diff options
author | mcentner <mcentner@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2010-07-02 07:14:41 +0000 |
---|---|---|
committer | mcentner <mcentner@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2010-07-02 07:14:41 +0000 |
commit | 68af85701b6f797b0d662b89b95e043ee949defd (patch) | |
tree | 070935cdd1144aeeb8ce6adddd0da34a72e6ffef /spss | |
parent | 3d707db8bf4ec346b8ab6185b8e5ac5403bf2b0a (diff) | |
download | moa-id-spss-68af85701b6f797b0d662b89b95e043ee949defd.tar.gz moa-id-spss-68af85701b6f797b0d662b89b95e043ee949defd.tar.bz2 moa-id-spss-68af85701b6f797b0d662b89b95e043ee949defd.zip |
Merged branch 1.4.7_MOASP_TSL back into trunk.
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1165 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'spss')
36 files changed, 500 insertions, 91 deletions
diff --git a/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.component b/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.component index ea8402b5f..a5e02254b 100644 --- a/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.component +++ b/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.component @@ -1,8 +1,8 @@ -<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
- <wb-module deploy-name="moa-spss-handbook-referencedData">
- <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
- <property name="context-root" value="moa-spss-handbook-referencedData"/>
- <property name="java-output-path"/>
- </wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?> +<project-modules id="moduleCoreId" project-version="1.5.0"> + <wb-module deploy-name="moa-spss-handbook-referencedData"> + <wb-resource deploy-path="/" source-path="/src/main/webapp"/> + <property name="context-root" value="moa-spss-handbook-referencedData"/> + <property name="java-output-path"/> + </wb-module> +</project-modules> diff --git a/spss/handbook/clients/webservice/conf/http.properties b/spss/handbook/clients/webservice/conf/http.properties index e969c0574..8bf490a85 100644 --- a/spss/handbook/clients/webservice/conf/http.properties +++ b/spss/handbook/clients/webservice/conf/http.properties @@ -30,7 +30,7 @@ signRequest = resources/requests/CreateXMLSignatureRequest.Simple.xml verifyServiceQName = SignatureVerification # Zugangspunkt des Webservices -verifyServiceEndPoint = http://localhost:8080/moa-spss/services/SignatureVerification +verifyServiceEndPoint = http://localhost:18080/moa-spss/services/SignatureVerification #verifyServiceEndPoint = https://localhost:8443/moa-spss/services/SignatureVerification # Name des zu sendenden Signaturprüfrequests (entweder absolute diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.4.5.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd index 8da3a72b0..a61eed289 100644 --- a/spss/handbook/handbook/config/MOA-SPSS-config-1.4.5.xsd +++ b/spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd @@ -1,4 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v2004 rel. 4 U (http://www.xmlspy.com) by Klaus Stranacher (ORiON) -->
<!--
MOA SP/SS 1.4.5 Configuration Schema
-->
@@ -139,6 +140,7 @@ <xs:element name="Id" type="xs:token"/>
<xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>
<xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
+ <xs:element name="TSLLocation" type="xs:anyURI" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
@@ -152,7 +154,7 @@ <xs:element name="MaxRevocationAge" type="xs:integer"/>
<xs:element name="ServiceOrder" minOccurs="0">
<xs:complexType>
- <xs:sequence minOccurs="1" maxOccurs="2">
+ <xs:sequence maxOccurs="2">
<xs:element name="Service">
<xs:simpleType>
<xs:restriction base="xs:token">
diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html index 88c770dc1..1fe63c118 100644 --- a/spss/handbook/handbook/config/config.html +++ b/spss/handbook/handbook/config/config.html @@ -15,7 +15,7 @@ </tr> </table> <hr/> - <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.6</a></p> + <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.7</a></p> <p class="subtitle">Konfiguration</p> <hr/> <h1>Inhalt</h1> @@ -135,7 +135,7 @@ </tr> </table> <h2><a name="übersicht_zentraledatei" id="übersicht_zentraledatei"></a>1.2 Zentrale Konfigurationsdatei</h2> - <p>Die Konfiguration von MOA SP/SS erfolgt zentral über eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema <a href="./MOA-SPSS-config-1.4.5.xsd">MOA-SPSS-config-1.4.5.xsd</a> entsprechen. <a href="#konfigurationsparameter">Abschnitt 2</a> erläutert die Konfigurationsmöglichkeiten im Einzelnen.</p> + <p>Die Konfiguration von MOA SP/SS erfolgt zentral über eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema <a href="./MOA-SPSS-config-1.4.7.xsd">MOA-SPSS-config-1.4.7.xsd</a> entsprechen. <a href="#konfigurationsparameter">Abschnitt 2</a> erläutert die Konfigurationsmöglichkeiten im Einzelnen.