aboutsummaryrefslogtreecommitdiff
path: root/spss/server/tools/src/main
diff options
context:
space:
mode:
authorkstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>2012-02-20 11:21:24 +0000
committerkstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>2012-02-20 11:21:24 +0000
commitd3352bc9db1891c8f90f8c542eac65da64a234d3 (patch)
treef7b7c932e39e201d22ef5232bf90081c2d357885 /spss/server/tools/src/main
parent9b1af165432c82d64f49d3e3730534b224230b53 (diff)
parentb858a62942137068394790a22c10b968e1c41e0f (diff)
downloadmoa-id-spss-d3352bc9db1891c8f90f8c542eac65da64a234d3.tar.gz
moa-id-spss-d3352bc9db1891c8f90f8c542eac65da64a234d3.tar.bz2
moa-id-spss-d3352bc9db1891c8f90f8c542eac65da64a234d3.zip
MOA-IDSPSS Release 1.5.1.tags/1.5.1
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/tags/1.5.1@1271 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'spss/server/tools/src/main')
-rw-r--r--spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java266
-rw-r--r--spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/ConfigTool.java83
-rw-r--r--spss/server/tools/src/main/resources/tools/ConfigurationMapper.xsl343
-rw-r--r--spss/server/tools/src/main/scripts/certtool.bat25
-rw-r--r--spss/server/tools/src/main/scripts/certtool.sh20
-rw-r--r--spss/server/tools/src/main/scripts/configtool.bat25
-rw-r--r--spss/server/tools/src/main/scripts/configtool.sh20
7 files changed, 782 insertions, 0 deletions
diff --git a/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java b/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java
new file mode 100644
index 000000000..0c144ce73
--- /dev/null
+++ b/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java
@@ -0,0 +1,266 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.tools;
+
+import java.io.BufferedInputStream;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.PrintStream;
+import java.security.cert.CertificateException;
+
+import iaik.asn1.structures.Name;
+import iaik.pki.store.certstore.CertStoreException;
+import iaik.pki.store.certstore.CertStoreTypes;
+import iaik.pki.store.certstore.directory.DirectoryCertStore;
+import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
+import iaik.pki.store.certstore.directory.DirectoryStoreException;
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.provider.IAIK;
+import iaik.utils.RFC2253NameParserException;
+import iaik.x509.X509Certificate;
+
+/**
+ * A tool to support X509 certificate handling for configuring the MOA SP/SS
+ * service.
+ *
+ * This class provides functions for:
+ * <ul>
+ * <li>printing certificate information</li>
+ * <li>adding certificates to the cert store</li>
+ * </ul>
+ *
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CertTool {
+
+ /** Error message if the DN cannot be parsed according to RFC2253. */
+ private static final String ILLEGAL_RFC2253_NAME =
+ "Kein gültiger RFC2253-Name";
+
+ /**
+ * Main entry point of the tool.
+ *
+ * @param args The command line arguments. A single argument is expected,
+ * which is the file name of the X509 certificate to inspect.
+ */
+ public static void main(String args[]) {
+ CertTool certTool = new CertTool();
+
+ if (args.length == 2 && "-info".equals(args[0])) {
+ initProviders();
+ certTool.printCertInfo(args[1], System.out);
+ } else if (args.length == 3 && "-add".equals(args[0])) {
+ initProviders();
+ certTool.addCertToCertStore(args[1], args[2]);
+ } else {
+ certTool.printUsage(System.err);
+ }
+ }
+
+ /**
+ * Init the JCE providers, depending on the JDK used.
+ *
+ * Adds the IAIK JCE and IAIK ECC providers.
+ */
+ private static void initProviders() {
+ if (System.getProperty("java.version").startsWith("1.3")) {
+ IAIK.addAsProvider();
+ } else {
+ IAIK.addAsJDK14Provider();
+ }
+ ECCProvider.addAsProvider();
+ }
+
+ /**
+ * Print the information about the certificate.
+ *
+ * This method will output information about the Subject DN, the Issuer DN and
+ * the serial number of the certificate.
+ *
+ * @param certFile The name of the certificate file to inspect.
