diff options
author | kstranacher_eGovL <kstranacher_eGovL@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2012-12-27 21:25:50 +0000 |
---|---|---|
committer | kstranacher_eGovL <kstranacher_eGovL@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2012-12-27 21:25:50 +0000 |
commit | 5e72494c61164869fbb605a134fe224ac5d5e7d8 (patch) | |
tree | 236655553ac41579ac6b97cd14d7c040b583e3a4 /spss | |
parent | c0374673df99e32bbe41ebfc3cde58630d853ede (diff) | |
download | moa-id-spss-5e72494c61164869fbb605a134fe224ac5d5e7d8.tar.gz moa-id-spss-5e72494c61164869fbb605a134fe224ac5d5e7d8.tar.bz2 moa-id-spss-5e72494c61164869fbb605a134fe224ac5d5e7d8.zip |
Update Integration TSL Library
Update MOA-SP documentation
Update repository (for TSL integration)
Update MOA-ID (Organwalter bPK from MIS)
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1302 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'spss')
28 files changed, 403 insertions, 200 deletions
diff --git a/spss/handbook/clients/api/.classpath b/spss/handbook/clients/api/.classpath index 0fb87fef8..cb29bfb96 100644 --- a/spss/handbook/clients/api/.classpath +++ b/spss/handbook/clients/api/.classpath @@ -5,7 +5,8 @@ <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+ <classpathentry kind="var" path="M2_REPO/javax/xml/bind/jaxb-api/2.2.6/jaxb-api-2.2.6.jar"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
<classpathentry kind="var" path="M2_REPO/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar"/>
@@ -29,5 +30,12 @@ <classpathentry kind="src" path="/moa-common"/>
<classpathentry kind="var" path="M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar"/>
<classpathentry kind="var" path="M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar"/>
+ <classpathentry kind="var" path="M2_REPO/joda-time/joda-time/1.6.2/joda-time-1.6.2.jar"/>
<classpathentry kind="src" path="/moa-spss-lib"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_util/0.23/iaik_util-0.23.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_xsect/1.1709142/iaik_xsect-1.1709142.jar"/>
+ <classpathentry kind="var" path="M2_REPO/com/sun/xml/bind/jaxb-impl/2.2.5/jaxb-impl-2.2.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jsse/4.4/iaik_jsse-4.4.jar"/>
</classpath>
\ No newline at end of file diff --git a/spss/handbook/clients/api/.settings/org.eclipse.jdt.core.prefs b/spss/handbook/clients/api/.settings/org.eclipse.jdt.core.prefs index a519d2f62..48249af31 100644 --- a/spss/handbook/clients/api/.settings/org.eclipse.jdt.core.prefs +++ b/spss/handbook/clients/api/.settings/org.eclipse.jdt.core.prefs @@ -1,5 +1,6 @@ -eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
-org.eclipse.jdt.core.compiler.compliance=1.4
+#Thu Dec 27 15:45:23 CET 2012
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
diff --git a/spss/handbook/clients/referencedData/.classpath b/spss/handbook/clients/referencedData/.classpath index ca3d70965..0173dfd90 100644 --- a/spss/handbook/clients/referencedData/.classpath +++ b/spss/handbook/clients/referencedData/.classpath @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="output" path="target/classes"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
</classpath>
\ No newline at end of file diff --git a/spss/handbook/clients/referencedData/.settings/org.eclipse.jdt.core.prefs b/spss/handbook/clients/referencedData/.settings/org.eclipse.jdt.core.prefs index a519d2f62..86859a78d 100644 --- a/spss/handbook/clients/referencedData/.settings/org.eclipse.jdt.core.prefs +++ b/spss/handbook/clients/referencedData/.settings/org.eclipse.jdt.core.prefs @@ -1,5 +1,6 @@ -eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
-org.eclipse.jdt.core.compiler.compliance=1.4