</p> <h3><a name="übersicht_zentraledatei_aktualisierung" id="übersicht_zentraledatei_aktualisierung"></a>1.2.1 Aktualisierung auf das Format von MOA SP/SS 1.3</h3> <p>Mit dem Wechsel auf Version 1.3 verwendet MOA SP/SS ein neues, übersichtlicheres Format für die @@ -690,6 +690,12 @@ als relativ zum Pfad jenes Verzeichnisses interpretiert werden, in dem die zentr gespeichert ist. Eine absolute URL muss als Protokoll-Teil <code>file</code> verwenden. Das referenzierte Verzeichnis muss eine oder mehrere DER-kodierte Zertifikatsdateien beinhalten. Jede Zertifikatsdatei repräsentiert ein explizit erlaubtes Signatorzertifikat. </li> + <li>Element <code>TSLLocation</code>: Dieses optionale Element vom Typ <code>xs:anyURI </code> enthält + eine relative oder absolute URL, die ein Verzeichnis im lokalen Dateisystem referenziert. + Eine relative URL wird relativ zum Pfad jenes Verzeichnisses interpretiert, in dem die zentrale + Konfigurationsdatei gespeichert ist. Eine absolute URL muss als Protokoll-Teil <code>file</code> verwenden. Das referenzierte Verzeichnis muss ein oder mehrere Trust-sercice Status Lists beinhalten.<br> + Ist dieses Element vorhanden so wird zusätzlich eine TSL Verifkation durchgeführt, deren Ergebnis in der Response im Element <code>TSLCheck</code> vorhanden ist. <br> + <strong>Anmerkung</strong>: Für die Nutzung der TSLs gehen wir davon aus, dass die Signatur der TSLs zuvor überprüft worden ist. </li> </ul></td> </tr> </table> diff --git a/spss/handbook/handbook/faq/faq.html b/spss/handbook/handbook/faq/faq.html index d7e034053..0cf712c63 100644 --- a/spss/handbook/handbook/faq/faq.html +++ b/spss/handbook/handbook/faq/faq.html @@ -15,7 +15,7 @@ </tr> </table> <hr/> - <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.6</a></p> + <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.7</a></p> <p class="subtitle">FAQ</p> <hr/> <h1>Inhalt</h1> diff --git a/spss/handbook/handbook/index.html b/spss/handbook/handbook/index.html index 72d213fa7..b817c893d 100644 --- a/spss/handbook/handbook/index.html +++ b/spss/handbook/handbook/index.html @@ -16,7 +16,7 @@ </table> <hr/> <p class="title">MOA: Serversignatur (SS) und Signaturprüfung (SP) </p> - <p class="subtitle">Übersicht zur Dokumentation der Version 1.4.6 </p> + <p class="subtitle">Übersicht zur Dokumentation der Version 1.4.7 </p> <hr/> <dl> <dt><a href="./intro/intro.html">Einführung</a></dt> diff --git a/spss/handbook/handbook/install/install.html b/spss/handbook/handbook/install/install.html index 642f80d6f..f27da9479 100644 --- a/spss/handbook/handbook/install/install.html +++ b/spss/handbook/handbook/install/install.html @@ -15,7 +15,7 @@ </tr> </table> <hr/> - <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.6</a></p> + <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.7</a></p> <p class="subtitle">Installation</p> <hr/> <h1>Inhalt</h1> @@ -114,7 +114,7 @@ <p> Die Basisinstallation des Webservices stellt einerseits die minimalen Anforderungen für den Betrieb von MOA SP/SS als Webservices dar, andererseits dient sie als Ausgangspunkt für optionale <a href="#webservice_erweiterungsmöglichkeiten">Erweiterungsmöglichkeiten</a>.</p> <p> Folgende Software ist Voraussetzung für die Basisinstallation des Webservices: </p> <ul> - <li><a href="#referenziertesoftware">J2SE 1.4.x SDK oder J2SE 5.0 SDK </a></li> + <li><a href="#referenziertesoftware">J2SE 1.4.x SDK oder J2SE 5.0 SDK </a>(Anmerkung: Für die Nutzung der TSL Funktionlität ist <a href="#referenziertesoftware">J2SE 5.0 SDK</a> Voraussetzung)</li> <li><a href="#referenziertesoftware">Apache Tomcat 4.1.18 oder höher </a></li> </ul> <p>In diesem Betriebs-Szenario wird das MOA SP/SS Webservice in Tomcat zum Einsatz gebracht. Tomcat fungiert gleichzeitig als HTTP- und HTTPS-Endpunkt für das MOA SP/SS Webservice. Beide Protokolle werden direkt in Tomcat konfiguriert. Das MOA SP/SS Webservice verwendet Log4j als Logging Toolkit.</p> diff --git a/spss/handbook/handbook/intro/intro.html b/spss/handbook/handbook/intro/intro.html index 27031018d..339528911 100644 --- a/spss/handbook/handbook/intro/intro.html +++ b/spss/handbook/handbook/intro/intro.html @@ -15,7 +15,7 @@ </tr> </table> <hr/> - <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.6</a></p> + <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.7</a></p> <p class="subtitle">Einführung</p> <hr/> <h1>Inhalt</h1> diff --git a/spss/handbook/handbook/spec/MOA-SPSS-1.3.wsdl b/spss/handbook/handbook/spec/MOA-SPSS-1.3.wsdl index cc7aec4dc..8ae1c1ff4 100644 --- a/spss/handbook/handbook/spec/MOA-SPSS-1.3.wsdl +++ b/spss/handbook/handbook/spec/MOA-SPSS-1.3.wsdl @@ -3,7 +3,7 @@ Web Service Description for MOA SP/SS 1.3
-->
<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-1.3.xsd"/>
+ <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-SPSS-1.3.xsd"/>
<message name="CreateXMLSignatureInput">
<part name="body" element="moa:CreateXMLSignatureRequest"/>
</message>