+ * @param out The stream to print the information to.
+ */
+ public void printCertInfo(String certFile, PrintStream out) {
+ try {
+ InputStream is = new BufferedInputStream(new FileInputStream(certFile));
+ X509Certificate cert = new X509Certificate(is);
+ String issuerDN;
+ String serial;
+ String subjectDN;
+
+ try {
+ subjectDN = ((Name) (cert.getSubjectDN())).getRFC2253String();
+ } catch (RFC2253NameParserException e) {
+ subjectDN = ILLEGAL_RFC2253_NAME;
+ }
+
+ try {
+ issuerDN = ((Name) (cert.getIssuerDN())).getRFC2253String();
+ } catch (RFC2253NameParserException e) {
+ issuerDN = ILLEGAL_RFC2253_NAME;
+ }
+
+ serial = cert.getSerialNumber().toString();
+
+ out.println("SubjectDN (RFC2253): " + subjectDN);
+ out.println("IssuerDN (RFC2253) : " + issuerDN);
+ out.println("Serial Number : " + serial);
+ } catch (FileNotFoundException e) {
+ System.err.println("Zertifikat nicht gefunden: " + certFile);
+ } catch (IOException e) {
+ System.err.println(
+ "I/O Fehler beim Lesen des Zertifikats: " + e.getMessage());
+ } catch (CertificateException e) {
+ System.err.println(
+ "Fehler beim Lesen des Zertifikats: " + e.getMessage());
+ } catch (Throwable t) {
+ System.err.println("Allgemeiner Fehler: " + t.getMessage());
+ }
+ }
+
+ /**
+ * Add a certificate to a directory certificate store.
+ *
+ * @param certFile The certificate to add.
+ * @param certStoreRoot The root directory of the certificate store.
+ */
+ public void addCertToCertStore(String certFile, String certStoreRoot) {
+ try {
+ // read the certificate
+ InputStream is = new BufferedInputStream(new FileInputStream(certFile));
+ X509Certificate cert = new X509Certificate(is);
+
+ // initialize the DirectoryCertStore
+ DirectoryCertStore certStore =
+ new DirectoryCertStore(
+ new SimpleDirectoryCertStoreParameters(certStoreRoot),
+ null);
+
+ certStore.storeCertificate(cert, null);
+
+ System.out.println("\nDas Zertifikat wurde erfolreich hinzugefügt.\n");
+
+ } catch (FileNotFoundException e) {
+ System.err.println("Zertifikat nicht gefunden: " + certFile);
+ } catch (IOException e) {
+ System.err.println(
+ "I/O Fehler beim Lesen des Zertifikats: " + e.getMessage());
+ } catch (CertificateException e) {
+ System.err.println(
+ "Fehler beim Lesen des Zertifikats: " + e.getMessage());
+ } catch (DirectoryStoreException e) {
+ System.err.println(
+ "Fehler beim Öffnen des Zertifikatsspeichers: " + e.getMessage());
+ } catch (CertStoreException e) {
+ System.err.println(
+ "Fehler beim Hinzufügen des Zertifikats: " + e.getMessage());
+ } catch (Throwable t) {
+ System.err.println("Allgemeiner Fehler: " + t.getMessage());
+ t.printStackTrace();
+ }
+ }
+
+ /**
+ * Print tool usage.
+ *
+ * @param out The <code>PrintStream</code> to print to.
+ */
+ private void printUsage(PrintStream out) {
+ out.println("\nCerttool-Syntax:\n");
+ out.println("-info <X509 Zertifikatsdatei");
+ out.println();
+ out.println("-add <X509 Zertifikatsdatei> <Zertifikatsspeicher>");
+ out.println("\n");
+ }
+
+}
+
+/**
+ * Simple implementation of the <code>DirectoryCertStoreParameters</code>
+ * interface intelligent enough for setting up a simple
+ * <code>DirectoryCertStore</code> in the <code>CertTool</code>.
+ *
+ * @author Patrick Peck
+ * @version $Id$
+ */
+class SimpleDirectoryCertStoreParameters
+ implements DirectoryCertStoreParameters {
+
+ /** The cert store root directory. */
+ private String rootDirectory;
+
+ /**
+ * Create a new <code>SimpleDirectoryCertStoreParameters</code> object.
