aboutsummaryrefslogtreecommitdiff
path: root/spss/server
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2014-03-25 22:02:54 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2014-03-25 22:02:54 +0100
commitfc189a2e69c7468c12621b7d4a3c94343d1a672c (patch)
tree89d9e08195bf3c708115ded47a8e588c6e4acbb0 /spss/server
parent242a22849402a13e585fada9d055a85f1c6d1ee8 (diff)
parent1b47a1e5f5787a3d1681cdee8b8bc1ec7a5cd9c9 (diff)
downloadmoa-id-spss-fc189a2e69c7468c12621b7d4a3c94343d1a672c.tar.gz
moa-id-spss-fc189a2e69c7468c12621b7d4a3c94343d1a672c.tar.bz2
moa-id-spss-fc189a2e69c7468c12621b7d4a3c94343d1a672c.zip
merge
Diffstat (limited to 'spss/server')
-rw-r--r--spss/server/history.txt10
-rw-r--r--spss/server/moa-spss.iml14
-rw-r--r--spss/server/readme.update.txt16
-rw-r--r--spss/server/serverlib/moa-spss-lib.iml114
-rw-r--r--spss/server/serverlib/pom.xml14
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java1
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java2
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java147
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java81
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java8
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java1
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java46
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java343
-rw-r--r--spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties1
-rw-r--r--spss/server/serverws/moa-spss-ws.iml79
-rw-r--r--spss/server/serverws/pom.xml33
-rw-r--r--spss/server/tools/moa-spss-tools.iml23
-rw-r--r--spss/server/tools/pom.xml18
-rw-r--r--spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java8
19 files changed, 740 insertions, 219 deletions
diff --git a/spss/server/history.txt b/spss/server/history.txt
index 02419a3fa..651524419 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -1,16 +1,18 @@
##############
-1.5.2
+2.0.0
##############
- Signaturerstellung:
- Unterstuetzung von XAdES Version 1.4.2
- Unterstuetzung von CMS/CAdES Signaturen Version 2.2.1
-- TSL Unterstuetzung
+- Signaturpruefung:
+ - Trust-service Status List (TSL) Unterstuetzung
+- Update der Standard Trustprofile und Standard Konfigurationen
- Sicherheitsupdates
- Angabe einer Whitelist um das Aufloesen externer Referenzen von den angegebenen Quellen zu aktivieren.
- Libraries aktualisiert bzw. hinzugefuegt:
iaik-moa: Version 1.5
- iaik-tsl Version 1.0.0
+ iaik-tsl Version 1.0
##############
1.5.1
@@ -18,7 +20,7 @@
- Sicherheitsupdates
- Defaultmaessiges Deaktiveren des Aufloesens von externen Referenzen
- - Angabe einer Blacklist in der Konfiguration um den Intranetbereich zu sch�tzen, so das Aufloesen externer Referenzen aktiviert wird
+ - Angabe einer Blacklist in der Konfiguration um den Intranetbereich zu schützen, so das Aufloesen externer Referenzen aktiviert wird
- Update der Standard Trustprofile und Standard Konfigurationen
- Standard Trustprofil "OfficialSignature" fuer Amtssignaturen hinzugefuegt
- Libraries aktualisiert:
diff --git a/spss/server/moa-spss.iml b/spss/server/moa-spss.iml
new file mode 100644
index 000000000..6e02e5944
--- /dev/null
+++ b/spss/server/moa-spss.iml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+ <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_5" inherit-compiler-output="false">
+ <output url="file://$MODULE_DIR$/target/classes" />
+ <output-test url="file://$MODULE_DIR$/target/test-classes" />
+ <content url="file://$MODULE_DIR$">
+ <excludeFolder url="file://$MODULE_DIR$/target" />
+ </content>
+ <orderEntry type="inheritedJdk" />
+ <orderEntry type="sourceFolder" forTests="false" />
+ <orderEntry type="library" name="Maven: commons-io:commons-io:1.3.2" level="project" />
+ </component>
+</module>
+
diff --git a/spss/server/readme.update.txt b/spss/server/readme.update.txt
index 28796ddcb..07d100272 100644
--- a/spss/server/readme.update.txt
+++ b/spss/server/readme.update.txt
@@ -1,11 +1,11 @@
======================================================================
- Update einer bestehenden MOA-SPSS-Installation auf Version 1.5.2
+ Update einer bestehenden MOA-SPSS-Installation auf Version 2.0.0
======================================================================
Es gibt zwei Moeglichkeiten (im Folgenden als "Update Variante A" und
"Update Variante B" bezeichnet), das Update von MOA-SPSS auf Version
-1.5.2 durchzufuehren. Update Variante A geht dabei den Weg ueber eine
+2.0.0 durchzufuehren. Update Variante A geht dabei den Weg ueber eine
vorangestellte Neuinstallation, waehrend Variante B direkt eine
bestehende Installation aktualisiert.
@@ -16,7 +16,7 @@ JAVA_HOME bezeichnet das Wurzelverzeichnis der JDK-Installation
CATALINA_HOME bezeichnet das Wurzelverzeichnis der Tomcat-Installation
MOA_SPSS_INST bezeichnet das Verzeichnis, in das Sie die Datei
-moa-spss-1.5.2.zip entpackt haben.
+moa-spss-2.0.0.zip entpackt haben.
=================
Update Variante A
@@ -26,9 +26,9 @@ Update Variante A
Ihrer MOA-SPSS-Installation.
2.) Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
- JAVA_HOME\jre\lib\ext, und l�schen Sie diese Dateien danach.
+ JAVA_HOME\jre\lib\ext, und loeschen Sie diese Dateien danach.
-3.) F�hren Sie eine Neuinstallation gemaess Handbuch durch.
+3.) Fuehren Sie eine Neuinstallation gemaess Handbuch durch.
4.) Kopieren Sie etwaige Konfigurationsdateien, Trust-Profile und Key-Stores,
die Sie aus Ihrer alten Installation beibehalten moechten, aus Ihrer
@@ -53,7 +53,7 @@ Update Variante B
1.) Erstellen Sie eine Sicherungskopie des kompletten Tomcat-Verzeichnisses
Ihrer MOA-SPSS-Installation.
-2.) Entpacken Sie die Datei "moa-spss-1.5.2.zip" in das Verzeichnis MOA_SPSS_INST.
+2.) Entpacken Sie die Datei "moa-spss-2.0.0.zip" in das Verzeichnis MOA_SPSS_INST.
3.) Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
@@ -110,7 +110,7 @@ Update Variante B
10.) Update des Cert-Stores.
a) Kopieren Sie den Inhalt des Verzeichnisses MOA_SPSS_INST\conf\moa-spss\certstore
in das Verzeichnis CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
- vorhandene Dateien oder Unterverzeichnisse �berschreiben sollen, dann bejahen Sie das.