diff --git a/spss/handbook/handbook/usage/usage.html b/spss/handbook/handbook/usage/usage.html index 71b901812..a3c411a1d 100644 --- a/spss/handbook/handbook/usage/usage.html +++ b/spss/handbook/handbook/usage/usage.html @@ -15,7 +15,7 @@ </tr> </table> <hr/> - <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.6</a></p> + <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.7</a></p> <p class="subtitle">Anwendung</p> <hr/> <h1>Inhalt</h1> @@ -1214,10 +1214,6 @@ Ich habe weiters ein eigenens ID-Attribut bekommen.</doc:Paragraph> <td>Webservice-Framework aus dem Apache Project</td> </tr> <tr> - <td><a href="http://java.sun.com/j2se/1.3.1/" target="_blank">J2SE 1.3.1 SDK/JRE</a> </td> - <td>Java 2 Standard Edition in der Version 1.3.1 (Software Development Kit bzw. Java Runtime Environment) </td> - </tr> - <tr> <td><a href="http://java.sun.com/j2se/1.4.2/" target="_blank">J2SE 1.4.2 SDK/JRE</a></td> <td>Java 2 Standard Edition in der Version 1.4.2 (Software Development Kit bzw. Java Runtime Environment) </td> </tr> diff --git a/spss/pom.xml b/spss/pom.xml index 841f1e665..d0ea8fd65 100644 --- a/spss/pom.xml +++ b/spss/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA</groupId> <artifactId>MOA</artifactId> - <version>1.4.6</version> + <version>1.4.7</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/spss/server/history.txt b/spss/server/history.txt index 3aa79b3f6..3f2f420a0 100644 --- a/spss/server/history.txt +++ b/spss/server/history.txt @@ -1,4 +1,17 @@ ############## +1.4.7 +############## + +- In den Trustprofilen können nun Trust-service Status Lists (TSLs) angegeben werden. + MOA-SP liefert hierbei in der Response das TSL Verifikationsergebnis im Element + TSLCheck retour (siehe hierzu Dokumentation - Konfiguration Kapitel "2.3.1.2.2 + Vertrauensprofile"). + +- Bei Nutzung der TSL-Funktionalität ist Java 1.5 Voraussetzung + +- IAIK Libraries aktualisiert: + iaik-moa: Version 1.27 +############## 1.4.6 ############## diff --git a/spss/server/readme.update.txt b/spss/server/readme.update.txt index e2d2f5dbd..fb87ed327 100644 --- a/spss/server/readme.update.txt +++ b/spss/server/readme.update.txt @@ -1,11 +1,11 @@ ====================================================================== - Update einer bestehenden MOA-SPSS-Installation auf Version 1.4.6 + Update einer bestehenden MOA-SPSS-Installation auf Version 1.4.7 ====================================================================== Es gibt zwei Möglichkeiten (im Folgenden als "Update Variante A" und "Update Variante B" bezeichnet), das Update von MOA-SPSS auf Version -1.4.6 durchzuführen. Update Variante A geht dabei den Weg über eine +1.4.7 durchzuführen. Update Variante A geht dabei den Weg über eine vorangestellte Neuinstallation, während Variante B direkt eine bestehende Installation aktualisiert. @@ -16,8 +16,10 @@ JAVA_HOME bezeichnet das Wurzelverzeichnis der JDK-Installation CATALINA_HOME bezeichnet das Wurzelverzeichnis der Tomcat-Installation MOA_SPSS_INST bezeichnet das Verzeichnis, in das Sie die Datei -moa-spss-1.4.6.zip entpackt haben. +moa-spss-1.4.7.zip entpackt haben. +Anmerkung: Wenn Sie MOA-SP mit TSL Unterstützung verwenden wollen, dann +ist die Verwendung von Java 1.5 Voraussetzung dafür. ================= Update Variante A @@ -35,8 +37,7 @@ Update Variante A die Sie aus Ihrer alten Installation beibehalten möchten, aus Ihrer Sicherungskopie in die entsprechenden Verzeichnisse der neuen Installation. - Anmerkung: Diese Distribution enthält neue A-TRUST und E-CARD-Zertifikate. - Falls Sie Ihre alten Trustprofile beibehalten wollen, gehen Sie wie unter + Anmerkung: Falls Sie Ihre alten Trustprofile beibehalten wollen, gehen Sie wie unter Update Variante B, Punkt 9 beschrieben vor, um Ihre alten Trustprofile auf einen aktuellen Stand zu bringen. @@ -55,7 +56,7 @@ Update Variante B 1.) Erstellen Sie eine Sicherungskopie des kompletten Tomcat-Verzeichnisses Ihrer MOA-SPSS-Installation. -2.) Entpacken Sie die Datei "moa-spss-1.4.6.zip" in das Verzeichnis MOA_SPSS_INST. +2.) Entpacken Sie die Datei "moa-spss-1.4.7.zip" in das Verzeichnis MOA_SPSS_INST. 3.) Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach. diff --git a/spss/server/serverlib/.classpath b/spss/server/serverlib/.classpath index 1c79cc393..f0e483a4a 100644 --- a/spss/server/serverlib/.classpath +++ b/spss/server/serverlib/.classpath @@ -1,9 +1,13 @@ -<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
- <classpathentry kind="src" output="target/classes" path="src/main/java"/>
- <classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
- <classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
- <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
- <classpathentry kind="output" path="target/classes"/>
-</classpath>
+<?xml version="1.0" encoding="UTF-8"?> +<classpath> + <classpathentry kind="src" output="target/classes" path="src/main/java"/> + <classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/> + <classpathentry kind="src" output="target/test-classes" path="src/test/java"/> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/> + <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"> + <attributes> + <attribute name="org.eclipse.jst.component.nondependency" value=""/> + </attributes> + </classpathentry> + <classpathentry kind="output" path="target/classes"/> +</classpath> diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.component b/spss/server/serverlib/.settings/org.eclipse.wst.common.component index ebc030867..e4ceae723 100644 --- a/spss/server/serverlib/.settings/org.eclipse.wst.common.component +++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.component @@ -1,8 +1,7 @@ -<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-<wb-module deploy-name="moa-spss-lib">