+ *
+ * @param rootDirectory The root directory of the cert store.
+ */
+ public SimpleDirectoryCertStoreParameters(String rootDirectory) {
+ this.rootDirectory = rootDirectory;
+ }
+
+ /**
+ * @return <code>&quot;MOA Directory CertStore&quot;</code>
+ * @see iaik.pki.store.certstore.CertStoreParameters#getId()
+ */
+ public String getId() {
+ return "MOA Directory CertStore";
+ }
+
+ /**
+ * @return CertStoreTypes.DIRECTORY
+ * @see iaik.pki.store.certstore.CertStoreParameters#getType()
+ */
+ public String getType() {
+ return CertStoreTypes.DIRECTORY;
+ }
+
+ /**
+ * @return <code>false</code>
+ * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
+ */
+ public boolean isReadOnly() {
+ return false;
+ }
+
+ /**
+ * @return <code>false</code>
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
+ */
+ public boolean createNew() {
+ return false;
+ }
+
+ /**
+ * @return The root directory given at construction time.
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
+ */
+ public String getRootDirectory() {
+ return rootDirectory;
+ }
+
+} \ No newline at end of file
diff --git a/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/ConfigTool.java b/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/ConfigTool.java
new file mode 100644
index 000000000..d4393b342
--- /dev/null
+++ b/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/ConfigTool.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.tools;
+
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.transform.stream.StreamSource;
+
+/**
+ * A tool for converting a MOA SPSS Version 1.0 configuration file into
+ * a Version 1.3 configuration file.
+ *
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public class ConfigTool
+{
+ public static void main(String[] args)
+ {
+ if (args == null || args.length != 2)
+ {
+ System.out.println("Usage: ConfigTool <MOA.SPSS.1-0.ConfigFile.xml> <MOA.SPSS.1-4.5.ConfigFile.xml>");
+ System.out.println(" <MOA.SPSS.1-0.ConfigFile.xml> ... Old config file to be transformed");
+ System.out.println(" <MOA.SPSS.1-4.5.ConfigFile.xml> ... New config file resulting from the transform");
+ System.exit(-1);
+ }
+
+ try
+ {
+ TransformerFactory tFactory = TransformerFactory.newInstance();
+ Transformer transformer = tFactory.newTransformer(new StreamSource(
+ ConfigTool.class.getResourceAsStream("/resources/tools/ConfigurationMapper.xsl")));
+ transformer.transform(new StreamSource(args[0]), new StreamResult(new FileOutputStream(args[1])));
+
+ System.out.println("Successfully mapped configuration file.");
+ }
+ catch (TransformerConfigurationException e)
+ {
+ System.err.println("An error occurred during mapping the configuration file:");
+ System.err.println(" Cannot initialize XSLT transform.");
+ System.err.println(" " + e.getMessage());
+ }
+ catch (FileNotFoundException e)
+ {
+ System.err.println("An error occurred during mapping the configuration file:");
