aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorgregor <gregor@d688527b-c9ab-4aba-bd8d-4036d912da1d>2005-07-18 07:19:15 +0000
committergregor <gregor@d688527b-c9ab-4aba-bd8d-4036d912da1d>2005-07-18 07:19:15 +0000
commitac3296bb205048da5a1e4494dd4956f4312cf948 (patch)
tree4bc1805ab329c8724a956a4c10a1ae564efdce0b
parentc09f1913c1ac92c76b1baaba705d09c52eeec7db (diff)
downloadmoa-id-spss-ac3296bb205048da5a1e4494dd4956f4312cf948.tar.gz
moa-id-spss-ac3296bb205048da5a1e4494dd4956f4312cf948.tar.bz2
moa-id-spss-ac3296bb205048da5a1e4494dd4956f4312cf948.zip
Fix für Bug 267 getestet.tags/Build-ID-1.2.0.D10
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@382 d688527b-c9ab-4aba-bd8d-4036d912da1d
-rw-r--r--common/res/resources/schemas/MOA-SPSS-Configuration-1.0.xsd1
-rw-r--r--spss.server/res/resources/properties/spss_messages_de.properties3
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java25
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java16
4 files changed, 27 insertions, 18 deletions
diff --git a/common/res/resources/schemas/MOA-SPSS-Configuration-1.0.xsd b/common/res/resources/schemas/MOA-SPSS-Configuration-1.0.xsd
index 978733394..5a9f966ea 100644
--- a/common/res/resources/schemas/MOA-SPSS-Configuration-1.0.xsd
+++ b/common/res/resources/schemas/MOA-SPSS-Configuration-1.0.xsd
@@ -193,6 +193,7 @@
<xs:complexType>
<xs:attribute name="id" type="xs:token" use="required"/>
<xs:attribute name="uri" type="xs:anyURI" use="required"/>
+ <xs:attribute name="signerCertsUri" type="xs:anyURI" use="optional"/>
</xs:complexType>
</xs:element>
</xs:sequence>
diff --git a/spss.server/res/resources/properties/spss_messages_de.properties b/spss.server/res/resources/properties/spss_messages_de.properties
index ead8d3295..a4ae8e563 100644
--- a/spss.server/res/resources/properties/spss_messages_de.properties
+++ b/spss.server/res/resources/properties/spss_messages_de.properties
@@ -120,7 +120,7 @@ config.16=Fehler beim Erstellen von X509IssuerSerial (IssuerName={0}, SerialNumb
config.17=DigestAlgorithmName unbekannt (AlgorithmName={0})
config.18=Lade Keystore: {0}
config.19=Key ID={0}
-config.20=Fehler beim Aktualisieren der MOA SP/SS Konfiguration. Die bestehende Konfiguration wird beibehalten.
+config.20=Fehler beim Aktualisieren der MOA SP/SS Konfiguration. Die bestehende Konfiguration wird beibehalten
config.21=Lade Konfiguration von {0}
config.22=Lade {0} mit id={1} von Datei {2}
config.23=Fehler in der Konfiguration: {0} nicht konfiguriert oder ungültig, verwende den Default-Wert: {1}
@@ -143,3 +143,4 @@ handler.05=Fehler beim Abarbeiten der Anfrage
invoker.00=Das Signature Environment konnte nicht validierend geparst werden
invoker.01=Keine passende Transformationskette gefunden (Index={0})
invoker.02=Der Hashwert der Transformation stimmt nicht überein (Index={0})
+invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1})
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 33e9daca1..96a90980d 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -829,8 +829,6 @@ public class ConfigurationPartsBuilder {
String uriStr = profileElem.getAttribute("uri");
String signerCertsUriStr = profileElem.getAttribute("signerCertsUri");
- boolean createTrustProfile = true;
-
URI uri = null;
try
{
@@ -841,23 +839,23 @@ public class ConfigurationPartsBuilder {
}
catch (URIException e) {
warn("config.14", new Object[] { "uri", id, uriStr }, e);
- createTrustProfile = false;
+ continue;
}
catch (MalformedURLException e)
{
warn("config.15", new Object[] {id}, e);
- createTrustProfile = false;
+ continue;
}
File profileDir = new File(uri.getPath());
if (!profileDir.exists() || !profileDir.isDirectory()) {
warn("config.27", new Object[] { "uri", id });
- createTrustProfile = false;
+ continue;
}
if (trustProfiles.containsKey(id)) {
warn("config.04", new Object[] { "TrustProfile", id });
- createTrustProfile = false;
+ continue;
}
URI signerCertsUri = null;
@@ -866,28 +864,27 @@ public class ConfigurationPartsBuilder {
try
{
signerCertsUri = new URI(signerCertsUriStr);
- if (!signerCertsUri.isAbsolute()) uri = new URI(configRoot.toURL() + signerCertsUriStr);
+ if (!signerCertsUri.isAbsolute()) signerCertsUri = new URI(configRoot.toURL() + signerCertsUriStr);
File signerCertsDir = new File(signerCertsUri.getPath());
if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) {
warn("config.27", new Object[] { "signerCertsUri", id });
- createTrustProfile = false;
+ continue;
}
}
catch (URIException e) {
warn("config.14", new Object[] { "signerCertsUri", id, uriStr }, e);
- createTrustProfile = false;
+ continue;
}
catch (MalformedURLException e) {
warn("config.15", new Object[] {id}, e);
- createTrustProfile = false;
+ continue;
}
}
- if (createTrustProfile) {
- TrustProfile profile = new TrustProfile(id, uri.toString(), signerCertsUri.toString());
- trustProfiles.put(id, profile);
- }
+ signerCertsUriStr = (signerCertsUri != null) ? signerCertsUri.toString() : null;
+ TrustProfile profile = new TrustProfile(id, uri.toString(), signerCertsUriStr);
+ trustProfiles.put(id, profile);
}
return trustProfiles;
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index e8b2a5e10..1f9d45ed1 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -20,6 +20,7 @@ import iaik.x509.X509Certificate;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
+import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
@@ -241,6 +242,8 @@ public class XMLSignatureVerificationInvoker {
private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, TrustProfile trustProfile)
throws MOAException
{
+ MessageProvider msg = MessageProvider.getInstance();
+
int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue();
if (resultCode == 0 && trustProfile.getSignerCertsUri() != null)
{
@@ -275,14 +278,21 @@ public class XMLSignatureVerificationInvoker {
try
{
X509Certificate currentCert = new X509Certificate(currentFIS);
+ currentFIS.close();
if (currentCert.equals(signerCertificate)) break;
}
catch (Exception e)
{
// Simply ignore file if it cannot be interpreted as certificate
- Logger.warn("Signatorzertifiat aus Trustprofile mit id=" +
- trustProfile.getId() + " kann nicht geparst werden: " +
- e.getMessage());
+ String logMsg = msg.getMessage("invoker.03", new Object[]{trustProfile.getId(), files[i].getName()});
+ Logger.warn(logMsg);
+ try
+ {
+ currentFIS.close();
+ }
+ catch (IOException e1) {
+ // If clean-up fails, do nothing
+ }
}
}
}