diff options
| author | kstranacher_eGovL <kstranacher_eGovL@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2012-12-27 21:25:50 +0000 |
|---|---|---|
| committer | kstranacher_eGovL <kstranacher_eGovL@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2012-12-27 21:25:50 +0000 |
| commit | 5e72494c61164869fbb605a134fe224ac5d5e7d8 (patch) | |
| tree | 236655553ac41579ac6b97cd14d7c040b583e3a4 /spss/server | |
| parent | c0374673df99e32bbe41ebfc3cde58630d853ede (diff) | |
| download | moa-id-spss-5e72494c61164869fbb605a134fe224ac5d5e7d8.tar.gz moa-id-spss-5e72494c61164869fbb605a134fe224ac5d5e7d8.tar.bz2 moa-id-spss-5e72494c61164869fbb605a134fe224ac5d5e7d8.zip | |
Update Integration TSL Library
Update MOA-SP documentation
Update repository (for TSL integration)
Update MOA-ID (Organwalter bPK from MIS)
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1302 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'spss/server')
18 files changed, 315 insertions, 172 deletions
diff --git a/spss/server/history.txt b/spss/server/history.txt index 7154bd22f..7d1d3d323 100644 --- a/spss/server/history.txt +++ b/spss/server/history.txt @@ -1,4 +1,16 @@ ############## +1.5.2 +############## + +- TSL Unterstützung +- Libraries aktualisiert bzw. hinzugefügt: + iaik-moa: Version 1.32 ? + iaik-ixsil: Version 1.2.2.5 ? + Axis: Version 1.0_IAIK ? + iaik-tsl Versio x.x + + +############## 1.5.1 ############## diff --git a/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs b/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs index 7dfadf4fe..81f1dbf57 100644 --- a/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs +++ b/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs @@ -1,4 +1,4 @@ -#Tue Dec 18 14:23:26 CET 2012
+#Thu Dec 27 13:40:40 CET 2012
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml index 3679d8190..656f15b87 100644 --- a/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -4,4 +4,4 @@ <fixed facet="jst.utility"/>
<installed facet="jst.utility" version="1.0"/>
<installed facet="jst.java" version="5.0"/>
-</faceted-project>
+</faceted-project>
\ No newline at end of file diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index 481464f63..d425edb83 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -143,40 +143,33 @@ </dependency>
<dependency>
- <groupId>iaik</groupId>
+ <groupId>iaik.prod</groupId>
<artifactId>iaik_tsl</artifactId>
- <!-- <version>0.0.1-SNAPSHOT</version> -->
</dependency>
<dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik.util</artifactId>
- <!-- <version>0.23</version> -->
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_util</artifactId>
</dependency>
<dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik.xsect</artifactId>
- <!-- <version>1.1709142</version> -->
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_xsect</artifactId>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
- <!-- <version>2.2.6</version>-->
- </dependency>
+ </dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
- <!-- <version>2.2.5</version>-->
</dependency>
<dependency>
<groupId>org.xerial</groupId>
<artifactId>sqlite-jdbc</artifactId>
- <!-- <version>3.7.8-SNAPSHOT</version>-->
- </dependency>
+ </dependency>
<dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik.jsse</artifactId>
- <!-- <version>4.4</version>-->
- </dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_jsse</artifactId>
+ </dependency>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java index 1971096a8..7ad838822 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java @@ -99,7 +99,6 @@ public class VerifyCMSSignatureResponseBuilder { CheckResult signatureCheck = responseElement.getSignatureCheck(); CheckResult certCheck = responseElement.getCertificateCheck(); - // TODO CMS TSL check ResponseBuilderUtils.addSignerInfo( responseDoc, responseElem, @@ -107,7 +106,7 @@ public class VerifyCMSSignatureResponseBuilder { signerInfo.isQualifiedCertificate(), signerInfo.isPublicAuthority(), signerInfo.getPublicAuhtorityID(), - false); + signerInfo.isSSCD()); ResponseBuilderUtils.addCodeInfoElement( responseDoc, diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index c9b76dd7e..d9e20fda9 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -135,7 +135,7 @@ public class SystemInitializer { //start TSL Update TSLUpdaterTimerTask.tslconnector_ = tslconnector; - TSLUpdaterTimerTask.update(); + //TSLUpdaterTimerTask.update(); //initialize TSL Update Task initTSLUpdateTask(tslconfig); @@ -147,20 +147,20 @@ public class SystemInitializer { catch (TSLEngineDiedException e) { Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); } - catch (TSLSearchException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } - catch (CertStoreException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } catch (TrustStoreException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } catch (CertificateException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } catch (FileNotFoundException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } catch (IOException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } +// catch (TSLSearchException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } +// catch (CertStoreException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } catch (TrustStoreException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } catch (CertificateException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } catch (FileNotFoundException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } catch (IOException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } // set IXSIL debug output IXSILInit.setPrintDebugLog( diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index ba2513d2f..2c4bbd4eb 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -30,6 +30,9 @@ import iaik.server.modules.cmsverify.CMSSignatureVerificationModule; import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory; import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; +import iaik.x509.X509Certificate; +import iaik.xml.crypto.tsl.ex.TSLEngineDiedException; +import iaik.xml.crypto.tsl.ex.TSLSearchException; import java.io.IOException; import java.io.InputStream; @@ -37,6 +40,8 @@ import java.util.Date; import java.util.Iterator; import java.util.List; +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.logging.LoggingContext; import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.MOAApplicationException; @@ -52,6 +57,8 @@ import at.gv.egovernment.moa.spss.server.logging.IaikLog; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask; +import at.gv.egovernment.moa.spss.util.MessageProvider; /** * A class providing an interface to the @@ -183,7 +190,12 @@ public class CMSSignatureVerificationInvoker { for (resultIter = results.iterator(); resultIter.hasNext();) { result = (CMSSignatureVerificationResult) resultIter.next(); - responseBuilder.addResult(result, trustProfile); + + // check QC and SSCD via TSL (if enabled) + boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain()); + boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());; + + responseBuilder.addResult(result, trustProfile, checkQCFromTSL, checkSSCDFromTSL); } } else { int i; @@ -194,7 +206,12 @@ public class CMSSignatureVerificationInvoker { try { result = (CMSSignatureVerificationResult) results.get(signatories[i] - 1); - responseBuilder.addResult(result, trustProfile); + // check QC and SSCD via TSL (if enabled) + boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain()); + boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());; + + + responseBuilder.addResult(result, trustProfile, checkQCFromTSL, checkSSCDFromTSL); } catch (IndexOutOfBoundsException e) { throw new MOAApplicationException( "2249", @@ -206,6 +223,65 @@ public class CMSSignatureVerificationInvoker { return responseBuilder.getResponse(); } + private boolean checkQC(boolean tslEnabledTrustProfile, List chainlist) { + boolean checkQCFromTSL = false; + try { + if (tslEnabledTrustProfile) { + if (chainlist != null) { + X509Certificate[] chain = new X509Certificate[chainlist.size()]; + + Iterator it = chainlist.iterator(); + int i = 0; + while(it.hasNext()) { + chain[i] = (X509Certificate)it.next(); + i++; + } + + checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain); + //checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain); + } + } + } + catch (TSLEngineDiedException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); + } catch (TSLSearchException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); + } + + return checkQCFromTSL; + } + + private boolean checkSSCD(boolean tslEnabledTrustProfile, List chainlist) { + boolean checkSSCDFromTSL = false; + try { + if (tslEnabledTrustProfile) { + if (chainlist != null) { + X509Certificate[] chain = new X509Certificate[chainlist.size()]; + + Iterator it = chainlist.iterator(); + int i = 0; + while(it.hasNext()) { + chain[i] = (X509Certificate)it.next(); + i++; + } + + checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain); + } + } + } + catch (TSLEngineDiedException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); + } catch (TSLSearchException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); + } + + return checkSSCDFromTSL; + } + /** * Get the signed content contained either in the request itself or given as a * reference to external data. diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index fcd5ae0e7..3b82c6caf 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -71,9 +71,13 @@ public class VerifyCMSSignatureResponseBuilder { * * @param result The result to add. * @param trustprofile The actual trustprofile + * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the + * certificate as qualified, otherwise <code>false</code>. + * @param checkSSCDFromTSL <code>true</code>, if the TSL check verifies the + * signature based on a SSDC, otherwise <code>false</code>. * @throws MOAException */ - public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile) + public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQCFromTSL, boolean checkSSCDFromTSL) throws MOAException { CertificateValidationResult