+ System.err.println(" There is a problem with the filename for the new configuration file.");
+ System.err.println(" " + e.getMessage());
+ }
+ catch (TransformerException e)
+ {
+ System.err.println("An error occurred during mapping the configuration file:");
+ System.err.println(" " + e.getMessage());
+ }
+ }
+}
diff --git a/spss/server/tools/src/main/resources/tools/ConfigurationMapper.xsl b/spss/server/tools/src/main/resources/tools/ConfigurationMapper.xsl
new file mode 100644
index 000000000..fd47cbf84
--- /dev/null
+++ b/spss/server/tools/src/main/resources/tools/ConfigurationMapper.xsl
@@ -0,0 +1,343 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#">
+ <xsl:output encoding="UTF-8" indent="yes" method="xml"/>
+ <xsl:template match="/">
+ <xsl:apply-templates/>
+ </xsl:template>
+ <xsl:template match="cfg:MOAConfiguration">
+ <xsl:comment>MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper</xsl:comment>
+ <cfg:MOAConfiguration>
+ <xsl:if test="cfg:HardwareCryptoModule">
+ <cfg:Common>
+ <xsl:for-each select="cfg:HardwareCryptoModule">
+ <cfg:HardwareCryptoModule>
+ <cfg:Name>
+ <xsl:value-of select="@name"/>
+ </cfg:Name>
+ <xsl:if test="@slotID">
+ <cfg:SlotId>
+ <xsl:value-of select="@slotID"/>
+ </cfg:SlotId>
+ </xsl:if>
+ <cfg:UserPIN>
+ <xsl:value-of select="@userPIN"/>
+ </cfg:UserPIN>
+ </cfg:HardwareCryptoModule>
+ </xsl:for-each>
+ </cfg:Common>
+ </xsl:if>
+ <xsl:if test="cfg:KeyGroup">
+ <cfg:SignatureCreation>
+ <cfg:KeyModules>
+ <xsl:apply-templates select="cfg:HardwareKeyModule | cfg:SoftwareKeyModule"/>
+ </cfg:KeyModules>
+ <xsl:apply-templates select="cfg:KeyGroup"/>
+ <xsl:apply-templates select="cfg:KeyGroupMapping"/>
+ <cfg:XMLDSig>
+ <cfg:CanonicalizationAlgorithm>
+ <xsl:choose>
+ <xsl:when test="cfg:CanonicalizationAlgorithm">
+ <xsl:value-of select="cfg:CanonicalizationAlgorithm/@name"/>
+ </xsl:when>
+ <xsl:otherwise>http://www.w3.org/TR/2001/REC-xml-c14n-20010315</xsl:otherwise>
+ </xsl:choose>
+ </cfg:CanonicalizationAlgorithm>
+ <cfg:DigestMethodAlgorithm>
+ <xsl:choose>
+ <xsl:when test="cfg:DigestMethodAlgorithm">
+ <xsl:value-of select="cfg:DigestMethodAlgorithm/@name"/>
+ </xsl:when>
+ <xsl:otherwise>http://www.w3.org/2000/09/xmldsig#sha1</xsl:otherwise>
+ </xsl:choose>
+ </cfg:DigestMethodAlgorithm>
+ </cfg:XMLDSig>
+ <xsl:for-each select="cfg:CreateTransformsInfoProfile">
+ <cfg:CreateTransformsInfoProfile>
+ <xsl:apply-templates select="."/>
+ </cfg:CreateTransformsInfoProfile>
+ </xsl:for-each>
+ <xsl:for-each select="cfg:CreateSignatureEnvironmentProfile">
+ <cfg:CreateSignatureEnvironmentProfile>
+ <xsl:apply-templates select="."/>
+ </cfg:CreateSignatureEnvironmentProfile>
+ </xsl:for-each>
+ </cfg:SignatureCreation>
+ </xsl:if>
+ <xsl:if test="cfg:TrustProfile">
+ <cfg:SignatureVerification>
+ <xsl:call-template name="CertificateValidation"/>
+ </cfg:SignatureVerification>
+ </xsl:if>
+ </cfg:MOAConfiguration>
+ </xsl:template>