-<wb-resource deploy-path="/" source-path="/src/main/java"/>
-<wb-resource deploy-path="/" source-path="/src/test/java"/>
-<wb-resource deploy-path="/" source-path="/src/main/resources"/>
-</wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?> +<project-modules id="moduleCoreId" project-version="1.5.0"> +<wb-module deploy-name="moa-spss-lib"> +<wb-resource deploy-path="/" source-path="/src/main/java"/> +<wb-resource deploy-path="/" source-path="/src/main/resources"/> +</wb-module> +</project-modules> diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index 6648f8c55..4ee7075e3 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -9,7 +9,7 @@ <groupId>MOA.spss.server</groupId>
<artifactId>moa-spss-lib</artifactId>
<packaging>jar</packaging>
- <version>1.4.6</version>
+ <version>1.4.7</version>
<name>MOA SP/SS API</name>
<properties>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java index 0aedba6a6..1a778ad2b 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java @@ -22,17 +22,17 @@ import java.util.Date; import java.util.List; import java.util.Map; +import org.apache.commons.discovery.tools.DiscoverClass; import org.w3c.dom.Element; import org.w3c.dom.NodeList; -import org.apache.commons.discovery.tools.DiscoverClass; - import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.Content; import at.gv.egovernment.moa.spss.api.common.MetaInfo; import at.gv.egovernment.moa.spss.api.common.SignerInfo; @@ -434,6 +434,7 @@ public abstract class SPSSFactory { * @param signerInfo Information about the signer certificate. * @param signatureCheck Result of the singature value check. * @param certificateCheck Result of the certificate status check. + * @param tslCheck Result of the TSL check * @return The new <code>VerifyCMSSignatureResponseElement</code> containing * the above data. * @@ -444,7 +445,8 @@ public abstract class SPSSFactory { public abstract VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement( SignerInfo signerInfo, CheckResult signatureCheck, - CheckResult certificateCheck); + CheckResult certificateCheck, + CheckTSLResult tslCheck); // // Factory methods for verifying XML signatures @@ -698,7 +700,8 @@ public abstract class SPSSFactory { ReferencesCheckResult signatureCheck, ReferencesCheckResult signatureManifestCheck, List xmlDsigManifestChecks, - CheckResult certificateCheck); + CheckResult certificateCheck, + CheckTSLResult tslCheck); /** * Create a new <code>ReferencesCheckResult</code> object. @@ -988,6 +991,19 @@ public abstract class SPSSFactory { public abstract CheckResult createCheckResult(int code, NodeList info); /** + * Create a new <code>CheckTSLResult</code> object. + * + * @param code The numerical error code. + * @param info Verbose error information. + * @return The new <code>CheckTSLResult</code> containing the above data. + * + * @pre code >= 0 + * @pre info != null + * @post return != null + */ + public abstract CheckTSLResult createCheckTSLResult(int code, String info); + + /** * Create a new <code>SignerInfo</code> object. * * @param signerCertificate The signer certificate in binary form. diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java index 26fd5911d..e2f44c540 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java @@ -16,6 +16,7 @@ package at.gv.egovernment.moa.spss.api.cmsverify; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -44,4 +45,10 @@ public interface VerifyCMSSignatureResponseElement { * @return The result of the certificate verification. */ public CheckResult getCertificateCheck(); + /** + * Gets the result of the TSL verification + * + * @return The result of the TSL verification + */ + public CheckTSLResult getTSLCheck(); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java new file mode 100644 index 000000000..f31512cdb --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java @@ -0,0 +1,40 @@ +/*
+* Copyright 2003 Federal Chancellery Austria
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egovernment.moa.spss.api.common;
+
+import org.w3c.dom.NodeList;
+
+/**
+ * Object encapsulating the result of a TSL verification.
+ *
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id: CheckResult.java 1087 2008-08-28 07:55:59Z mcentner $
+ */
+public interface CheckTSLResult {
+ /**
+ * Gets the result code.
+ *
+ * @return The result code.
+ */
+ public int getCode();
+ /**
+ * Gets descriptive information.
+ *
+ * @return Descriptive information.
+ */
+ public String getInfo();
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java new file mode 100644 index 000000000..62f3ab979 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java @@ -0,0 +1,66 @@ +/*
+* Copyright 2003 Federal Chancellery Austria
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
+
+/**
+ * Default implementation of <code>CheckTSLResult</code>.
+ *
+ * @author Fatemeh Philippi
+ * @author Klaus Stranacher
+ * @version $Id: CheckResultImpl.java 1087 2008-08-28 07:55:59Z mcentner $
+ */
+public class CheckTSLResultImpl implements CheckTSLResult {
+ /** The result code. */
+ private int code;
+
+ /** Additional information. */
+ private String info;
+
+ /**
+ * Sets a result code.
+ *
+ * @param code The result code.
