis.close();
- }
+ i++;
+ fis.close();
+ }
- Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates."));
- storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);
- storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);
+ Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates."));
+ storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);
+ storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);
- Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
- storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
- storeUpdater.addCertificatesToCertStores(addCertificates, tid);
-
-
+ Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
+ storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+ storeUpdater.addCertificatesToCertStores(addCertificates, tid);
+ }
}
}
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java
index f0dbd779e..492d10eda 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.spss.tsl.utils;
import iaik.util.logging._l;
+
import iaik.util.logging.Log.MultiThreadLoggingGroup;
import iaik.utils.RFC2253NameParserException;
import iaik.utils.Util;
@@ -15,6 +16,7 @@ import iaik.xml.crypto.tsl.TSLOpenURIException;
import iaik.xml.crypto.tsl.TSLThreadContext;
import iaik.xml.crypto.tsl.ValidationFixupFilter;
import iaik.xml.crypto.tsl.ValidationFixupFilter.AttributeValueFixup;
+import iaik.xml.crypto.tsl.ValidationFixupFilter.DeleteAttrFixup;
import iaik.xml.crypto.tsl.ValidationFixupFilter.ElementStringValueFixup;
import iaik.xml.crypto.tsl.ValidationFixupFilter.FixedSaxLevelValidationExcption;
import iaik.xml.crypto.tsl.ValidationFixupFilter.Fixup;
@@ -97,44 +99,34 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
trustAnchorsWrongOnEuTsl_;
public TSLImportFromFileContext(
- Countries expectedTerritory,
- URL url,
- Number otherTslPointerId,
- String workingdirectory,
- boolean sqlMultithreaded,
- boolean throwExceptions,
- boolean logExceptions,
- boolean throwWarnings,
- boolean logWarnings,
- boolean nullRedundancies,
- String baseuri,
- Map <Countries, ListIterator<X509Certificate>> trustAnchorsWrongOnEuTsl,
- TSLThreadContext parentContext) {
- super(
- expectedTerritory,
- url,
- otherTslPointerId,
- workingdirectory,
- sqlMultithreaded,
- throwExceptions,
- logExceptions,
- throwWarnings,
- logWarnings,
- nullRedundancies,
- parentContext);
- baseuri_ = baseuri;
- trustAnchorsWrongOnEuTsl_ = trustAnchorsWrongOnEuTsl;
- }
-
- public List<ThrowableAndLocatorAndMitigation> getErrorsAndWarnings() {
- List<ThrowableAndLocatorAndMitigation> errorsAndWarnings = new ArrayList<ThrowableAndLocatorAndMitigation>();
- errorsAndWarnings.addAll(this.fatals_);
- errorsAndWarnings.addAll(this.faildTransactions_);
- errorsAndWarnings.addAll(this.warnings_);
-
- return errorsAndWarnings;
- }
-
+ Countries expectedTerritory,
+ URL url,
+ Number otherTslPointerId,
+ String workingdirectory,
+ boolean sqlMultithreaded,
+ boolean throwExceptions,
+ boolean logExceptions,
+ boolean throwWarnings,
+ boolean logWarnings,
+ boolean nullRedundancies,
+ String baseuri,
+ Map <Countries, ListIterator<X509Certificate>> trustAnchorsWrongOnEuTsl,
+ TSLThreadContext parentContext) {
+ super(
+ expectedTerritory,
+ url,
+ otherTslPointerId,
+ workingdirectory,
+ sqlMultithreaded,
+ throwExceptions,
+ logExceptions,
+ throwWarnings,
+ logWarnings,
+ nullRedundancies,
+ parentContext);
+ baseuri_ = baseuri;
+ trustAnchorsWrongOnEuTsl_ = trustAnchorsWrongOnEuTsl;
+ }
/* (non-Javadoc)
* @see iaik.xml.crypto.tsl.TSLImportFromFileContext#getbaseURI()
*/
@@ -142,67 +134,80 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
public String getbaseURI() {
return this.baseuri_;
}
-
+
+
+
+
//@Override
- protected RuntimeException wrapException(Throwable t, Locator l, Mitigation m) {
- return super.wrapException(t, l, m);
- }
+ protected RuntimeException wrapException(Throwable t, Locator l, Mitigation m) {
+ return super.wrapException(t, l, m);
+ }
@Override
- public synchronized void throwException(Throwable e) {
+ public
+ synchronized void throwException(Throwable e) {
if (e instanceof TSLValidationException) {
// we do not throw dom validation errors for testing
// and just collect them
wrapException(e);
-
} else if (e instanceof TSLVerificationException) {
+
+ boolean corrected = false;
// we do not throw verification errors for testing
// and just collect them
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NO_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NO_TSL_SIGNATURE) {
-
- //TSL with no signature are ignored!!!!
- l.warn("TSL IS NOT SIGNED! "
- + this.expectedTerritory_.name() + " TSL ignored.");
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
+// // NEVER DO THIS! unless you want to import TSLs without signatures.