certResult = @@ -86,16 +90,28 @@ public class VerifyCMSSignatureResponseBuilder { SignerInfo signerInfo; CheckResult signatureCheck; CheckResult certificateCheck; - - // TODO Check TSL check + + + boolean qualifiedCertificate = false; + + // verify qualified certificate checks (certificate or TSL) + if (trustProfile.isTSLEnabled()) { + // take TSL result + qualifiedCertificate = checkQCFromTSL; + } + else { + // take result from certificate + qualifiedCertificate = certResult.isQualifiedCertificate(); + } + // add SignerInfo element signerInfo = factory.createSignerInfo( (X509Certificate) certResult.getCertificateChain().get(0), - certResult.isQualifiedCertificate(), + qualifiedCertificate, certResult.isPublicAuthorityCertificate(), certResult.getPublicAuthorityID(), - false); + checkSSCDFromTSL); // add SignatureCheck element signatureCheck = factory.createCheckResult(signatureCheckCode, null); @@ -103,6 +119,7 @@ public class VerifyCMSSignatureResponseBuilder { // add CertificateCheck element certificateCheck = factory.createCheckResult(certificateCheckCode, null); + // build the response element diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index 290841c66..8a5b6f5b7 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -229,6 +229,14 @@ public class XMLSignatureVerificationInvoker { profile, signingTime, new TransactionId(context.getTransactionID())); + } catch (IAIKException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (IAIKRuntimeException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } + try { if (tp.isTSLEnabled()) { List list = result.getCertificateValidationResult().getCertificateChain(); if (list != null) { @@ -245,21 +253,14 @@ public class XMLSignatureVerificationInvoker { checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain); checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain); } - - } - - } catch (IAIKException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IAIKRuntimeException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (TSLEngineDiedException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; + } + } + catch (TSLEngineDiedException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); } catch (TSLSearchException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); } // swap back in the request as root document diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java index 7e8dcf0c4..defaedd86 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java @@ -41,8 +41,10 @@ public class Configurator { throw new TSLEngineDiedException(e);
}
- //@TODO Check "/"
- Configurator._TSLWorkingDirectoryPath = TSLWorkingDirectoryPath + "/";
+ if (!TSLWorkingDirectoryPath.endsWith("/"))
+ TSLWorkingDirectoryPath += "/";
+
+ Configurator._TSLWorkingDirectoryPath = TSLWorkingDirectoryPath;
initialDefaultConfig();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java index b88255115..2e4af2817 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java @@ -92,17 +92,12 @@ public class TSLConnector implements TSLConnectorInterface { //TODO: clean hascash and TLS Download folder
String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
- System.out.println("hashcachedir: " + hashcachedir);
-
if (hashcachedir==null)
hashcachedir = DEFAULT_HASHCACHE_DIR;
String tsldownloaddir = Configurator.get_TSLWorkingDirectoryPath() + "TslDownload";
- System.out.println("hashcachedir: " + hashcachedir);
-
File hashcachefile = new File(hashcachedir);
- System.out.println("Hashcache: " + hashcachefile.getAbsolutePath());
File[] filelist = hashcachefile.listFiles();
@@ -247,8 +242,8 @@ public class TSLConnector implements TSLConnectorInterface { Countries expectedTerritory = entry.getValue().getSchemeTerritory();
try {
- if (expectedTerritory.equals("RO"))
- System.out.println("Stop");
+// if (expectedTerritory.equals("RO"))
+// System.out.println("Stop");
Number otpId = entry.getKey();
LocationAndCertHash lac = entry.getValue();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java index 6798a5db1..c365a1121 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java @@ -1,21 +1,40 @@ package at.gv.egovernment.moa.spss.tsl.timer;
import iaik.pki.store.certstore.CertStoreException;
+import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.truststore.TrustStoreException;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.utils.StoreUpdater;
+import iaik.server.ConfigurationData;
+import iaik.x509.X509Certificate;
import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
import iaik.xml.crypto.tsl.ex.TSLSearchException;
+import java.io.File;
+import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.Map;
import java.util.TimerTask;
import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;
import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.StringUtils;
+
public class TSLUpdaterTimerTask extends TimerTask {
@@ -31,7 +50,7 @@ public class TSLUpdaterTimerTask extends TimerTask { Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
// TODO wenn update nicht erfolgreich, dann soll TSL-Trustprofil nicht zur
- // Verfügung stehen.