+ vorhandene Dateien oder Unterverzeichnisse ueberschreiben sollen, dann bejahen Sie das.
b) Falls vorhanden, loeschen Sie die Datei "890A4C8282E95EBB398685D9501486EF213941B5" aus dem
Verzeichnis CATALINA_HOME\conf\moa-spss\certstore\10F17BDACD8DEAA1E8F23FBEAE7B3EC3D9773D1D.
@@ -123,7 +123,7 @@ Update Variante B
CATALINA_HOME\conf\moa-spss\certstore\10F17BDACD8DEAA1E8F23FBEAE7B3EC3D9773D1D.
11.) Nur wenn alte Installation aelter als Version 1.3.0:
- Mit dem Wechsel auf Version 1.3.0 verwendet MOA SP ein neues Format f�r die
+ Mit dem Wechsel auf Version 1.3.0 verwendet MOA SP ein neues Format fuer die
XML-Konfigurationsdatei. Sie muessen die Konfigurationsdatei fuer MOA-SP aus
Ihrer alten Installation auf das neue Format konvertieren. Details dazu
finden Sie im MOA-SPSS-Installationshandbuch. \ No newline at end of file
diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml
new file mode 100644
index 000000000..d1832bd65
--- /dev/null
+++ b/spss/server/serverlib/moa-spss-lib.iml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+ <component name="FacetManager">
+ <facet type="web" name="Web">
+ <configuration>
+ <descriptors>
+ <deploymentDescriptor name="web.xml" url="file://$MODULE_DIR$/src/main/java/at/gv/egovernment/moa/spss/api/Configurator.java" />
+ </descriptors>
+ <webroots>
+ <root url="file://$MODULE_DIR$/src/main/java/at/gv/egovernment/moa/spss/api" relative="/WEB-INF" />
+ </webroots>
+ <sourceRoots>
+ <root url="file://$MODULE_DIR$/src/main/java" />
+ <root url="file://$MODULE_DIR$/src/main/resources" />
+ </sourceRoots>
+ </configuration>
+ </facet>
+ <facet type="web" name="Web2">
+ <configuration>
+ <descriptors>
+ <deploymentDescriptor name="web.xml" url="file://$MODULE_DIR$/src/test/java/test/at/gv/egovernment/moa/spss/server/iaik/config" />
+ </descriptors>
+ <webroots>
+ <root url="file://$MODULE_DIR$/src/test/java/test/at/gv/egovernment/moa/spss/server/iaik" relative="/WEB-INF" />
+ </webroots>
+ <sourceRoots>
+ <root url="file://$MODULE_DIR$/src/main/java" />
+ <root url="file://$MODULE_DIR$/src/main/resources" />
+ </sourceRoots>
+ </configuration>
+ </facet>
+ <facet type="web" name="Web3">
+ <configuration>
+ <descriptors>
+ <deploymentDescriptor name="web.xml" url="file://$MODULE_DIR$/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java" />
+ </descriptors>
+ <webroots>
+ <root url="file://$MODULE_DIR$/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind" relative="/WEB-INF" />
+ </webroots>
+ <sourceRoots>
+ <root url="file://$MODULE_DIR$/src/main/java" />
+ <root url="file://$MODULE_DIR$/src/main/resources" />
+ </sourceRoots>
+ </configuration>
+ </facet>
+ </component>
+ <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_5" inherit-compiler-output="false">
+ <output url="file://$MODULE_DIR$/target/classes" />
+ <output-test url="file://$MODULE_DIR$/target/test-classes" />
+ <content url="file://$MODULE_DIR$">
+ <sourceFolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
+ <sourceFolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
+ <sourceFolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
+ <excludeFolder url="file://$MODULE_DIR$/target" />
+ </content>
+ <orderEntry type="inheritedJdk" />
+ <orderEntry type="sourceFolder" forTests="false" />
+ <orderEntry type="library" name="Maven: axis:axis:1.0_IAIK" level="project" />
+ <orderEntry type="library" name="Maven: org.apache.axis:axis-jaxrpc:1.4" level="project" />
+ <orderEntry type="library" name="Maven: org.apache.axis:axis-saaj:1.4" level="project" />
+ <orderEntry type="library" name="Maven: axis:axis-wsdl4j:1.5.1" level="project" />
+ <orderEntry type="library" name="Maven: commons-discovery:commons-discovery:0.2" level="project" />
+ <orderEntry type="library" name="Maven: commons-logging:commons-logging:1.0.4" level="project" />
+ <orderEntry type="library" name="Maven: javax.activation:activation:1.1" level="project" />
+ <orderEntry type="library" name="Maven: javax.mail:mail:1.4" level="project" />
+ <orderEntry type="library" scope="TEST" name="Maven: junit:junit:3.8.1" level="project" />
+ <orderEntry type="library" name="Maven: log4j:log4j:1.2.14" level="project" />
+ <orderEntry type="library" scope="RUNTIME" name="Maven: postgresql:postgresql:7.2" level="project" />
+ <orderEntry type="library" name="Maven: javax.servlet:servlet-api:2.4" level="project" />
+ <orderEntry type="library" name="Maven: xalan-bin-dist:xalan:2.7.1" level="project" />
+ <orderEntry type="library" name="Maven: xalan:serializer:2.7.1" level="project" />
+ <orderEntry type="library" name="Maven: xml-apis:xml-apis:1.3.04" level="project" />
+ <orderEntry type="library" name="Maven: xerces:xercesImpl:2.9.0" level="project" />
+ <orderEntry type="library" scope="RUNTIME" name="Maven: xalan-bin-dist:xml-apis:2.7.1" level="project" />
+ <orderEntry type="library" scope="RUNTIME" name="Maven: xalan-bin-dist:serializer:2.7.1" level="project" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_moa:1.5" level="project" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_ixsil:1.2.2.5" level="project" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_jce_full:5.101" level="project" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_ecc:2.19" level="project" />
+ <orderEntry type="library" scope="RUNTIME" name="Maven: iaik.prod:iaik_cms:4.1_MOA" level="project" />
+ <orderEntry type="library" scope="RUNTIME" name="Maven: iaik.prod:iaik_Pkcs11Provider:1.2.4" level="project" />
+ <orderEntry type="library" scope="RUNTIME" name="Maven: iaik.prod:iaik_Pkcs11Wrapper:1.2.17" level="project" />
+ <orderEntry type="module" module-name="moa-common" />
+ <orderEntry type="library" name="Maven: jaxen:jaxen:1.0-FCS" level="project" />
+ <orderEntry type="library" name="Maven: saxpath:saxpath:1.0-FCS" level="project" />
+ <orderEntry type="library" name="Maven: joda-time:joda-time:1.6.2" level="project" />
+ <orderEntry type="library" name="Maven: org.slf4j:slf4j-api:1.7.5" level="project" />
+ <orderEntry type="library" name="Maven: org.slf4j:slf4j-simple:1.7.5" level="project" />
+ <orderEntry type="library" name="Maven: org.slf4j:jcl-over-slf4j:1.7.5" level="project" />
+ <orderEntry type="library" name="Maven: org.slf4j:log4j-over-slf4j:1.7.5" level="project" />
+ <orderEntry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.5" level="project" />
+ <orderEntry type="library" name="Maven: commons-io:commons-io:1.3.2" level="project" />
+ <orderEntry type="module" module-name="moa-common" scope="TEST" production-on-test="" />
+ <orderEntry type="module" module-name="moa-spss-tools" scope="TEST" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_tsl:1.0" level="project" />