+ */
+ public void setCode(int code) {
+ this.code = code;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.spss.api.common.CheckTSLResult#getCode()
+ */
+ public int getCode() {
+ return code;
+ }
+
+ /**
+ * Sets a descriptive information.
+ *
+ * @param info The descriptive information.
+ */
+ public void setInfo(String info) {
+ this.info = info;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.spss.api.common.CheckTSLResult#getInfo()
+ */
+ public String getInfo() {
+ return info;
+ }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java index f0d16046c..8cf06bb15 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java @@ -32,6 +32,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.Content; import at.gv.egovernment.moa.spss.api.common.MetaInfo; import at.gv.egovernment.moa.spss.api.common.SignerInfo; @@ -259,12 +260,15 @@ public class SPSSFactoryImpl extends SPSSFactory { public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement( SignerInfo signerInfo, CheckResult signatureCheck, - CheckResult certificateCheck) { + CheckResult certificateCheck, + CheckTSLResult tslCheck) { VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement = new VerifyCMSSignatureResponseElementImpl(); verifyCMSSignatureResponseElement.setSignerInfo(signerInfo); verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck); verifyCMSSignatureResponseElement.setCertificateCheck(certificateCheck); + verifyCMSSignatureResponseElement.setTSLCheck(tslCheck); + return verifyCMSSignatureResponseElement; } @@ -390,7 +394,8 @@ public class SPSSFactoryImpl extends SPSSFactory { ReferencesCheckResult signatureCheck, ReferencesCheckResult signatureManifestCheck, List xmlDsigManifestChecks, - CheckResult certificateCheck) { + CheckResult certificateCheck, + CheckTSLResult tslCheck) { VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse = new VerifyXMLSignatureResponseImpl(); verifyXMLSignatureResponse.setSignerInfo(signerInfo); @@ -401,6 +406,8 @@ public class SPSSFactoryImpl extends SPSSFactory { signatureManifestCheck); verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks); verifyXMLSignatureResponse.setCertificateCheck(certificateCheck); + verifyXMLSignatureResponse.setTSLCheck(tslCheck); + return verifyXMLSignatureResponse; } @@ -557,6 +564,13 @@ public class SPSSFactoryImpl extends SPSSFactory { checkResult.setInfo(info); return checkResult; } + + public CheckTSLResult createCheckTSLResult(int code, String info) { + CheckTSLResultImpl checkTSLResult = new CheckTSLResultImpl(); + checkTSLResult.setCode(code); + checkTSLResult.setInfo(info); + return checkTSLResult; + } public SignerInfo createSignerInfo( X509Certificate signerCertificate, diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java index 322e83baa..f80c4ace2 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java @@ -17,6 +17,7 @@ package at.gv.egovernment.moa.spss.api.impl; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -34,7 +35,9 @@ public class VerifyCMSSignatureResponseElementImpl private CheckResult signatureCheck; /** Information about the certificate check. */ private CheckResult certificateCheck; - + /** Information about the TSL check */ + private CheckTSLResult tslCheck; + /** * Sets a SignerInfo element according to CMS. * @@ -73,5 +76,17 @@ public class VerifyCMSSignatureResponseElementImpl public CheckResult getCertificateCheck() { return certificateCheck; } + + /** + * Sets a result of the TSL verification. + * + * @param tslCheck The result of the TSL verification. + */ + public void setTSLCheck(CheckTSLResult tslCheck) { + this.tslCheck = tslCheck; + } + public CheckTSLResult getTSLCheck() { + return tslCheck; + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java index 3777e8958..ea6a180a7 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java @@ -20,6 +20,7 @@ import java.util.Collections; import java.util.List; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; @@ -52,7 +53,9 @@ public class VerifyXMLSignatureResponseImpl private List xmlDsigManifestChecks = new ArrayList(); /** Information about the certificate check. */ private CheckResult certificateCheck; - + /** Information about the TSL check. */ + private CheckTSLResult tslCheck; + /** * Sets information about the signer certificate. * @@ -136,6 +139,18 @@ public class VerifyXMLSignatureResponseImpl public CheckResult getCertificateCheck() { return certificateCheck; } + /** + * Sets the result of the TSL verification. + * + * @param certificateCheck The result of the TSL verification. + */ + public void setTSLCheck(CheckTSLResult tslCheck) { + this.tslCheck = tslCheck; + } + + public CheckTSLResult getTSLCheck() { + return tslCheck; + } /** * Sets the XMLDSigManifestChecks. diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java index 3bef8659a..30d19023a 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java @@ -217,5 +217,40 @@ class ResponseBuilderUtils { } root.appendChild(codeInfoElem); } + + /** + * Add an element containing <code>Code</code> and <code>Info</code> + * subelements. + * + * @param response The response document, in order to create new elements in + * it. + * @param root The root element into which to insert the newly created + * element. + * @param elementName The name of the newly created element. + * @param code The content of the <code>Code</code> subelement. + * @param info The content of the <code>Info</code> subelement. + */ + public static void addCodeInfoElement( + Document response, + Element root, + String elementName, + int code, + String info) { + + Element codeInfoElem = response.createElementNS(MOA_NS_URI, elementName); + Element codeElem = response.createElementNS(MOA_NS_URI, "Code"); + Element infoElem; + int i; + + codeElem.appendChild(response.createTextNode(Integer.toString(code))); + codeInfoElem.appendChild(codeElem); + + if (info != null) { + infoElem = response.createElementNS(MOA_NS_URI, "Info"); + infoElem.appendChild(response.createTextNode(info)); + codeInfoElem.appendChild(infoElem); + } + root.appendChild(codeInfoElem); + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java index 80d8575f9..2e4a95a89 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java @@ -25,6 +25,7 @@ import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -89,6 +90,7 @@ public class VerifyCMSSignatureResponseBuilder { SignerInfo signerInfo = responseElement.getSignerInfo(); CheckResult signatureCheck = responseElement.getSignatureCheck(); CheckResult certCheck = responseElement.getCertificateCheck(); + CheckTSLResult tslCheck = responseElement.getTSLCheck(); ResponseBuilderUtils.addSignerInfo( responseDoc, @@ -111,6 +113,13 @@ public class VerifyCMSSignatureResponseBuilder { "CertificateCheck", certCheck.getCode(), certCheck.getInfo()); + + ResponseBuilderUtils.addCodeInfoElement( + responseDoc, + responseElem, + "TSLCheck", + tslCheck.getCode(), + tslCheck.getInfo()); } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java index a8be59766..dedb1dc88 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java @@ -135,6 +135,13 @@ public class VerifyXMLSignatureResponseBuilder { "CertificateCheck", response.getCertificateCheck().getCode(), response.getCertificateCheck().getInfo()); + + ResponseBuilderUtils.addCodeInfoElement( + responseDoc, + responseElem, + "TSLCheck", + response.getTSLCheck().getCode(), + response.getTSLCheck().getInfo()); return responseDoc; } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java index 01fe9cf2c..63da503cb 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java @@ -18,6 +18,7 @@ package at.gv.egovernment.moa.spss.api.xmlverify; import java.util.List; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -71,5 +72,14 @@ public interface VerifyXMLSignatureResponse { * @return The result of the certificate verification. */ public CheckResult getCertificateCheck(); + + /** + * Gets the result of the TSL verification. + * + * @return The result of the TSL verification. + */ + public CheckTSLResult getTSLCheck(); + + } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 3ad7b761f..51669026f 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -949,7 +949,8 @@ public class ConfigurationPartsBuilder { String id = getElementValue(profileElem, CONF + "Id", null); String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); - + String tslLocStr = getElementValue(profileElem, CONF + "TSLLocation", null); + URI trustAnchorsLocURI = null; try { @@ -973,6 +974,34 @@ public class ConfigurationPartsBuilder { warn("config.27", new Object[] { "uri", id }); continue; } + + + URI tslLocURI = null; + if (tslLocStr != null) { + + try + { + tslLocURI = new URI(tslLocStr); + if (!tslLocURI.isAbsolute()) { // make it absolute to the config file + tslLocURI = new URI(configRoot_.toURL() + tslLocStr); + } + } + catch (URIException e) { + warn("config.14", new Object[] { "uriTSL", id, tslLocStr }, e); + continue; + } + catch (MalformedURLException e) + { + warn("config.33", new Object[] {id}, e); + continue; + } + + File profileDirTSL = new File(tslLocURI.getPath()); + if (!profileDirTSL.exists() || !profileDirTSL.isDirectory()) { + warn("config.27", new Object[] { "uriTSL", id }); + continue; + } + } if (trustProfiles.containsKey(id)) { warn("config.04", new Object[] { "TrustProfile", id }); @@ -1004,7 +1033,10 @@ public class ConfigurationPartsBuilder { } signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null; - TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr); + String tslLocURIString = null; + if (tslLocURI != null) + tslLocURIString = tslLocURI.toString(); + TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslLocURIString); trustProfiles.put(id, profile); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java index 85d3947aa..66c08e34e 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java @@ -28,7 +28,9 @@ public class TrustProfile { private String uri; /** The URI giving the location of the allowed signer certificates. */ private String signerCertsUri; - + /** The URI giving the location of the TSLs */ + private String uriTSL; + /** * Create a <code>TrustProfile</code>. * @@ -36,11 +38,13 @@ public class TrustProfile { * @param uri The URI of the <code>TrustProfile</code> to create. * @param signerCertsUri The URI of the location of the allowed signer * certificates of the <code>TrustProfile</code> to create. + * @param uriTSL The URI to the TSLs */ - public TrustProfile(String id, String uri, String signerCertsUri) { + public TrustProfile(String id, String uri, String signerCertsUri, String uriTSL) { this.id = id; this.uri = uri; this.signerCertsUri = signerCertsUri; + this.uriTSL = uriTSL; } /** @@ -70,4 +74,12 @@ public class TrustProfile { public String getSignerCertsUri() { return signerCertsUri; } + + /** + * Return the URI of the location of the TSLS + * @return The URI of the location of the TSLS + */ + public String getUriTSL() { + return uriTSL; + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 96c8b984e..b5c1023ab 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; +import at.gv.egovernment.moa.spss.server.config.TrustProfile; import at.gv.egovernment.moa.spss.server.logging.IaikLog; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; @@ -113,7 +114,11 @@ public class CMSSignatureVerificationInvoker { // get the signature signature = request.getCMSSignature(); + // get the actual trustprofile + TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); + try { + // get the signed content signedContent = getSignedContent(request); @@ -169,7 +174,7 @@ public class CMSSignatureVerificationInvoker { for (resultIter = results.iterator(); resultIter.hasNext();) { result = (CMSSignatureVerificationResult) resultIter.next(); - responseBuilder.addResult(result); + responseBuilder.addResult(result, trustProfile); } } else { int i; @@ -180,7 +185,7 @@ public class CMSSignatureVerificationInvoker { try { result = (CMSSignatureVerificationResult) results.get(signatories[i] - 1); - responseBuilder.addResult(result); + responseBuilder.addResult(result, trustProfile); } catch (IndexOutOfBoundsException e) { throw new MOAApplicationException( "2249", @@ -188,7 +193,7 @@ public class CMSSignatureVerificationInvoker { } } } - + return responseBuilder.getResponse(); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index 8a0b3de13..b7bdbc9b8 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -15,19 +15,25 @@ */ package at.gv.egovernment.moa.spss.server.invoke; +import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; +import iaik.server.modules.cmsverify.CertificateValidationResult; +import iaik.server.modules.xmlverify.XMLSignatureVerificationResult; + import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; - -import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; -import iaik.server.modules.cmsverify.CertificateValidationResult; +import java.util.ListIterator; import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; +import at.gv.egovernment.moa.spss.server.config.TrustProfile; +import at.gv.egovernment.moa.spss.util.MessageProvider; /** * A class to build a <code>VerifyCMSSignatureResponse</code> object. @@ -60,21 +66,24 @@ public class VerifyCMSSignatureResponseBuilder { * Add a verification result to the response. * * @param result The result to add. - * @throws MOAApplicationException An error occurred adding the result. + * @param trustprofile The actual trustprofile + * @throws MOAException */ - public void addResult(CMSSignatureVerificationResult result) - throws MOAApplicationException { + public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile) + throws MOAException { CertificateValidationResult certResult = result.getCertificateValidationResult(); int signatureCheckCode = result.getSignatureValueVerificationCode().intValue(); int certificateCheckCode = certResult.getValidationResultCode().intValue(); + VerifyCMSSignatureResponseElement responseElement; SignerInfo signerInfo; CheckResult signatureCheck; CheckResult certificateCheck; - + CheckTSLResult tslCheck; + // add SignerInfo element signerInfo = factory.createSignerInfo( @@ -88,14 +97,55 @@ public class VerifyCMSSignatureResponseBuilder { // add CertificateCheck element certificateCheck = factory.createCheckResult(certificateCheckCode, null); + + // add TSL check + tslCheck = validateTSL(result, trustProfile); + // build the response element responseElement = factory.createVerifyCMSSignatureResponseElement( signerInfo, signatureCheck, - certificateCheck); + certificateCheck, + tslCheck); responseElements.add(responseElement); } + + /** + * Checks the certificate chain against the given (in the provided <code>trustProfile</code>) TSLs + * + * @param result The result produced by the <code>XMLSignatureVerificationModule</code>. + * + * @param trustProfile The trust profile the signer certificate is validated against. + * + * @return The overal result of the TSL validation. + * + * @throws MOAException + */ + private CheckTSLResult validateTSL(CMSSignatureVerificationResult result, TrustProfile trustProfile) + throws MOAException +{ + MessageProvider msg = MessageProvider.getInstance(); + //String logMsg = msg.getMessage("tsl.00", new Object[]{trustProfile.getId(), files[i].getName()}); + + // TODO KS: TSL initialisieren, TSL abfrage mit chain + + List chain = result.getCertificateValidationResult().getCertificateChain(); + String uriTSL = trustProfile.getUriTSL(); + //System.out.println("Size: " + chain.size()); + ListIterator it = chain.listIterator(); + while(it.hasNext()) { + X509Certificate cert = (X509Certificate) it.next(); + //System.out.println(cert.getSubjectDN()); + } + //System.out.println("URL-TSL: " + uriTSL); + + int resultCode = 0; + String resultInfo = msg.getMessage("tsl.00", null); + + SPSSFactory factory = SPSSFactory.getInstance(); + return factory.createCheckTSLResult(resultCode, resultInfo); +} } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index 1250fcad5..68ba4ad7e 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -42,6 +42,7 @@ import org.w3c.dom.NodeList; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.Content; import at.gv.egovernment.moa.spss.api.common.InputData; import at.gv.egovernment.moa.spss.api.common.SignerInfo; @@ -86,6 +87,9 @@ public class VerifyXMLSignatureResponseBuilder { private List xmlDsigManifestChecks; /** The result of the certificate check. */ private CheckResult certificateCheck; + /** The result of the TSL check. */ + private CheckTSLResult tslCheck; + /** * Get the <code>VerifyMLSignatureResponse</code> built so far. @@ -100,7 +104,8 @@ public class VerifyXMLSignatureResponseBuilder { signatureCheck, signatureManifestCheck, xmlDsigManifestChecks, - certificateCheck); + certificateCheck, + tslCheck); } /** @@ -113,14 +118,16 @@ public class VerifyXMLSignatureResponseBuilder { * @param profile The profile used for verifying the signature. * @param transformsSignatureManifestCheck The overall result for the signature * manifest check. - * @param certificateCheck The overall result for the certificate check. + * @param certificateCheck The overall result for the certificate check. + * @param tslCheck The result of the TSL check * @throws MOAApplicationException An error occurred adding the result. */ public void setResult( XMLSignatureVerificationResult result, XMLSignatureVerificationProfile profile, ReferencesCheckResult transformsSignatureManifestCheck, - CheckResult certificateCheck) + CheckResult certificateCheck, + CheckTSLResult tslCheck) throws MOAApplicationException { CertificateValidationResult certResult = @@ -284,6 +291,10 @@ public class VerifyXMLSignatureResponseBuilder { // create the certificate check this.certificateCheck = certificateCheck; + + // create the tsl check + this.tslCheck = tslCheck; + } /** diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index f08588ecb..765a48e79 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -43,6 +43,7 @@ import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.List; +import java.util.ListIterator; import java.util.Map; import java.util.Set; @@ -58,6 +59,7 @@ import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; @@ -225,6 +227,7 @@ public class XMLSignatureVerificationInvoker { signatureEnvironmentParent.appendChild(signatureEnvironment.getElement()); } + // check the result signatureManifestCheck = validateSignatureManifest(request, result, profile); @@ -233,8 +236,11 @@ public class XMLSignatureVerificationInvoker { TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); CheckResult certificateCheck = validateSignerCertificate(result, trustProfile); + // Check the TSL result + CheckTSLResult tslCheck = validateTSL(result, trustProfile); + // build the response - responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck); + responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, tslCheck); return responseBuilder.getResponse(); } @@ -318,6 +324,42 @@ public class XMLSignatureVerificationInvoker { SPSSFactory factory = SPSSFactory.getInstance(); return factory.createCheckResult(resultCode, null); } + + /** + * Checks the certificate chain against the given (in the provided <code>trustProfile</code>) TSLs + * + * @param result The result produced by the <code>XMLSignatureVerificationModule</code>. + * + * @param trustProfile The trust profile the signer certificate is validated against. + * + * @return The overal result of the TSL validation. + * + * @throws MOAException + */ + private CheckTSLResult validateTSL(XMLSignatureVerificationResult result, TrustProfile trustProfile) + throws MOAException +{ + MessageProvider msg = MessageProvider.getInstance(); + //String logMsg = msg.getMessage("tsl.00", new Object[]{trustProfile.getId(), files[i].getName()}); + + // TODO KS: TSL initialisieren, TSL abfrage mit chain + + List chain = result.getCertificateValidationResult().getCertificateChain(); + String uriTSL = trustProfile.getUriTSL(); + //System.out.println("Size: " + chain.size()); + ListIterator it = chain.listIterator(); + while(it.hasNext()) { + X509Certificate cert = (X509Certificate) it.next(); + //System.out.println(cert.getSubjectDN()); + } + //System.out.println("URL-TSL: " + uriTSL); + + int resultCode = 0; + String resultInfo = msg.getMessage("tsl.00", null); + + SPSSFactory factory = SPSSFactory.getInstance(); + return factory.createCheckTSLResult(resultCode, resultInfo); +} /** * Select the <code>dsig:Signature</code> DOM element within the signature diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties index 9b896c059..4c9d11f63 100644 --- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties +++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties @@ -134,7 +134,7 @@ config.28=Einen detaillierten Fehlerbericht entnehmen Sie bitte der Log-Datei. config.29=Es sind folgende leichte Fehler aufgetreten:
config.31=Fehler in der Konfiguration der KeyGroup mit id={0}: Der Schlüssel im KeyModule id={1} mit IssuerName={2} und SerialNumber={3} konnte nicht geladen werden
config.32=Fehler in der Konfiguration: Verzeichnisangabe für den Zertifikatsspeicher ist ungültig ({0}).
-
+config.33=Fehler beim Erstellen des TrustProfile id={0}: Name des TSL-Verzeichnisses konnte nicht in eine URL umgewandet werden
handler.00=Starte neue Transaktion: TID={0}, Service={1}
handler.01=Aufruf von Adresse={0}
@@ -149,3 +149,5 @@ invoker.00=Das Signature Environment konnte nicht validierend geparst werden invoker.01=Keine passende Transformationskette gefunden (Index={0})
invoker.02=Der Hashwert der Transformation stimmt nicht überein (Index={0})
invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1})
+
+tsl.00 = Das Zertifikat konnte erfolgreich gegen die TSL verifiziert werden
\ No newline at end of file diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.component b/spss/server/serverws/.settings/org.eclipse.wst.common.component index c83fdc828..f859c643a 100644 --- a/spss/server/serverws/.settings/org.eclipse.wst.common.component +++ b/spss/server/serverws/.settings/org.eclipse.wst.common.component @@ -1,14 +1,14 @@ -<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-<wb-module deploy-name="moa-spss">
- <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
- <dependency-type>uses</dependency-type>
- </dependent-module>
-<property name="context-root" value="moa-spss"/>
-<property name="java-output-path" value="target/classes"/>
-</wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?> +<project-modules id="moduleCoreId" project-version="1.5.0"> +<wb-module deploy-name="moa-spss"> + <wb-resource deploy-path="/" source-path="/src/main/webapp"/> + <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib"> + <dependency-type>uses</dependency-type> + </dependent-module> + <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common"> + <dependency-type>uses</dependency-type> + </dependent-module> +<property name="context-root" value="moa-spss"/> +<property name="java-output-path" value="target/classes"/> +</wb-module> +</project-modules> diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.wsdl b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.wsdl index c5cd8fc0f..68c3d0ebd 100644 --- a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.wsdl +++ b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.wsdl @@ -3,7 +3,7 @@ Web Service Description for MOA SP/SS 1.4
-->
<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-1.3.xsd"/>
+ <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-SPSS-1.3.xsd"/>
<message name="CreateXMLSignatureInput">
<part name="body" element="moa:CreateXMLSignatureRequest"/>
</message>
|