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NO_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NO_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+// }
+//
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+// }
- wrapException(e);
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+//
+// corrected = true;
+// }
+//
+//
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+//
+// corrected = true;
+// }
+//
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+//
+// corrected = true;
+// }
+//
+// if (corrected)
+// wrapException(e);
+// else
+// super.throwException(e);
+
+ super.throwException(e);
} else if (e instanceof FileNotFoundException) {
// we do not stop and continue processing
wrapException(e);
-
} else if (e instanceof IllegalArgumentException) {
// we do not stop and continue processing
wrapException(e);
-
} else {
// all other errors are treated as per default
super.throwException(e);
@@ -221,9 +226,6 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
if(
e instanceof FixedSaxLevelValidationExcption &&
enclosingMethod.getDeclaringClass().equals(ValidationFixupFilter.class)){
-
-
-
wrapException(e,
((LocatorAspect) e).getLocator(),
new FixedValidationMitigation("Performed SAX Level Fixup."));
@@ -247,7 +249,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
if (parameters[0] instanceof DOMError) {
DOMError domError = (DOMError) parameters[0];
- l.info(""+domError.getRelatedData());
+ _l.warn(""+domError.getRelatedData());
// domError.getRelatedData().getClass().getField("")
@@ -308,6 +310,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
}
});
return mitigatedResult;
+
}
}
@@ -378,11 +381,43 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
}
}
- l.error("Ignoring download error using old: " + parameters[0], null);
+ _l.err("Ignoring download error using old: " + parameters[0], null);
wrapException(e);
return parameters[1];
}
+// if (
+// expectedTerritory_ == Countries.PL &&(
+// (e.getCause() instanceof java.io.EOFException ||
+// e.getCause() instanceof iaik.security.ssl.SSLException) &&
+// parameters[0] instanceof URL &&
+// ((URL)parameters[0]).getProtocol().equalsIgnoreCase("https")
+// )){
+// File f = null;
+// System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
+// TLS.register("TLSv1");
+// try {
+// f = (File) enclosingMethod.invoke(thisObject, parameters);
+// } catch (IllegalAccessException e1) {
+// wrapException(e1);
+// } catch (InvocationTargetException e1) {
+// wrapException(e1);
+// }
+//
+// // System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", null);
+// TLS.register();
+//
+// if (f != null){
+// wrapException(e, null, new Mitigation() {
+// @Override
+// public String getReport() {
+// return "Trying TLSv1 and sun.security.ssl.allowUnsafeRenegotiation=true";
+// }
+// });
+// return f;
+// }
+// }
+
if (
e instanceof TSLSecurityException &&
enclosingMethod.getDeclaringClass().equals(TSLContext.class) &&
@@ -406,14 +441,14 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
wrapException(e1);
}
wrapException(e, getLocator(),
- new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation(){
- @Override
- public String getReport() {
- return "make an exception for " + expectedTerritory_ + " who have the wrong certificate in " +
- "the EU TSL and allow the certificate " +
- parameters[1];
- }
- });
+ new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation(){
+ @Override
+ public String getReport() {
+ return "make an exception for " + expectedTerritory_ + " who have the wrong certificate in " +
+ "the EU TSL and allow the certificate " +
+ parameters[1];
+ }
+ });
return null;
}
X509Certificate crt = (X509Certificate)parameters[1];
@@ -530,47 +565,45 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
}
}
-// //TODO: CONSIDER, IF WE REALLY WANT THIS PART OF CODE!
-// //ugly hack to accept a certificate which uses a crazy X509SubjectName!!
-// if ( expectedTerritory_ == Countries.DK &&
-// e instanceof KeySelectorException &&
-// parameters[0] instanceof X509DataImpl){
-// if (e.getMessage().equals("KeyInfo X509SubjectName (CN=Adam Arndt Digst,serialNumber=CVR:34051178-RID:25902029,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) does not match SubjectDN (serialNumber=CVR:34051178-RID:25902029+CN=Adam Arndt Digst,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) of KeyInfo X509Certificate.\n"+
-// "Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear MUST refer to the certificate or certificates containing the validation key.")) {
-//
-// X509DataImpl x509DataImpl = (X509DataImpl) parameters[0];
-//
-// Node child = x509DataImpl.getNode().getFirstChild().getNextSibling();
-// Node child1 = x509DataImpl.getNode().getFirstChild();
-//
-// x509DataImpl.getNode().removeChild(child);
-// x509DataImpl.getNode().removeChild(child1);
-//
-//
-// parameters[0] = (X509Data) x509DataImpl
-//
-// Object mitigatedResult = null;
-// try {
-//
-// mitigatedResult = enclosingMethod.invoke(thisObject, parameters);
-// } catch (IllegalAccessException e1) {
-// wrapException(e1);
-// } catch (InvocationTargetException e1) {
-// wrapException(e1);
-// }
-//
-// if (mitigatedResult != null){
-// wrapException(e, null, new Mitigation(null) {
-// @Override
-// public String getReport() {
-// return "Deleted wrong X509SubjectName from XMLDSIG Signature.";
-// }
-// });
-// return mitigatedResult;
-// }
-// }
-// }
-
+ if ( expectedTerritory_ == Countries.DK &&