+ <orderEntry type="library" name="Maven: iaik:iaik_xsect_eval:1.1709142" level="project" />
+ <orderEntry type="library" name="Maven: iaik:iaik_ecc_signed:2.19" level="project" />
+ <orderEntry type="library" name="Maven: iaik:iaik_jce_eval_signed:3.181" level="project" />
+ <orderEntry type="library" name="Maven: iaik:iaik_pki_module:1.0" level="project" />
+ <orderEntry type="library" name="Maven: iaik:iaik_javax_crypto:1.0" level="project" />
+ <orderEntry type="library" name="Maven: iaik:iaik_util:0.23" level="project" />
+ <orderEntry type="library" name="Maven: iaik:iaik_jsse:4.4" level="project" />
+ <orderEntry type="library" name="Maven: iaik:iaik_ssl:4.4" level="project" />
+ <orderEntry type="library" name="Maven: iaik:w3c_http:1.0" level="project" />
+ <orderEntry type="library" name="Maven: org.xerial:sqlite-jdbc:3.7.8-SNAPSHOT" level="project" />
+ <orderEntry type="library" name="Maven: stax:stax-api:1.0.1" level="project" />
+ <orderEntry type="library" name="Maven: javax.xml.bind:jaxb-api:2.2.6" level="project" />
+ <orderEntry type="library" name="Maven: com.sun.xml.bind:jaxb-impl:2.2.5" level="project" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_util:0.23" level="project" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_xsect:1.1709142" level="project" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_jsse:4.4" level="project" />
+ </component>
+</module>
+
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index 1c756d4d4..4eb2a2218 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -143,16 +143,16 @@
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_tsl</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_util</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_xsect</artifactId>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_xsect_eval</artifactId>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
@@ -167,7 +167,7 @@
<artifactId>sqlite-jdbc</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_jsse</artifactId>
</dependency>
@@ -197,7 +197,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>2.2</version>
+ <version>2.9.1</version>
<configuration>
<quiet>true</quiet>
<author>false</author>
@@ -260,7 +260,7 @@
<link>http://java.sun.com/j2se/1.5.0/docs/api/</link>
<link>http://logging.apache.org/log4j/docs/api/</link>
</links>
- <target>1.4</target>
+ <target>1.5</target>
</configuration>
<executions>
<execution>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java
index 30eed7001..6cf46c50a 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java
@@ -36,6 +36,7 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.util.Constants;
+
import at.gv.egovernment.moa.spss.util.MessageProvider;
/**
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
index 6209d8ef9..6b3f4301f 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
@@ -175,7 +175,7 @@ public class VerifyCMSSignatureRequestParser {
excludeByteRangeFrom = new BigDecimal(excludeByteRangeFromStr);
if (excludeByteRangeToStr != null)
excludeByteRangeTo = new BigDecimal(excludeByteRangeToStr);
-
+
return factory.createCMSDataObject(metaInfo, content, excludeByteRangeFrom, excludeByteRangeTo);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 0908d88c9..3d2da8384 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -1268,6 +1268,111 @@ public class ConfigurationPartsBuilder {
}
/**
+ * Build the trust profile mapping.
+ *
+ * @return The profile ID to profile mapping.
+ */
+ public Map buildTrustProfiles()
+ {
+ Map trustProfiles = new HashMap();
+ NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+ Element profileElem;
+
+ while ((profileElem = (Element) profileIter.nextNode()) != null)
+ {
+ String id = getElementValue(profileElem, CONF + "Id", null);
+ String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null);
+ String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null);
+
+ URI trustAnchorsLocURI = null;
+ try
+ {
+ trustAnchorsLocURI = new URI(trustAnchorsLocStr);
+ if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file
+ trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr);
+ }
+ }
+ catch (URIException e) {
+ warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e);
+ continue;
+ }
+ catch (MalformedURLException e)
+ {
+ warn("config.15", new Object[] {id}, e);
+ continue;
+ }
+
+ File profileDir = new File(trustAnchorsLocURI.getPath());
+ if (!profileDir.exists() || !profileDir.isDirectory()) {
+ warn("config.27", new Object[] { "uri", id });
+ continue;
+ }
+
+
+
+ if (trustProfiles.containsKey(id)) {
+ warn("config.04", new Object[] { "TrustProfile", id });
+ continue;
+ }
+
+ URI signerCertsLocURI = null;
+ if (signerCertsLocStr != null && !"".equals(signerCertsLocStr))
+ {
+ try
+ {
+ signerCertsLocURI = new URI(signerCertsLocStr);
+ if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr);
+
+ File signerCertsDir = new File(signerCertsLocURI.getPath());
+ if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) {
+ warn("config.27", new Object[] { "signerCertsUri", id });
+ continue;
+ }
+ }
+ catch (URIException e) {
+ warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e);
+ continue;
+ }
+ catch (MalformedURLException e) {
+ warn("config.15", new Object[] {id}, e);
+ continue;
+ }
+ }
+
+ signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
+
+ TrustProfile profile = null;
+
+ profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, false, null);
+
+ trustProfiles.put(id, profile);
+
+ }
+
+ return trustProfiles;
+ }
+
+ /**
+ * checks if a trustprofile with TSL support is enabled
+ *
+ * @return true if TSL support is enabled in at least one trustprofile, else false
+ */
+ public boolean checkTrustProfilesTSLenabled()
+ {
+ NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+ Element profileElem;
+
+ boolean tslSupportEnabled = false;
+ while ((profileElem = (Element) profileIter.nextNode()) != null) {
+ Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL");
+ if (eutslElem != null) //EUTSL element found --> TSL enabled
+ tslSupportEnabled = true;
+ }
+
+ return tslSupportEnabled;
+ }
+
+ /**
* Returns the location of the certificate store.
*
* @return the location of the certificate store.
@@ -1385,6 +1490,22 @@ public class ConfigurationPartsBuilder {
Logger.warn(new LogMsg(txt));
warnings.add(txt);
}
+
+ /**
+ * Log a warning.
+ *
+ * @param messageId The message ID.
+ * @param args Additional parameters for the message.
+ * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+ */
+ private void debug(String messageId, Object[] args) {
+ MessageProvider msg = MessageProvider.getInstance();
+ String txt = msg.getMessage(messageId, args);
+
+ Logger.debug(new LogMsg(txt));
+
+ }
+
/**
* Log a debug message.