+#Thu Dec 27 15:45:22 CET 2012
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
diff --git a/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.project.facet.core.xml index a801c94a0..564572b10 100644 --- a/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -3,5 +3,5 @@ <fixed facet="jst.java"/>
<fixed facet="jst.web"/>
<installed facet="jst.web" version="2.4"/>
- <installed facet="jst.java" version="1.4"/>
+ <installed facet="jst.java" version="5.0"/>
</faceted-project>
\ No newline at end of file diff --git a/spss/handbook/clients/webservice/.classpath b/spss/handbook/clients/webservice/.classpath index 0fb87fef8..cb29bfb96 100644 --- a/spss/handbook/clients/webservice/.classpath +++ b/spss/handbook/clients/webservice/.classpath @@ -5,7 +5,8 @@ <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+ <classpathentry kind="var" path="M2_REPO/javax/xml/bind/jaxb-api/2.2.6/jaxb-api-2.2.6.jar"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
<classpathentry kind="var" path="M2_REPO/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar"/>
@@ -29,5 +30,12 @@ <classpathentry kind="src" path="/moa-common"/>
<classpathentry kind="var" path="M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar"/>
<classpathentry kind="var" path="M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar"/>
+ <classpathentry kind="var" path="M2_REPO/joda-time/joda-time/1.6.2/joda-time-1.6.2.jar"/>
<classpathentry kind="src" path="/moa-spss-lib"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_util/0.23/iaik_util-0.23.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_xsect/1.1709142/iaik_xsect-1.1709142.jar"/>
+ <classpathentry kind="var" path="M2_REPO/com/sun/xml/bind/jaxb-impl/2.2.5/jaxb-impl-2.2.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jsse/4.4/iaik_jsse-4.4.jar"/>
</classpath>
\ No newline at end of file diff --git a/spss/handbook/clients/webservice/.settings/org.eclipse.jdt.core.prefs b/spss/handbook/clients/webservice/.settings/org.eclipse.jdt.core.prefs index a519d2f62..48249af31 100644 --- a/spss/handbook/clients/webservice/.settings/org.eclipse.jdt.core.prefs +++ b/spss/handbook/clients/webservice/.settings/org.eclipse.jdt.core.prefs @@ -1,5 +1,6 @@ -eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
-org.eclipse.jdt.core.compiler.compliance=1.4
+#Thu Dec 27 15:45:23 CET 2012
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd index 9fdaac33e..669ebe53f 100644 --- a/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd +++ b/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd @@ -156,13 +156,14 @@ <xs:element name="EUTSL" minOccurs="0">
<xs:complexType>
<xs:sequence>
- <xs:element name="CountrySelection" minOccurs="0"/>
+ <xs:element name="CountrySelection" type="xs:string" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
+ <!--
<xs:element name="TSLTrustProfile">
<xs:complexType>
<xs:sequence>
@@ -179,6 +180,7 @@ </xs:sequence>
</xs:complexType>
</xs:element>
+ -->
</xs:sequence>
</xs:complexType>
</xs:element>
@@ -282,16 +284,14 @@ <xs:complexType>
<xs:sequence>
<xs:element name="UpdateSchedule" minOccurs="0">
- <xs:complexType/>
- </xs:element>
- <xs:element name="SQLite">
<xs:complexType>
<xs:sequence>
- <xs:element name="JDBCURL" type="xs:anyURI"/>
- <xs:element name="JDBCDriverClassName" type="xs:token"/>
+ <xs:element name="StartTime" type="xs:time"/>
+ <xs:element name="Period" type="xs:unsignedLong"/>
</xs:sequence>
</xs:complexType>
</xs:element>