+ e instanceof KeySelectorException &&
+ parameters[0] instanceof X509DataImpl){
+ if (e.getMessage().equals("KeyInfo X509SubjectName (CN=Adam Arndt Digst,serialNumber=CVR:34051178-RID:25902029,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) does not match SubjectDN (serialNumber=CVR:34051178-RID:25902029+CN=Adam Arndt Digst,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) of KeyInfo X509Certificate.\n"+
+ "Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear MUST refer to the certificate or certificates containing the validation key.")) {
+
+ X509DataImpl x509DataImpl = (X509DataImpl) parameters[0];
+
+ ListIterator li = x509DataImpl.getContent().listIterator();
+ li.next();
+ String sn = (String) li.next();
+
+ _l.err(sn, null);
+
+ System.exit(1);
+
+ Object mitigatedResult = null;
+ try {
+
+ mitigatedResult = enclosingMethod.invoke(thisObject, parameters);
+ } catch (IllegalAccessException e1) {
+ wrapException(e1);
+ } catch (InvocationTargetException e1) {
+ wrapException(e1);
+ }
+
+ if (mitigatedResult != null){
+ wrapException(e, null, new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation() {
+ @Override
+ public String getReport() {
+ return "Deleted wrong X509SubjectName from XMLDSIG Signature.";
+ }
+ });
+ return mitigatedResult;
+
+ }
+ }
+ }
+
} else {
if (e instanceof MitigatedTSLSecurityException){
@@ -578,7 +611,6 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
// and collect them
wrapException(e);
return null;
-
} else if (e instanceof FixedSaxLevelValidationExcption) {
// we allow to mitigate Sax Level Fixup for testing
// and collect them
@@ -607,7 +639,11 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
if(expectedTerritory_ == Countries.EL){
//fix the whitespace in Greece TSL
status = status.trim();
- }
+ }
+ if (status != null && status.startsWith("http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/")) {
+ status = status.substring("http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/".length());
+ }
+
return super.compressStatus(status);
}
@@ -625,6 +661,37 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
@Override
public iaik.xml.crypto.tsl.ValidationFixupFilter.Fixup getSaxLevelValidationFixup(SAXParseException e) {
+ if (expectedTerritory_ == Countries.AT){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.CZ){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.FR){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.NO){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.SK){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+
if (expectedTerritory_ == Countries.ES && getDownloadLocation().toString().contains(".es/")){
if (e.getMessage().equals("cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'tslx:CertSubjectDNAttributeType'.")){
return new LocalNameFixup("CertSubjectDNAttributeType","CertSubjectDNAttribute",e, this);
@@ -734,7 +801,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
String msg = e.getMessage();
- l.info(msg);
+ _l.info(msg);
return(
msg.startsWith("["+SQLiteErrorCode.SQLITE_CONSTRAINT.name()+"]") &&
msg.contains("column " + DbTables.TSLDownload.C.rawHash + " is not unique")
@@ -748,7 +815,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
@Override
protected long howLongWaitForThreads() {
// TODO Auto-generated method stub
- return 10000;
+ return 100000;
}
@Override
@@ -768,7 +835,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
synchronized (log) {
parentContext_.print("<" + ncName + " state=\"" + currentThread.getState()
+ "\" " + " id=\"" + currentThread.getId() + "\">\n" + log.toString() + "</"
- + ncName + ">\n");
+ + ncName + ">" + _.LB);
parentContext_.flushLog();
log.setLength(0);
}
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
index e4ee607c0..9e2e0e490 100644
--- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
+++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
@@ -159,6 +159,7 @@ config.46=Start periodical TSL update task at {0} and then every {1} millisecond
config.48=No whitelisted URIs given.
config.49=Whitelisted URI: {0}.
config.50=Fehler beim Erstellen des TSL Vertrauensprofils: Das Verzeichnis ({0}) ist kein Verzeichnis.
+config.51=Fehler beim Erstellen der TSL Konfiguration: TSL-Arbeitsverzeichnis ist fehlerhaft ({0}).
handler.00=Starte neue Transaktion: TID={0}, Service={1}
handler.01=Aufruf von Adresse={0}
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml
index b8a04eba4..2a7467146 100644
--- a/spss/server/serverws/pom.xml
+++ b/spss/server/serverws/pom.xml
@@ -22,7 +22,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
- <version>2.1.1</version>
+ <version>2.3</version>
<!-- <version>2.0.2</version>-->
<configuration>
<archive>
@@ -70,7 +70,7 @@
<artifactId>iaik_ixsil</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_tsl</artifactId>
</dependency>
<dependency>
@@ -78,12 +78,12 @@
<artifactId>log4j</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_util</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_xsect</artifactId>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_xsect_eval</artifactId>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
@@ -98,13 +98,10 @@
<artifactId>sqlite-jdbc</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_jsse</artifactId>
- </dependency>
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_util</artifactId>
- </dependency>
+ </dependency>
+
<!-- transitive dependencies we don't want to include into the war -->
<dependency>
<groupId>iaik.prod</groupId>