@@ -1577,31 +1698,31 @@ public class ConfigurationPartsBuilder {
public TSLConfiguration getTSLConfiguration() {
TSLConfigurationImpl tslconfiguration = new TSLConfigurationImpl();
-
+
String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null);
if (StringUtils.isEmpty(euTSLUrl)) {
euTSLUrl = TSLConfiguration.DEFAULT_EU_TSL_URL;
- warn("config.39", new Object[] { "EUTSL", euTSLUrl });
+ debug("config.39", new Object[] { "EUTSL", euTSLUrl });
}
String updateSchedulePeriod = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "Period" , null);
if (StringUtils.isEmpty(updateSchedulePeriod)) {
updateSchedulePeriod = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_PERIOD;
- warn("config.39", new Object[] { "UpdateSchedule/Period", updateSchedulePeriod });
+ debug("config.39", new Object[] { "UpdateSchedule/Period", updateSchedulePeriod });
}
String updateScheduleStartTime = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "StartTime", null);
if (StringUtils.isEmpty(updateScheduleStartTime)) {
updateScheduleStartTime = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_STARTTIME;
- warn("config.39", new Object[] { "UpdateSchedule/StartTime", updateScheduleStartTime });
+ debug("config.39", new Object[] { "UpdateSchedule/StartTime", updateScheduleStartTime });
}
String workingDirectoryStr = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "WorkingDirectory", null);
if (StringUtils.isEmpty(workingDirectoryStr)) {
workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR;
- warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr });
+ debug("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr });
}
// convert update schedule starting time to Date object
@@ -1638,24 +1759,12 @@ public class ConfigurationPartsBuilder {
return null;
}
- File hashcache = new File(tslWorkingDir, "hashcache");
- if (!hashcache.exists()) {
- hashcache.mkdir();
- }
- if (!hashcache.isDirectory()) {
- error("config.38", new Object[] { hashcache.getAbsolutePath() });
- return null;
- }
-
- System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath());
-// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
-// System.out.println("Hashcache: " + hashcachedir);
-
+
debug("TSL Konfiguration - EUTSLUrl: " + euTSLUrl);
debug("TSL Konfiguration - UpdateSchedule/Period: " + updateSchedulePeriod);
debug("TSL Konfiguration - UpdateSchedule/StartTime: " + updateScheduleStartTime);
debug("TSL Konfiguration - TSLWorkingDirectory: " + tslWorkingDir.getAbsolutePath());
- debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath());
+
// set TSL configuration
tslconfiguration.setEuTSLUrl(euTSLUrl);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 2cad35763..d67cbf1b4 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -347,6 +347,16 @@ public class ConfigurationProvider
try {
builder = new ConfigurationPartsBuilder(configElem, configRoot);
+ if (builder.checkTrustProfilesTSLenabled()) {
+ debug("TSL support enabled for at least one trustprofile.");
+ tslconfiguration_ = builder.getTSLConfiguration();
+ trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+ }
+ else {
+ tslconfiguration_ = null;
+ trustProfiles = builder.buildTrustProfiles();
+ }
+
digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName();
canonicalizationAlgorithmName =
builder.getCanonicalizationAlgorithmName();
@@ -361,14 +371,14 @@ public class ConfigurationProvider
keyGroupMappings =
builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL);
- tslconfiguration_ = builder.getTSLConfiguration();
-
xadesVersion = builder.getXAdESVersion();
defaultChainingMode = builder.getDefaultChainingMode();
chainingModes = builder.buildChainingModes();
useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess();
autoAddCertificates_ = builder.getAutoAddCertificates();
- trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+ //trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+
+
distributionPoints = builder.buildDistributionPoints();
enableRevocationChecking_ = builder.getEnableRevocationChecking();
maxRevocationAge_ = builder.getMaxRevocationAge();
@@ -379,6 +389,7 @@ public class ConfigurationProvider
revocationArchiveJDBCDriverClass_ = builder.getRevocationArchiveJDBCDriverClass();
+
//check TSL configuration
checkTSLConfiguration();
@@ -428,7 +439,21 @@ public class ConfigurationProvider
}
}
- private void checkTSLConfiguration() throws ConfigurationException {
+ private boolean checkTSLenableTrustprofilesExist()throws ConfigurationException {
+ boolean bTSLEnabledTPExist = false;
+ Iterator it = trustProfiles.entrySet().iterator();
+ while (it.hasNext()) {
+ Map.Entry pairs = (Map.Entry)it.next();
+ TrustProfile tp = (TrustProfile) pairs.getValue();
+ if (tp.isTSLEnabled())
+ bTSLEnabledTPExist = bTSLEnabledTPExist || true;
+ }
+
+ return bTSLEnabledTPExist;
+
+ }
+
+ private void checkTSLConfiguration() throws ConfigurationException {
boolean bTSLEnabledTPExist = false;
Iterator it = trustProfiles.entrySet().iterator();
while (it.hasNext()) {
@@ -449,6 +474,43 @@ public class ConfigurationProvider
throw new ConfigurationException("config.40", null);
}
+ File workingDir = new File(tslconfiguration_.getWorkingDirectory());
+ File eu_trust = new File(workingDir.getAbsolutePath() + "/trust/eu");
+ if (!eu_trust.exists()) {
+ error("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"});
+ throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"});
+ }
+ else {
+ File[] eutrustFiles = eu_trust.listFiles();
+ if (eutrustFiles == null) {
+ error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+ throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+ }
+ else {
+ if (eutrustFiles.length == 0) {
+ error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+ throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+ }
+ }
+
+ }
+
+ File hashcache = new File(tslconfiguration_.getWorkingDirectory(), "hashcache");
+ if (!hashcache.exists()) {
+ hashcache.mkdir();
+ }
+ if (!hashcache.isDirectory()) {
+ error("config.38", new Object[] { hashcache.getAbsolutePath() });
+ return;
+ }
+
+ System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath());
+// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
+// System.out.println("Hashcache: " + hashcachedir);
+
+
+ Logger.debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath());
+
}
@@ -759,6 +821,17 @@ public class ConfigurationProvider
Logger.info(new LogMsg(msg.getMessage(messageId, parameters)));
}
+ /**
+ * Log a debug message.
+ *
+ * @param messageId The message ID.
+ * @param parameters Additional parameters for the message.
+ * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+ */
+ private static void debug(String message) {
+ Logger.debug(message);
+ }
+
/**
* Log a warning.