+ // Verfügung stehen?
} catch (TSLSearchException e) {
MessageProvider msg = MessageProvider.getInstance();
@@ -62,86 +81,86 @@ public class TSLUpdaterTimerTask extends TimerTask { }
public static void update() throws TSLEngineDiedException, TSLSearchException, ConfigurationException, MOAApplicationException, CertStoreException, TrustStoreException, CertificateException, FileNotFoundException, IOException {
-// MessageProvider msg = MessageProvider.getInstance();
-//
-// //get TSl configuration
-// ConfigurationProvider config = ConfigurationProvider.getInstance();
-// ConfigurationData configData = new IaikConfigurator().configure(config);
-// TSLConfiguration tslconfig = config.getTSLConfiguration();
-// if (tslconfig != null) {
-//
-// Logger.info(new LogMsg(msg.getMessage("config.42", null)));
-//
-// // get certstore parameters
-// CertStoreParameters[] certStoreParameters = configData.getPKIConfiguration().getCertStoreConfiguration().getParameters();
-//
-// // iterate over all truststores
-// Map mapTrustProfiles = config.getTrustProfiles();
-// Iterator it = mapTrustProfiles.entrySet().iterator();
-// while (it.hasNext()) {
-// Map.Entry pairs = (Map.Entry)it.next();
-// TrustProfile tp = (TrustProfile) pairs.getValue();
-// if (tp.isTSLEnabled()) {
-// TrustStoreProfile tsp = new TrustStoreProfileImpl(config, tp.getId());
-// TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
-// trustStoreProfiles[0] = tsp;
-//
-// Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
-//
-// TransactionId tid = new TransactionId("TSLConfigurator-" + tp.getId());
-// ArrayList tsl_certs = null;
-// if (StringUtils.isEmpty(tp.getCountries())) {
-// Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-//
-// // get certificates from TSL from all countries
-// tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
-// }
-// else {
-// Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-// // get selected countries as array
-// String countries = tp.getCountries();
-// String[] array = countries.split(",");
-// for (int i = 0; i < array.length; i++)
-// array[i] = array[i].trim();
-//
-// // get certificates from TSL from given countries
-// tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
-// }
-//
-// // create store updater for each TSL enabled truststore
-// Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
-// StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
-//
-// // convert ArrayList<File> to X509Certificate[]
-// X509Certificate[] addCertificates = new X509Certificate[tsl_certs.size()];
-// Iterator itcert = tsl_certs.iterator();
-// int i = 0;
-// while(itcert.hasNext()) {
-// File f = (File)itcert.next();
-// X509Certificate cert = new X509Certificate(new FileInputStream(f));
-// addCertificates[i] = cert;
-//
-// i++;
-// }
-//
-// // get certificates to be removed
-// X509Certificate[] removeCertificates = tp.getCertficatesToBeRemoved();
-//
-//
-// //Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-// Logger.debug(new LogMsg("Remove " + removeCertificates.length + " certificates."));
-// storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
-//
-//
-// Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
-// storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
-//
-// // set the certifcates to be removed for the next TSL update
-// tp.setCertificatesToBeRemoved(addCertificates);
-//
-// }
-// }
-// }
+ MessageProvider msg = MessageProvider.getInstance();
+
+ //get TSl configuration
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ ConfigurationData configData = new IaikConfigurator().configure(config);
+ TSLConfiguration tslconfig = config.getTSLConfiguration();
+ if (tslconfig != null) {
+
+ Logger.info(new LogMsg(msg.getMessage("config.42", null)));
+
+ // get certstore parameters