+ <xs:element name="WorkingDirectory" type="xs:anyURI" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html index 3863f6c5b..6cb0d4a37 100644 --- a/spss/handbook/handbook/config/config.html +++ b/spss/handbook/handbook/config/config.html @@ -87,6 +87,7 @@ <li><a href="#konfigurationsparameter_sp_certificatevalidation_revocationchecking_archiving">Archivierung von Widerrufsinformationen</a></li> <li><a href="#konfigurationsparameter_sp_certificatevalidation_revocationchecking_distributionpoint">Manuelle Konfiguration von Verteilungspunkten für Widerrufsinformationen</a></li> + <li><a href="#konfigurationsparameter_sp_certificatevalidation_tslconfiguration">TSL Konfiguration</a></li> </ol> </li> </ol> @@ -707,22 +708,27 @@ als relativ zum Pfad jenes Verzeichnisses interpretiert werden, in dem die zentr <p>Das Element <code>cfg:</code><code>TrustProfile</code> weist folgende Kindelemente auf:</p> <ul> - <li><code>Id</code>: Dieses obligatorische Element vom Typ <code>xs:token</code> enthält einen + <li><code>cfg:Id</code>: Dieses obligatorische Element vom Typ <code>xs:token</code> enthält einen frei wählbaren Identifikator für dieses Konfigurationselement, der innerhalb der XML-Konfigurationsdatei eindeutig sein muss. Dieser Identifikator wird im Request zur Signaturprüfung verwendet, um das zu verwendende Vertrauensprofil auszuwählen. </li> - <li>Element <code>TrustAnchorsLocation</code>: Dieses obligatorische Element vom Typ <code>xs:anyURI </code> enthält + <li>Element <code>cfg:TrustAnchorsLocation</code>: Dieses obligatorische Element vom Typ <code>xs:anyURI </code> enthält eine relative oder absolute URL, die ein Verzeichnis im lokalen Dateisystem referenziert. Eine relative URL wird relativ zum Pfad jenes Verzeichnisses interpretiert, in dem die zentrale Konfigurationsdatei gespeichert ist. Eine absolute URL muss als Protokoll-Teil <code>file</code> verwenden. Das referenzierte Verzeichnis muss eine oder mehrere DER-kodierte Zertifikatsdateien beinhalten. Jede Zertifikatsdatei repräsentiert einen Vertrauensanker. </li> - <li>Element <code>SignerCertsLocation</code>: Dieses optionale Element vom Typ <code>xs:anyURI </code> enthält + <li>Element <code>cfg:SignerCertsLocation</code>: Dieses optionale Element vom Typ <code>xs:anyURI </code> enthält eine relative oder absolute URL, die ein Verzeichnis im lokalen Dateisystem referenziert. Eine relative URL wird relativ zum Pfad jenes Verzeichnisses interpretiert, in dem die zentrale Konfigurationsdatei gespeichert ist. Eine absolute URL muss als Protokoll-Teil <code>file</code> verwenden. Das referenzierte Verzeichnis muss eine oder mehrere DER-kodierte Zertifikatsdateien beinhalten. Jede Zertifikatsdatei - repräsentiert ein explizit erlaubtes Signatorzertifikat. </li> + repräsentiert ein explizit erlaubtes Signatorzertifikat. </li> + <li>Element <code>cfg:EUTSL</code>: Dieses optionale Element aktiviert bei Vorhandensein die EU-TSL Unterstüzung für dieses Vertrauensprofile. D.h. als Vertrauensanker werden jene CA-Zertifikate herangezogen, die zum gegenwärtigen Zeitpunkt auf der EU-TSL bzw. den entsprechenden TSLs der Mitgliedsstaaten befugt sind qualifizierte Zertifikate auszustellen und dessen Zertififierungsdiensteanbieter unter dem ServiceLevel "accredited" oder "undersupervision" stehen. Des Weiteren werden bei TSL-aktivierten Vertrauensprofilen, die Überprüfung auf qualifiziertes Zertifikat (QC-Überprüfung) und die Überprüfung auf sichere Signaturerstellungseinheit (SSCD-Überprüfung) über die EU-TSL durchgeführt.<br> + Zusätzliche kann ein optionales Kind-Element + <code>cfg:CountrySelection</code> angegeben werden. Dieses Element definiert eine komma-separierte Liste an zweistelligen Länderkürzeln nach ISO 3166. Ist so eine Liste vorhanden, werden nur die Vertrauensanker der angegebenen Ländern herangezogen.