*
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 0e5faf790..aca6f5895 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -311,6 +311,12 @@ public class CMSSignatureVerificationInvoker {
ByteArrayOutputStream contentOs = new ByteArrayOutputStream();
+ CMSDataObject dataobject = request.getDataObject();
+ BigDecimal from = dataobject.getExcludeByteRangeFrom();
+ BigDecimal to = dataobject.getExcludeByteRangeTo();
+
+ if ( (from == null) || (to == null))
+ return contentIs;
BigDecimal counter = new BigDecimal("0");
BigDecimal one = new BigDecimal("1");
@@ -318,7 +324,7 @@ public class CMSSignatureVerificationInvoker {
try {
while ((byteRead=contentIs.read()) >= 0) {
- if (inRange(counter, request.getDataObject())) {
+ if (inRange(counter, dataobject)) {
// if byte is in byte range, set byte to 0x00
contentOs.write(0);
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
index 07da0a998..3a004a81d 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.spss.tsl.connector;
import iaik.asn1.ObjectID;
+
import iaik.util._;
import iaik.util.logging._l;
import iaik.utils.RFC2253NameParser;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
index 5456701c0..e06abe44d 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
@@ -46,7 +46,9 @@ public class TSLUpdaterTimerTask extends TimerTask {
public void run() {
try {
+ Logger.info("Start TSL Update");
update();
+ Logger.info("Finished TSL Update");
} catch (TSLEngineDiedException e) {
MessageProvider msg = MessageProvider.getInstance();
Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
@@ -172,33 +174,33 @@ public class TSLUpdaterTimerTask extends TimerTask {
// convert ArrayList<File> to X509Certificate[]
if (tsl_certs == null) {
- Logger.error("No certificates from TSL imported.");
- throw new TSLSearchException("No certificates from TSL imported.");
+ Logger.warn("No certificates from TSL imported.");
+ //throw new TSLSearchException("No certificates from TSL imported.");
}
+ else {
- X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];
- Iterator itcert = tsl_certs.iterator();
- i = 0;
- File f = null;
- while(itcert.hasNext()) {
- f = (File)itcert.next();
- FileInputStream fis = new FileInputStream(f);
- X509Certificate cert = new X509Certificate(fis);
- addCertificatesTSL[i] = cert;
+ X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];
+ Iterator itcert = tsl_certs.iterator();
+ i = 0;
+ File f = null;
+ while(itcert.hasNext()) {
+ f = (File)itcert.next();
+ FileInputStream fis = new FileInputStream(f);
+ X509Certificate cert = new X509Certificate(fis);
+ addCertificatesTSL[i] = cert;
- i++;
- fis.close();
- }
+ i++;
+ fis.close();
+ }
- Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates."));
- storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);
- storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);
+ Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates."));
+ storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);
+ storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);
- Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
- storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
- storeUpdater.addCertificatesToCertStores(addCertificates, tid);
-
-
+ Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
+ storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+ storeUpdater.addCertificatesToCertStores(addCertificates, tid);
+ }
}
}
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java
index f0dbd779e..492d10eda 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.spss.tsl.utils;
import iaik.util.logging._l;
+
import iaik.util.logging.Log.MultiThreadLoggingGroup;
import iaik.utils.RFC2253NameParserException;
import iaik.utils.Util;
@@ -15,6 +16,7 @@ import iaik.xml.crypto.tsl.TSLOpenURIException;
import iaik.xml.crypto.tsl.TSLThreadContext;
import iaik.xml.crypto.tsl.ValidationFixupFilter;
import iaik.xml.crypto.tsl.ValidationFixupFilter.AttributeValueFixup;
+import iaik.xml.crypto.tsl.ValidationFixupFilter.DeleteAttrFixup;
import iaik.xml.crypto.tsl.ValidationFixupFilter.ElementStringValueFixup;
import iaik.xml.crypto.tsl.ValidationFixupFilter.FixedSaxLevelValidationExcption;
import iaik.xml.crypto.tsl.ValidationFixupFilter.Fixup;
@@ -97,44 +99,34 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
trustAnchorsWrongOnEuTsl_;
public TSLImportFromFileContext(
- Countries expectedTerritory,
- URL url,
- Number otherTslPointerId,
- String workingdirectory,
- boolean sqlMultithreaded,
- boolean throwExceptions,
- boolean logExceptions,
- boolean throwWarnings,
- boolean logWarnings,
- boolean nullRedundancies,
- String baseuri,
- Map <Countries, ListIterator<X509Certificate>> trustAnchorsWrongOnEuTsl,
- TSLThreadContext parentContext) {
- super(
- expectedTerritory,
- url,
- otherTslPointerId,
- workingdirectory,
- sqlMultithreaded,
- throwExceptions,
- logExceptions,
- throwWarnings,
- logWarnings,
- nullRedundancies,
- parentContext);
- baseuri_ = baseuri;
- trustAnchorsWrongOnEuTsl_ = trustAnchorsWrongOnEuTsl;
- }
-
- public List<ThrowableAndLocatorAndMitigation> getErrorsAndWarnings() {
- List<ThrowableAndLocatorAndMitigation> errorsAndWarnings = new ArrayList<ThrowableAndLocatorAndMitigation>();
- errorsAndWarnings.addAll(this.fatals_);
- errorsAndWarnings.addAll(this.faildTransactions_);
- errorsAndWarnings.addAll(this.warnings_);
-
- return errorsAndWarnings;
- }
-
+ Countries expectedTerritory,
+ URL url,
+ Number otherTslPointerId,
+ String workingdirectory,
+ boolean sqlMultithreaded,
+ boolean throwExceptions,
+ boolean logExceptions,
+ boolean throwWarnings,
+ boolean logWarnings,
+ boolean nullRedundancies,
+ String baseuri,
+ Map <Countries, ListIterator<X509Certificate>> trustAnchorsWrongOnEuTsl,
+ TSLThreadContext parentContext) {
+ super(
+ expectedTerritory,
+ url,
+ otherTslPointerId,
+ workingdirectory,
+ sqlMultithreaded,
+ throwExceptions,
+ logExceptions,
+ throwWarnings,
+ logWarnings,
+ nullRedundancies,
+ parentContext);
+ baseuri_ = baseuri;
+ trustAnchorsWrongOnEuTsl_ = trustAnchorsWrongOnEuTsl;
+ }
/* (non-Javadoc)
* @see iaik.xml.crypto.tsl.TSLImportFromFileContext#getbaseURI()
*/
@@ -142,67 +134,80 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
public String getbaseURI() {
return this.baseuri_;
}
-
+
+
+
+
//@Override
- protected RuntimeException wrapException(Throwable t, Locator l, Mitigation m) {
- return super.wrapException(t, l, m);
- }
+ protected RuntimeException wrapException(Throwable t, Locator l, Mitigation m) {
+ return super.wrapException(t, l, m);
+ }
@Override
- public synchronized void throwException(Throwable e) {
+ public
+ synchronized void throwException(Throwable e) {
if (e instanceof TSLValidationException) {
// we do not throw dom validation errors for testing
// and just collect them
wrapException(e);
-
} else if (e instanceof TSLVerificationException) {
+
+ boolean corrected = false;
// we do not throw verification errors for testing
// and just collect them
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NO_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NO_TSL_SIGNATURE) {
-
- //TSL with no signature are ignored!!!!
- l.warn("TSL IS NOT SIGNED! "
- + this.expectedTerritory_.name() + " TSL ignored.");
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
+// // NEVER DO THIS! unless you want to import TSLs without signatures.