+ CertStoreParameters[] certStoreParameters = configData.getPKIConfiguration().getCertStoreConfiguration().getParameters();
+
+ // iterate over all truststores
+ Map mapTrustProfiles = config.getTrustProfiles();
+ Iterator it = mapTrustProfiles.entrySet().iterator();
+ while (it.hasNext()) {
+ Map.Entry pairs = (Map.Entry)it.next();
+ TrustProfile tp = (TrustProfile) pairs.getValue();
+ if (tp.isTSLEnabled()) {
+ TrustStoreProfile tsp = new TrustStoreProfileImpl(config, tp.getId());
+ TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
+ trustStoreProfiles[0] = tsp;
+
+ Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
+
+ TransactionId tid = new TransactionId("TSLConfigurator-" + tp.getId());
+ ArrayList tsl_certs = null;
+ if (StringUtils.isEmpty(tp.getCountries())) {
+ Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+
+ // get certificates from TSL from all countries
+ tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
+ }
+ else {
+ Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+ // get selected countries as array
+ String countries = tp.getCountries();
+ String[] array = countries.split(",");
+ for (int i = 0; i < array.length; i++)
+ array[i] = array[i].trim();
+
+ // get certificates from TSL from given countries
+ tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
+ }
+
+ // create store updater for each TSL enabled truststore
+ Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
+ StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
+
+ // convert ArrayList<File> to X509Certificate[]
+ X509Certificate[] addCertificates = new X509Certificate[tsl_certs.size()];
+ Iterator itcert = tsl_certs.iterator();
+ int i = 0;
+ while(itcert.hasNext()) {
+ File f = (File)itcert.next();
+ X509Certificate cert = new X509Certificate(new FileInputStream(f));
+ addCertificates[i] = cert;
+
+ i++;
+ }
+
+ // get certificates to be removed
+ X509Certificate[] removeCertificates = tp.getCertficatesToBeRemoved();
+
+
+ //Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+ Logger.debug(new LogMsg("Remove " + removeCertificates.length + " certificates."));
+ storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
+
+
+ Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
+ storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+
+ // set the certifcates to be removed for the next TSL update
+ tp.setCertificatesToBeRemoved(addCertificates);
+
+ }
+ }
+ }
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties index 60786dc8a..645ff9f6d 100644 --- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties +++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties @@ -145,7 +145,7 @@ config.34=Blacklisted URI: {0}. config.35=External URIs not allowed.
config.36=No blacklisted URIs given.
config.37=Fehler beim Erstellen der TSL Konfiguration: Name des TSL Arbeits-Verzeichnisses konnte nicht in eine URL umgewandet werden (Wert="{0}")
-config.38=Fehler beim Erstellen der TSL Konfiguration: Das TSL Arbeits-Verzeichnis zeigt nicht auf ein existierendes Objekt, das kein Verzeichnis ist (Wert="{0}")
+config.38=Fehler beim Erstellen der TSL Konfiguration: Das TSL Arbeits-Verzeichnis ist kein Verzeichnis (Wert="{0}")
config.39=TSL Konfguration: Kein Attribut "{0}" angegeben oder Attribut konnte nicht ausgewertet werden. Verwenden Default-Wert ("{1}")
config.40=Fehler beim Erstellen der TSL Konfiguration: Es wurde mindestens ein TrustProfile mit aktivierter TSL-Unterstützung konfiguriert. Die allgemeine TSL-Konfiguration ist jedoch fehlerhaft.
config.41=Initialisiere TSL Bibliothek
@@ -169,4 +169,5 @@ invoker.01=Keine passende Transformationskette gefunden (Index={0}) invoker.02=Der Hashwert der Transformation stimmt nicht überein (Index={0})
invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1})
-tsl.00=Aktulisierung der TSL konnte nicht durchgeführt werden. TrustProfile mit aktiviertem TSL-Support stehen nicht zur Verfügung.