+ <xsl:template match="cfg:SoftwareKeyModule">
+ <cfg:SoftwareKeyModule>
+ <cfg:Id>
+ <xsl:value-of select="@id"/>
+ </cfg:Id>
+ <cfg:FileName>
+ <xsl:value-of select="@filename"/>
+ </cfg:FileName>
+ <xsl:if test="@password">
+ <cfg:Password>
+ <xsl:value-of select="@password"/>
+ </cfg:Password>
+ </xsl:if>
+ </cfg:SoftwareKeyModule>
+ </xsl:template>
+ <xsl:template match="cfg:HardwareKeyModule">
+ <cfg:HardwareKeyModule>
+ <cfg:Id>
+ <xsl:value-of select="@id"/>
+ </cfg:Id>
+ <cfg:Name>
+ <xsl:value-of select="@name"/>
+ </cfg:Name>
+ <xsl:if test="@slotID">
+ <cfg:SlotId>
+ <xsl:value-of select="@slotID"/>
+ </cfg:SlotId>
+ </xsl:if>
+ <cfg:UserPIN>
+ <xsl:value-of select="@userPIN"/>
+ </cfg:UserPIN>
+ </cfg:HardwareKeyModule>
+ </xsl:template>
+ <xsl:template match="cfg:KeyGroup">
+ <cfg:KeyGroup>
+ <cfg:Id>
+ <xsl:value-of select="@id"/>
+ </cfg:Id>
+ <xsl:for-each select="cfg:Key">
+ <cfg:Key>
+ <cfg:KeyModuleId>
+ <xsl:value-of select="cfg:KeyModuleID"/>
+ </cfg:KeyModuleId>
+ <cfg:KeyCertIssuerSerial>
+ <dsig:X509IssuerName>
+ <xsl:value-of select="cfg:KeyCertIssuerSerial/dsig:X509IssuerName"/>
+ </dsig:X509IssuerName>
+ <dsig:X509SerialNumber>
+ <xsl:value-of select="cfg:KeyCertIssuerSerial/dsig:X509SerialNumber"/>
+ </dsig:X509SerialNumber>
+ </cfg:KeyCertIssuerSerial>
+ </cfg:Key>
+ </xsl:for-each>
+ </cfg:KeyGroup>
+ </xsl:template>
+ <xsl:template match="cfg:KeyGroupMapping">
+ <cfg:KeyGroupMapping>
+ <xsl:if test="cfg:X509IssuerSerial">
+ <cfg:CustomerId>
+ <dsig:X509IssuerName>
+ <xsl:value-of select="cfg:X509IssuerSerial/dsig:X509IssuerName"/>
+ </dsig:X509IssuerName>
+ <dsig:X509SerialNumber>
+ <xsl:value-of select="cfg:X509IssuerSerial/dsig:X509SerialNumber"/>
+ </dsig:X509SerialNumber>
+ </cfg:CustomerId>
+ </xsl:if>
+ <xsl:for-each select="cfg:KeyGroup">
+ <cfg:KeyGroupId>
+ <xsl:value-of select="@id"/>
+ </cfg:KeyGroupId>
+ </xsl:for-each>
+ </cfg:KeyGroupMapping>
+ </xsl:template>
+ <xsl:template match="cfg:CreateTransformsInfoProfile | cfg:CreateSignatureEnvironmentProfile | cfg:VerifyTransformsInfoProfile | cfg:SupplementProfile">
+ <cfg:Id>
+ <xsl:value-of select="@id"/>
+ </cfg:Id>
+ <cfg:Location>
+ <xsl:value-of select="@filename"/>
+ </cfg:Location>
+ </xsl:template>
+ <xsl:template name="CertificateValidation">
+ <cfg:CertificateValidation>
+ <cfg:PathConstruction>
+ <cfg:AutoAddCertificates>
+ <xsl:call-template name="GetGenericValue">
+ <xsl:with-param name="GenericName" select="'autoAddCertificates'"/>
+ <xsl:with-param name="DefaultValue" select="'true'"/>
+ </xsl:call-template>
+ </cfg:AutoAddCertificates>
+ <cfg:UseAuthorityInformationAccess>
+ <xsl:call-template name="GetGenericValue">
+ <xsl:with-param name="GenericName" select="'useAuthorityInfoAccess'"/>
+ <xsl:with-param name="DefaultValue" select="'true'"/>
+ </xsl:call-template>
+ </cfg:UseAuthorityInformationAccess>
+ <cfg:CertificateStore>
+ <cfg:DirectoryStore>
+ <cfg:Location>