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NO_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NO_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+// }
+//
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+// }
- wrapException(e);
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+//
+// corrected = true;
+// }
+//
+//
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+//
+// corrected = true;
+// }
+//
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+//
+// corrected = true;
+// }
+//
+// if (corrected)
+// wrapException(e);
+// else
+// super.throwException(e);
+
+ super.throwException(e);
} else if (e instanceof FileNotFoundException) {
// we do not stop and continue processing
wrapException(e);
-
} else if (e instanceof IllegalArgumentException) {
// we do not stop and continue processing
wrapException(e);
-
} else {
// all other errors are treated as per default
super.throwException(e);
@@ -221,9 +226,6 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
if(
e instanceof FixedSaxLevelValidationExcption &&
enclosingMethod.getDeclaringClass().equals(ValidationFixupFilter.class)){
-
-
-
wrapException(e,
((LocatorAspect) e).getLocator(),
new FixedValidationMitigation("Performed SAX Level Fixup."));
@@ -247,7 +249,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
if (parameters[0] instanceof DOMError) {
DOMError domError = (DOMError) parameters[0];
- l.info(""+domError.getRelatedData());
+ _l.warn(""+domError.getRelatedData());
// domError.getRelatedData().getClass().getField("")
@@ -308,6 +310,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
}
});
return mitigatedResult;
+
}
}
@@ -378,11 +381,43 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
}
}
- l.error("Ignoring download error using old: " + parameters[0], null);
+ _l.err("Ignoring download error using old: " + parameters[0], null);
wrapException(e);
return parameters[1];
}
+// if (
+// expectedTerritory_ == Countries.PL &&(
+// (e.getCause() instanceof java.io.EOFException ||
+// e.getCause() instanceof iaik.security.ssl.SSLException) &&
+// parameters[0] instanceof URL &&
+// ((URL)parameters[0]).getProtocol().equalsIgnoreCase("https")
+// )){
+// File f = null;
+// System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
+// TLS.register("TLSv1");
+// try {
+// f = (File) enclosingMethod.invoke(thisObject, parameters);
+// } catch (IllegalAccessException e1) {
+// wrapException(e1);
+// } catch (InvocationTargetException e1) {
+// wrapException(e1);
+// }
+//
+// // System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", null);
+// TLS.register();
+//
+// if (f != null){
+// wrapException(e, null, new Mitigation() {
+// @Override
+// public String getReport() {
+// return "Trying TLSv1 and sun.security.ssl.allowUnsafeRenegotiation=true";
+// }
+// });
+// return f;
+// }
+// }
+
if (
e instanceof TSLSecurityException &&
enclosingMethod.getDeclaringClass().equals(TSLContext.class) &&
@@ -406,14 +441,14 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
wrapException(e1);
}
wrapException(e, getLocator(),
- new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation(){
- @Override
- public String getReport() {
- return "make an exception for " + expectedTerritory_ + " who have the wrong certificate in " +
- "the EU TSL and allow the certificate " +
- parameters[1];
- }
- });
+ new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation(){
+ @Override
+ public String getReport() {
+ return "make an exception for " + expectedTerritory_ + " who have the wrong certificate in " +
+ "the EU TSL and allow the certificate " +
+ parameters[1];
+ }
+ });
return null;
}
X509Certificate crt = (X509Certificate)parameters[1];
@@ -530,47 +565,45 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
}
}
-// //TODO: CONSIDER, IF WE REALLY WANT THIS PART OF CODE!
-// //ugly hack to accept a certificate which uses a crazy X509SubjectName!!
-// if ( expectedTerritory_ == Countries.DK &&
-// e instanceof KeySelectorException &&
-// parameters[0] instanceof X509DataImpl){
-// if (e.getMessage().equals("KeyInfo X509SubjectName (CN=Adam Arndt Digst,serialNumber=CVR:34051178-RID:25902029,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) does not match SubjectDN (serialNumber=CVR:34051178-RID:25902029+CN=Adam Arndt Digst,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) of KeyInfo X509Certificate.\n"+
-// "Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear MUST refer to the certificate or certificates containing the validation key.")) {
-//
-// X509DataImpl x509DataImpl = (X509DataImpl) parameters[0];
-//
-// Node child = x509DataImpl.getNode().getFirstChild().getNextSibling();
-// Node child1 = x509DataImpl.getNode().getFirstChild();
-//
-// x509DataImpl.getNode().removeChild(child);
-// x509DataImpl.getNode().removeChild(child1);
-//
-//
-// parameters[0] = (X509Data) x509DataImpl
-//
-// Object mitigatedResult = null;
-// try {
-//
-// mitigatedResult = enclosingMethod.invoke(thisObject, parameters);
-// } catch (IllegalAccessException e1) {
-// wrapException(e1);
-// } catch (InvocationTargetException e1) {
-// wrapException(e1);
-// }
-//
-// if (mitigatedResult != null){
-// wrapException(e, null, new Mitigation(null) {
-// @Override
-// public String getReport() {
-// return "Deleted wrong X509SubjectName from XMLDSIG Signature.";
-// }
-// });
-// return mitigatedResult;
-// }
-// }
-// }
-
+ if ( expectedTerritory_ == Countries.DK &&
+ e instanceof KeySelectorException &&
+ parameters[0] instanceof X509DataImpl){
+ if (e.getMessage().equals("KeyInfo X509SubjectName (CN=Adam Arndt Digst,serialNumber=CVR:34051178-RID:25902029,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) does not match SubjectDN (serialNumber=CVR:34051178-RID:25902029+CN=Adam Arndt Digst,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) of KeyInfo X509Certificate.\n"+
+ "Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear MUST refer to the certificate or certificates containing the validation key.")) {
+
+ X509DataImpl x509DataImpl = (X509DataImpl) parameters[0];
+
+ ListIterator li = x509DataImpl.getContent().listIterator();
+ li.next();
+ String sn = (String) li.next();
+
+ _l.err(sn, null);
+
+ System.exit(1);
+
+ Object mitigatedResult = null;
+ try {
+
+ mitigatedResult = enclosingMethod.invoke(thisObject, parameters);
+ } catch (IllegalAccessException e1) {
+ wrapException(e1);
+ } catch (InvocationTargetException e1) {
+ wrapException(e1);
+ }
+
+ if (mitigatedResult != null){
+ wrapException(e, null, new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation() {
+ @Override
+ public String getReport() {
+ return "Deleted wrong X509SubjectName from XMLDSIG Signature.";
+ }
+ });
+ return mitigatedResult;
+
+ }
+ }
+ }
+
} else {
if (e instanceof MitigatedTSLSecurityException){
@@ -578,7 +611,6 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
// and collect them
wrapException(e);
return null;
-
} else if (e instanceof FixedSaxLevelValidationExcption) {
// we allow to mitigate Sax Level Fixup for testing
// and collect them
@@ -607,7 +639,11 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
if(expectedTerritory_ == Countries.EL){
//fix the whitespace in Greece TSL
status = status.trim();
- }
+ }
+ if (status != null && status.startsWith("http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/")) {
+ status = status.substring("http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/".length());
+ }
+
return super.compressStatus(status);
}
@@ -625,6 +661,37 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
@Override
public iaik.xml.crypto.tsl.ValidationFixupFilter.Fixup getSaxLevelValidationFixup(SAXParseException e) {
+ if (expectedTerritory_ == Countries.AT){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.CZ){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.FR){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.NO){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.SK){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+
if (expectedTerritory_ == Countries.ES && getDownloadLocation().toString().contains(".es/")){
if (e.getMessage().equals("cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'tslx:CertSubjectDNAttributeType'.")){
return new LocalNameFixup("CertSubjectDNAttributeType","CertSubjectDNAttribute",e, this);
@@ -734,7 +801,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
String msg = e.getMessage();
- l.info(msg);
+ _l.info(msg);
return(
msg.startsWith("["+SQLiteErrorCode.SQLITE_CONSTRAINT.name()+"]") &&
msg.contains("column " + DbTables.TSLDownload.C.rawHash + " is not unique")
@@ -748,7 +815,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
@Override
protected long howLongWaitForThreads() {
// TODO Auto-generated method stub
- return 10000;
+ return 100000;
}
@Override
@@ -768,7 +835,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
synchronized (log) {
parentContext_.print("<" + ncName + " state=\"" + currentThread.getState()
+ "\" " + " id=\"" + currentThread.getId() + "\">\n" + log.toString() + "</"
- + ncName + ">\n");
+ + ncName + ">" + _.LB);
parentContext_.flushLog();
log.setLength(0);
}
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
index e4ee607c0..9e2e0e490 100644
--- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
+++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
@@ -159,6 +159,7 @@ config.46=Start periodical TSL update task at {0} and then every {1} millisecond
config.48=No whitelisted URIs given.