\ No newline at end of file +tsl.00=Aktulisierung der TSL konnte nicht durchgeführt werden. TrustProfile mit aktiviertem TSL-Support stehen nicht zur Verfügung.
+tsl.01=Fehler bei der QC (qualifiziertes Zertifikat) bzw. SSCD (sichere Signaturerstellungseinheit) Überprüfung via TSL.
\ No newline at end of file diff --git a/spss/server/serverws/.classpath b/spss/server/serverws/.classpath index af4743f8a..bd0d802c7 100644 --- a/spss/server/serverws/.classpath +++ b/spss/server/serverws/.classpath @@ -1,12 +1,38 @@ <?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
- <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER">
- <attributes>
- <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
- </attributes>
- </classpathentry>
- <classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
- <classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
- <classpathentry kind="output" path="target/classes"/>
-</classpath>
+ <classpathentry kind="output" path="target/classes"/>
+ <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/xml/bind/jaxb-api/2.2.6/jaxb-api-2.2.6.jar"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
+ <classpathentry kind="src" path="/moa-spss-lib"/>
+ <classpathentry kind="var" path="M2_REPO/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/axis/axis-wsdl4j/1.5.1/axis-wsdl4j-1.5.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-discovery/commons-discovery/0.2/commons-discovery-0.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/postgresql/postgresql/7.2/postgresql-7.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xalan/2.7.0/xalan-2.7.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xml-apis/2.7.0/xml-apis-2.7.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/serializer/2.7.0/serializer-2.7.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Provider/1.2.4/iaik_Pkcs11Provider-1.2.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Wrapper/1.2.17/iaik_Pkcs11Wrapper-1.2.17.jar"/>
+ <classpathentry kind="src" path="/moa-common"/>
+ <classpathentry kind="var" path="M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar"/>
+ <classpathentry kind="var" path="M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar"/>
+ <classpathentry kind="var" path="M2_REPO/joda-time/joda-time/1.6.2/joda-time-1.6.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_util/0.23/iaik_util-0.23.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_xsect/1.1709142/iaik_xsect-1.1709142.jar"/>
+ <classpathentry kind="var" path="M2_REPO/com/sun/xml/bind/jaxb-impl/2.2.5/jaxb-impl-2.2.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jsse/4.4/iaik_jsse-4.4.jar"/>
+</classpath>
\ No newline at end of file diff --git a/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs index 7e3b7e969..0e32dbb18 100644 --- a/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs +++ b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs @@ -1,7 +1,8 @@ -eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
-org.eclipse.jdt.core.compiler.compliance=1.4
-org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+#Thu Dec 27 15:45:22 CET 2012
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.compliance=1.5
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml index df66dd21b..564572b10 100644 --- a/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -2,6 +2,6 @@ <faceted-project>
<fixed facet="jst.java"/>
<fixed facet="jst.web"/>
- <installed facet="jst.java" version="1.4"/>
- <installed facet="jst.web" version="2.3"/>
-</faceted-project>
+ <installed facet="jst.web" version="2.4"/>
+ <installed facet="jst.java" version="5.0"/>
+</faceted-project>
\ No newline at end of file diff --git a/spss/server/tools/.classpath b/spss/server/tools/.classpath index a9bfad977..65abf443d 100644 --- a/spss/server/tools/.classpath +++ b/spss/server/tools/.classpath @@ -3,7 +3,7 @@ <classpathentry kind="src" path="src/main/java" including="**/*.java"/>
<classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/>
<classpathentry kind="output" path="target/classes"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar"/>
<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar"/>
<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar"/>
diff --git a/spss/server/tools/.settings/org.eclipse.jdt.core.prefs b/spss/server/tools/.settings/org.eclipse.jdt.core.prefs index a519d2f62..3bfb290ea 100644 --- a/spss/server/tools/.settings/org.eclipse.jdt.core.prefs +++ b/spss/server/tools/.settings/org.eclipse.jdt.core.prefs @@ -1,5 +1,6 @@ -eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
-org.eclipse.jdt.core.compiler.compliance=1.4
+#Thu Dec 27 15:45:21 CET 2012
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
|