+ <xsl:call-template name="GetGenericValue">
+ <xsl:with-param name="GenericName" select="'DirectoryCertStoreParameters.RootDir'"/>
+ <xsl:with-param name="DefaultValue" select="'certstore'"/>
+ </xsl:call-template>
+ </cfg:Location>
+ </cfg:DirectoryStore>
+ </cfg:CertificateStore>
+ </cfg:PathConstruction>
+ <cfg:PathValidation>
+ <cfg:ChainingMode>
+ <cfg:DefaultMode>
+ <xsl:choose>
+ <xsl:when test="cfg:ChainingModes/@systemDefaultMode">
+ <xsl:value-of select="cfg:ChainingModes/@systemDefaultMode"/>
+ </xsl:when>
+ <xsl:otherwise>pkix</xsl:otherwise>
+ </xsl:choose>
+ </cfg:DefaultMode>
+ <xsl:for-each select="cfg:ChainingModes/cfg:TrustAnchor">
+ <cfg:TrustAnchor>
+ <cfg:Identification>
+ <dsig:X509IssuerName>
+ <xsl:value-of select="dsig:X509IssuerName"/>
+ </dsig:X509IssuerName>
+ <dsig:X509SerialNumber>
+ <xsl:value-of select="dsig:X509SerialNumber"/>
+ </dsig:X509SerialNumber>
+ </cfg:Identification>
+ <cfg:Mode>
+ <xsl:value-of select="@mode"/>
+ </cfg:Mode>
+ </cfg:TrustAnchor>
+ </xsl:for-each>
+ </cfg:ChainingMode>
+ <xsl:for-each select="cfg:TrustProfile">
+ <cfg:TrustProfile>
+ <cfg:Id>
+ <xsl:value-of select="@id"/>
+ </cfg:Id>
+ <cfg:TrustAnchorsLocation>
+ <xsl:value-of select="@uri"/>
+ </cfg:TrustAnchorsLocation>
+ <xsl:if test="@signerCertsUri">
+ <cfg:SignerCertsLocation>
+ <xsl:value-of select="@signerCertsUri"/>
+ </cfg:SignerCertsLocation>
+ </xsl:if>
+ </cfg:TrustProfile>
+ </xsl:for-each>
+ </cfg:PathValidation>
+ <cfg:RevocationChecking>
+ <cfg:EnableChecking>
+ <xsl:call-template name="GetGenericValue">
+ <xsl:with-param name="GenericName" select="'checkRevocation'"/>
+ <xsl:with-param name="DefaultValue" select="'true'"/>
+ </xsl:call-template>
+ </cfg:EnableChecking>
+ <cfg:MaxRevocationAge>
+ <xsl:call-template name="GetGenericValue">
+ <xsl:with-param name="GenericName" select="'maxRevocationAge'"/>
+ <xsl:with-param name="DefaultValue" select="'0'"/>
+ </xsl:call-template>
+ </cfg:MaxRevocationAge>
+ <cfg:ServiceOrder>
+ <cfg:Service>CRL</cfg:Service>
+ <cfg:Service>OCSP</cfg:Service>
+ </cfg:ServiceOrder>
+ <cfg:Archiving>
+ <cfg:EnableArchiving>
+ <xsl:call-template name="GetGenericValue">
+ <xsl:with-param name="GenericName" select="'archiveRevocationInfo'"/>
+ <xsl:with-param name="DefaultValue" select="'false'"/>
+ </xsl:call-template>
+ </cfg:EnableArchiving>
+ <cfg:ArchiveDuration>
+ <xsl:choose>
+ <xsl:when test="cfg:CRLArchive/@duration">
+ <xsl:value-of select="cfg:CRLArchive/@duration"/>
+ </xsl:when>
+ <xsl:otherwise>365</xsl:otherwise>
+ </xsl:choose>
+ </cfg:ArchiveDuration>
+ <cfg:Archive>
+ <cfg:DatabaseArchive>
+ <cfg:JDBCURL>
+ <xsl:call-template name="GetGenericValue">
+ <xsl:with-param name="GenericName" select="'DataBaseArchiveParameter.JDBCUrl'"/>
+ <xsl:with-param name="DefaultValue" select="'jdbc:url'"/>
+ </xsl:call-template>
+ </cfg:JDBCURL>
+ <cfg:JDBCDriverClassName>
+ <xsl:call-template name="GetGenericValue">