config.49=Whitelisted URI: {0}.
config.50=Fehler beim Erstellen des TSL Vertrauensprofils: Das Verzeichnis ({0}) ist kein Verzeichnis.
+config.51=Fehler beim Erstellen der TSL Konfiguration: TSL-Arbeitsverzeichnis ist fehlerhaft ({0}).
handler.00=Starte neue Transaktion: TID={0}, Service={1}
handler.01=Aufruf von Adresse={0}
diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml
new file mode 100644
index 000000000..0714500d5
--- /dev/null
+++ b/spss/server/serverws/moa-spss-ws.iml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+ <component name="FacetManager">
+ <facet type="web" name="Web">
+ <configuration>
+ <descriptors>
+ <deploymentDescriptor name="web.xml" url="file://$MODULE_DIR$/src/main/webapp/WEB-INF/web.xml" />
+ </descriptors>
+ <webroots>
+ <root url="file://$MODULE_DIR$/src/main/webapp" relative="/" />
+ <root url="file://$MODULE_DIR$/resources/wsdl" relative="resources/schemas" />
+ <root url="file://$MODULE_DIR$/../../handbook" relative="WEB-INF" />
+ </webroots>
+ </configuration>
+ </facet>
+ </component>
+ <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_5" inherit-compiler-output="false">
+ <output url="file://$MODULE_DIR$/target/classes" />
+ <output-test url="file://$MODULE_DIR$/target/test-classes" />
+ <content url="file://$MODULE_DIR$">
+ <excludeFolder url="file://$MODULE_DIR$/target" />
+ </content>
+ <orderEntry type="inheritedJdk" />
+ <orderEntry type="sourceFolder" forTests="false" />
+ <orderEntry type="module" module-name="moa-spss-lib" />
+ <orderEntry type="library" name="Maven: axis:axis:1.0_IAIK" level="project" />
+ <orderEntry type="library" name="Maven: org.apache.axis:axis-jaxrpc:1.4" level="project" />
+ <orderEntry type="library" name="Maven: org.apache.axis:axis-saaj:1.4" level="project" />
+ <orderEntry type="library" name="Maven: axis:axis-wsdl4j:1.5.1" level="project" />
+ <orderEntry type="library" name="Maven: commons-discovery:commons-discovery:0.2" level="project" />
+ <orderEntry type="library" name="Maven: commons-logging:commons-logging:1.0.4" level="project" />
+ <orderEntry type="library" name="Maven: javax.activation:activation:1.1" level="project" />
+ <orderEntry type="library" name="Maven: javax.mail:mail:1.4" level="project" />
+ <orderEntry type="library" name="Maven: log4j:log4j:1.2.14" level="project" />
+ <orderEntry type="library" scope="RUNTIME" name="Maven: postgresql:postgresql:7.2" level="project" />
+ <orderEntry type="library" name="Maven: javax.servlet:servlet-api:2.4" level="project" />
+ <orderEntry type="library" scope="PROVIDED" name="Maven: xalan-bin-dist:xalan:2.7.1" level="project" />
+ <orderEntry type="library" scope="PROVIDED" name="Maven: xalan:serializer:2.7.1" level="project" />
+ <orderEntry type="library" scope="PROVIDED" name="Maven: xml-apis:xml-apis:1.3.04" level="project" />
+ <orderEntry type="library" scope="PROVIDED" name="Maven: xerces:xercesImpl:2.9.0" level="project" />
+ <orderEntry type="library" scope="PROVIDED" name="Maven: xalan-bin-dist:xml-apis:2.7.1" level="project" />
+ <orderEntry type="library" scope="PROVIDED" name="Maven: xalan-bin-dist:serializer:2.7.1" level="project" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_moa:1.5" level="project" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_ixsil:1.2.2.5" level="project" />
+ <orderEntry type="library" scope="PROVIDED" name="Maven: iaik.prod:iaik_jce_full:5.101" level="project" />
+ <orderEntry type="library" scope="PROVIDED" name="Maven: iaik.prod:iaik_ecc:2.19" level="project" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_cms:4.1_MOA" level="project" />
+ <orderEntry type="library" scope="PROVIDED" name="Maven: iaik.prod:iaik_Pkcs11Provider:1.2.4" level="project" />
+ <orderEntry type="library" scope="PROVIDED" name="Maven: iaik.prod:iaik_Pkcs11Wrapper:1.2.17" level="project" />
+ <orderEntry type="module" module-name="moa-common" />
+ <orderEntry type="library" name="Maven: jaxen:jaxen:1.0-FCS" level="project" />
+ <orderEntry type="library" name="Maven: saxpath:saxpath:1.0-FCS" level="project" />
+ <orderEntry type="library" name="Maven: joda-time:joda-time:1.6.2" level="project" />
+ <orderEntry type="library" name="Maven: org.slf4j:slf4j-api:1.7.5" level="project" />
+ <orderEntry type="library" name="Maven: org.slf4j:slf4j-simple:1.7.5" level="project" />
+ <orderEntry type="library" name="Maven: org.slf4j:jcl-over-slf4j:1.7.5" level="project" />
+ <orderEntry type="library" name="Maven: org.slf4j:log4j-over-slf4j:1.7.5" level="project" />
+ <orderEntry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.5" level="project" />
+ <orderEntry type="library" name="Maven: commons-io:commons-io:1.3.2" level="project" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_tsl:1.0" level="project" />
+ <orderEntry type="library" name="Maven: iaik:iaik_xsect_eval:1.1709142" level="project" />
+ <orderEntry type="library" name="Maven: iaik:iaik_ecc_signed:2.19" level="project" />
+ <orderEntry type="library" name="Maven: iaik:iaik_jce_eval_signed:3.181" level="project" />
+ <orderEntry type="library" name="Maven: iaik:iaik_pki_module:1.0" level="project" />
+ <orderEntry type="library" name="Maven: iaik:iaik_javax_crypto:1.0" level="project" />
+ <orderEntry type="library" name="Maven: iaik:iaik_util:0.23" level="project" />
+ <orderEntry type="library" name="Maven: iaik:iaik_jsse:4.4" level="project" />
+ <orderEntry type="library" name="Maven: iaik:iaik_ssl:4.4" level="project" />
+ <orderEntry type="library" name="Maven: iaik:w3c_http:1.0" level="project" />
+ <orderEntry type="library" name="Maven: org.xerial:sqlite-jdbc:3.7.8-SNAPSHOT" level="project" />
+ <orderEntry type="library" name="Maven: stax:stax-api:1.0.1" level="project" />
+ <orderEntry type="library" name="Maven: javax.xml.bind:jaxb-api:2.2.6" level="project" />
+ <orderEntry type="library" name="Maven: com.sun.xml.bind:jaxb-impl:2.2.5" level="project" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_util:0.23" level="project" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_xsect:1.1709142" level="project" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_jsse:4.4" level="project" />
+ </component>
+</module>
+
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml
index b8a04eba4..76319b676 100644
--- a/spss/server/serverws/pom.xml
+++ b/spss/server/serverws/pom.xml
@@ -17,12 +17,26 @@
<repositoryPath>${basedir}/../../../repository</repositoryPath>
</properties>
+
+ <repositories>
+ <repository>
+ <id>JBoss IAIK</id>
+ <url>http://nexus.iaik.tugraz.at/nexus/content/repositories/nexus/</url>
+ <!-- <releases><enabled>true</enabled></releases> -->
+ </repository>
+ <repository>
+ <id>IAIK libs</id>
+ <url>http://nexus.iaik.tugraz.at/nexus/content/repositories/iaik/</url>
+ <!-- <releases><enabled>true</enabled></releases> -->
+ </repository>
+ </repositories>
+
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
- <version>2.1.1</version>
+ <version>2.3</version>
<!-- <version>2.0.2</version>-->
<configuration>
<archive>
@@ -70,7 +84,7 @@
<artifactId>iaik_ixsil</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_tsl</artifactId>
</dependency>
<dependency>
@@ -78,12 +92,12 @@
<artifactId>log4j</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_util</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_xsect</artifactId>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_xsect_eval</artifactId>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
@@ -98,13 +112,10 @@
<artifactId>sqlite-jdbc</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_jsse</artifactId>
- </dependency>
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_util</artifactId>
- </dependency>
+ </dependency>
+
<!-- transitive dependencies we don't want to include into the war -->
<dependency>
<groupId>iaik.prod</groupId>
diff --git a/spss/server/tools/moa-spss-tools.iml b/spss/server/tools/moa-spss-tools.iml
new file mode 100644
index 000000000..25d80b1dd
--- /dev/null
+++ b/spss/server/tools/moa-spss-tools.iml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+ <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_5" inherit-compiler-output="false">
+ <output url="file://$MODULE_DIR$/target/classes" />
+ <output-test url="file://$MODULE_DIR$/target/test-classes" />
+ <content url="file://$MODULE_DIR$">
+ <sourceFolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
+ <sourceFolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
+ <excludeFolder url="file://$MODULE_DIR$/target" />
+ </content>
+ <orderEntry type="inheritedJdk" />
+ <orderEntry type="sourceFolder" forTests="false" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_moa:1.5" level="project" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_jce_full:5.101" level="project" />
+ <orderEntry type="library" name="Maven: iaik.prod:iaik_ecc:2.19" level="project" />
+ <orderEntry type="library" name="Maven: log4j:log4j:1.2.14" level="project" />
+ <orderEntry type="library" name="Maven: xalan-bin-dist:xalan:2.7.1" level="project" />
+ <orderEntry type="library" name="Maven: xalan:serializer:2.7.1" level="project" />
+ <orderEntry type="library" name="Maven: xml-apis:xml-apis:1.3.04" level="project" />
+ <orderEntry type="library" name="Maven: commons-io:commons-io:1.3.2" level="project" />
+ </component>
+</module>
+
diff --git a/spss/server/tools/pom.xml b/spss/server/tools/pom.xml
index 48e0a998c..503c49545 100644
--- a/spss/server/tools/pom.xml
+++ b/spss/server/tools/pom.xml
@@ -25,6 +25,10 @@
<scope>compile</scope>
</dependency>
-->
+
+
+
+
<dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_moa</artifactId>
@@ -52,6 +56,10 @@
</dependency>
</dependencies>
+
+
+
+
<build>
<plugins>
<plugin>
@@ -63,6 +71,16 @@
</archive>
</configuration>
</plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.5</source>
+ <target>1.5</target>
+ </configuration>
+ </plugin>
</plugins>
</build>
+
</project>
diff --git a/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java b/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java
index 0c144ce73..d334501d2 100644
--- a/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java
+++ b/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java
@@ -60,7 +60,7 @@ public class CertTool {
/** Error message if the DN cannot be parsed according to RFC2253. */
private static final String ILLEGAL_RFC2253_NAME =
- "Kein gültiger RFC2253-Name";
+ "Kein gültiger RFC2253-Name";
/**
* Main entry point of the tool.
@@ -163,7 +163,7 @@ public class CertTool {
certStore.storeCertificate(cert, null);
- System.out.println("\nDas Zertifikat wurde erfolreich hinzugefügt.\n");
+ System.out.println("\nDas Zertifikat wurde erfolreich hinzugef�gt.\n");
} catch (FileNotFoundException e) {
System.err.println("Zertifikat nicht gefunden: " + certFile);
@@ -175,10 +175,10 @@ public class CertTool {
"Fehler beim Lesen des Zertifikats: " + e.getMessage());
} catch (DirectoryStoreException e) {
System.err.println(
- "Fehler beim Öffnen des Zertifikatsspeichers: " + e.getMessage());
+ "Fehler beim Öffnen des Zertifikatsspeichers: " + e.getMessage());
} catch (CertStoreException e) {
System.err.println(
- "Fehler beim Hinzufügen des Zertifikats: " + e.getMessage());
+ "Fehler beim Hinzufügen des Zertifikats: " + e.getMessage());
} catch (Throwable t) {
System.err.println("Allgemeiner Fehler: " + t.getMessage());
t.printStackTrace();