+ <xsl:with-param name="GenericName" select="'DataBaseArchiveParameter.JDBCDriverClass'"/>
+ <xsl:with-param name="DefaultValue" select="'fully.qualified.classname'"/>
+ </xsl:call-template>
+ </cfg:JDBCDriverClassName>
+ </cfg:DatabaseArchive>
+ </cfg:Archive>
+ </cfg:Archiving>
+ <xsl:for-each select="cfg:CRLDistributionPoint">
+ <cfg:DistributionPoint>
+ <cfg:CAIssuerDN>
+ <xsl:value-of select="cfg:CAIssuerDN"/>
+ </cfg:CAIssuerDN>
+ <xsl:for-each select="cfg:DistributionPoint">
+ <cfg:CRLDP>
+ <cfg:Location>
+ <xsl:value-of select="@uri"/>
+ </cfg:Location>
+ <xsl:if test="contains(@reasonCodes, 'all')">
+ <cfg:ReasonCode>all</cfg:ReasonCode>
+ </xsl:if>
+ <xsl:if test="contains(@reasonCodes, 'unused')">
+ <cfg:ReasonCode>unused</cfg:ReasonCode>
+ </xsl:if>
+ <xsl:if test="contains(@reasonCodes, 'keyCompromise')">
+ <cfg:ReasonCode>keyCompromise</cfg:ReasonCode>
+ </xsl:if>
+ <xsl:if test="contains(@reasonCodes, 'cACompromise')">
+ <cfg:ReasonCode>cACompromise</cfg:ReasonCode>
+ </xsl:if>
+ <xsl:if test="contains(@reasonCodes, 'affiliationChanged')">
+ <cfg:ReasonCode>affiliationChanged</cfg:ReasonCode>
+ </xsl:if>
+ <xsl:if test="contains(@reasonCodes, 'superseded')">
+ <cfg:ReasonCode>superseded</cfg:ReasonCode>
+ </xsl:if>
+ <xsl:if test="contains(@reasonCodes, 'cessationOfOperation')">
+ <cfg:ReasonCode>cessationOfOperation</cfg:ReasonCode>
+ </xsl:if>
+ <xsl:if test="contains(@reasonCodes, 'certificateHold')">
+ <cfg:ReasonCode>certificateHold</cfg:ReasonCode>
+ </xsl:if>
+ <xsl:if test="contains(@reasonCodes, 'privilegeWithdrawn')">
+ <cfg:ReasonCode>privilegeWithdrawn</cfg:ReasonCode>
+ </xsl:if>
+ <xsl:if test="contains(@reasonCodes, 'aACompromise')">
+ <cfg:ReasonCode>aACompromise</cfg:ReasonCode>
+ </xsl:if>
+ </cfg:CRLDP>
+ </xsl:for-each>
+ </cfg:DistributionPoint>
+ </xsl:for-each>
+ </cfg:RevocationChecking>
+ </cfg:CertificateValidation>
+ <xsl:for-each select="cfg:VerifyTransformsInfoProfile">
+ <cfg:VerifyTransformsInfoProfile>
+ <xsl:apply-templates select="."/>
+ </cfg:VerifyTransformsInfoProfile>
+ </xsl:for-each>
+ <xsl:for-each select="cfg:SupplementProfile">
+ <cfg:SupplementProfile>
+ <xsl:apply-templates select="."/>
+ </cfg:SupplementProfile>
+ </xsl:for-each>
+ </xsl:template>
+ <xsl:template name="GetGenericValue">
+ <xsl:param name="GenericName"/>
+ <xsl:param name="DefaultValue"/>
+ <xsl:choose>
+ <xsl:when test="cfg:GenericConfiguration[@name=$GenericName]">
+ <xsl:value-of select="cfg:GenericConfiguration[@name=$GenericName]/@value"/>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:if test="$DefaultValue != ''">
+ <xsl:value-of select="$DefaultValue"/>
+ </xsl:if>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/spss/server/tools/src/main/scripts/certtool.bat b/spss/server/tools/src/main/scripts/certtool.bat
new file mode 100644
index 000000000..ae55bc4a5
--- /dev/null
+++ b/spss/server/tools/src/main/scripts/certtool.bat
@@ -0,0 +1,25 @@
+@echo off
+
+rem
+rem Script to invoke the CertTool class
+rem
+rem Author: Patrick Peck
+rem Version: $Id: certtool.bat,v 1.6 2003/05/08 11:46:29 peck Exp $
+rem
+
+
+if %OS%=="Windows_NT" @setlocal
+
+set CERTTOOL=at.gv.egovernment.moa.spss.server.tools.CertTool
+set TOOLSPATH=%~p0
+set CLASSPATH=%TOOLSPATH%tools.jar;%TOOLSPATH%iaik_moa.jar;%TOOLSPATH%iaik_jce_full.jar;%TOOLSPATH%iaik_ecc.jar;%TOOLSPATH%log4j.jar
+
+if "%JAVA_HOME%"=="" goto noJavaHome
+%JAVA_HOME%\bin\java.exe -classpath %CLASSPATH% %CERTTOOL% %1 %2 %3 %4 %5 %6 %7 %8 %9
+goto end
+
+:noJavaHome
+echo error: JAVA_HOME not defined
+
+:end
+if %OS%=="Windows_NT" @endlocal \ No newline at end of file
diff --git a/spss/server/tools/src/main/scripts/certtool.sh b/spss/server/tools/src/main/scripts/certtool.sh
new file mode 100644
index 000000000..721eff4d8
--- /dev/null
+++ b/spss/server/tools/src/main/scripts/certtool.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+#
+# Script to invoke the CertTool class
+#
+# Author:Patrick Peck
+# Version: $Id: certtool.sh,v 1.9 2003/06/23 16:01:27 peck Exp $
+#
+
+
+if [ -z "$JAVA_HOME" ]; then
+ echo "error: JAVA_HOME not defined";
+ exit;
+fi
+
+CERTOOL=at.gv.egovernment.moa.spss.server.tools.CertTool
+TOOLSPATH=`dirname $PWD/$0`
+CLASSPATH=$TOOLSPATH/tools.jar:$TOOLSPATH/iaik_moa.jar:$TOOLSPATH/iaik_jce_full.jar:$TOOLSPATH/iaik_ecc.jar:$TOOLSPATH/log4j.jar
+
+$JAVA_HOME/bin/java -classpath $CLASSPATH $CERTOOL $*
diff --git a/spss/server/tools/src/main/scripts/configtool.bat b/spss/server/tools/src/main/scripts/configtool.bat
new file mode 100644
index 000000000..868df11f0
--- /dev/null
+++ b/spss/server/tools/src/main/scripts/configtool.bat
@@ -0,0 +1,25 @@
+@echo off
+
+rem
+rem Script to invoke the ConfigTool class
+rem
+rem Author: Gregor Karlinger
+rem Version: $Id: $
+rem
+
+
+if %OS%=="Windows_NT" @setlocal
+
+set CONFIGTOOL=at.gv.egovernment.moa.spss.server.tools.ConfigTool
+set TOOLSPATH=%~p0
+set CLASSPATH=%TOOLSPATH%tools.jar;%TOOLSPATH%xalan.jar;
+
+if "%JAVA_HOME%"=="" goto noJavaHome
+%JAVA_HOME%\bin\java.exe -classpath %CLASSPATH% %CONFIGTOOL% %1 %2 %3 %4 %5 %6 %7 %8 %9
+goto end
+
+:noJavaHome
+echo error: JAVA_HOME not defined
+
+:end
+if %OS%=="Windows_NT" @endlocal \ No newline at end of file
diff --git a/spss/server/tools/src/main/scripts/configtool.sh b/spss/server/tools/src/main/scripts/configtool.sh
new file mode 100644
index 000000000..f7f29bae1
--- /dev/null
+++ b/spss/server/tools/src/main/scripts/configtool.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+#
+# Script to invoke the ConfigTool class
+#
+# Author: Gregor Karlinger
+# Version: $Id: $
+#
+
+
+if [ -z "$JAVA_HOME" ]; then
+ echo "error: JAVA_HOME not defined";
+ exit;
+fi
+
+CONFIGTOOL=at.gv.egovernment.moa.spss.server.tools.ConfigTool
+TOOLSPATH=`dirname $PWD/$0`
+CLASSPATH=$TOOLSPATH/tools.jar:$TOOLSPATH/xalan.jar
+
+$JAVA_HOME/bin/java -classpath $CLASSPATH $CONFIGTOOL $*