<br> + <strong>Wichtig</strong>: Es können zusätzlich manuelle Vertrauensanker via <code>cfg:TrustAnchorsLocation</code> konfiguriert werden. Hierbei ist jedoch, insbesondere beim Hinzufügen von Enduser-Zertifikaten als Vertrauensanker, zu beachten, dass eine QC- bzw. SSCD-Überprüfung gegebenfalls nicht erfolgreich durchgeführt werden kann.<br> + <strong>Wichtig</strong>: Bei aktivierter TSL-Unterstützung muss einen entsprechende TSL Konfiguration angegeben werden (siehe <a href="#konfigurationsparameter_sp_certificatevalidation_tslconfiguration">TSL Konfiguration</a>).</li> </ul></td> </tr> </table> @@ -992,7 +998,42 @@ Wird der Wert auf -1 gesetzt, dann bedeutet das ein unendlich langes Intervall. </table> - <h3><a name="konfigurationsparameter_sp_verifytransformsinfoprofile" id="konfigurationsparameter_sp_verifytransformsinfoprofile"></a>2.3.2 Profil für Transformationen</h3> + <h5><a name="konfigurationsparameter_sp_certificatevalidation_tslconfiguration" id="konfigurationsparameter_sp_certificatevalidation_tslconfiguration"></a>2.3.1.3.7 + TSL Konfiguration</h5> +<table class="fixedWidth" border="1" cellpadding="2"> + <tr> + <td>Name</td> + <td><code>cfg:SignatureVerification/cfg:CertificateValidation/cfg:TSLConfiguration</code></td> + </tr> + <tr> + <td>Gebrauch</td> + <td>Null oder einmal </td> + </tr> + <tr> + <td>Erläuterung</td> + <td><p>Das Element <code>cfg:TSLConfiguration</code><code></code> legt die TSL Konfiguration fest, wenn Vertrauensprofile mit TSL Unterstützung konfiguriert sind. Das Element weist folgende Kind-Elemente auf: + <ul> + <ul> + <li>Element <code>cfg:UpdateSchedule</code>: Dieses Element legt fest wann und in welchem Intervall die EU-TSL erneut eingelesen werden soll. Das Element <code>cfg:UpdateSchedule</code> besteht dabei aus folgenden Kind-Elementen:</li> + <ul> + <li>Element <code>cfg:StartTime</code>: Legt eine Startzeit im Format hh:mm:ss fest. </li> + <li>Element <code>cfg:Period</code>: Legt das Intervall (in Millisekunden) fest, in welchem die EU-TSL erneut eingelesen werden soll</li> + </ul> + <em>Hinweis</em>: Wird kein <code>cfg:UpdateSchedule</code> Element angegeben so wird defaultmäßig 02:00.00 als Startzeit und 86400000 Millisekunden (=1 Tag) als Intervall herangezogen + + <li>Element <code>cfg:WorkingDirectory</code>: Diese Element gibt einen Pfad zum Arbeitsverzeichnis (inkl. Lese- und Schreibrechte) für die TSL an. Enthält dieses Element eine relative Pfadangabe, so wird dieser relativ zum Verzeichnis in dem sich die MOA-SPSS Konfigurationsdatei befindet interpretiert.<br> + <strong>Wichtig</strong>: Das angegebene Verzeichnis muss jedenfalls die Unterverzeichnis + "trust" aus der Beispiel-Konfiguration beinhalten. In dessen Unterverzeichnis "eu" müssen jene vertrauenswürdige Zertifikate angegeben werden, mit denen die EU-TSL signiert ist.</li> + </ul> + <p><strong>Wichtig</strong>: Beim Tomcat-Start muss zusätzlich noch ein so genannten Hashcache Verzeichnis angegeben werden. Dies erfolgt mit dem Parameter iaik.xml.crypto.tsl.BinaryHashCache.DIR (siehe auch <a href="../install/install.html#webservice_basisinstallation_installation_tomcatstartstop">Starten und Stoppen von Tomcat</a>). </p> + <p><em>Hinweis</em>: Um die TSL Überprüfung zu aktivieren muss auch (zumindest) ein Vertrauensprofil mit TSL Überprüfung konfiguriert werden (siehe <a href="#konfigurationsparameter_sp_certificatevalidation_pathvalidation_trustprofile">Vertrauensprofil</a>)</p></td> + </tr> + <tr> + <td> </td> + <td> </td> + </tr> + </table> +<h3><a name="konfigurationsparameter_sp_verifytransformsinfoprofile" id="konfigurationsparameter_sp_verifytransformsinfoprofile"></a>2.3.2 Profil für Transformationen</h3> <table class="fixedWidth" border="1" cellpadding="2"> <tr> <td>Name</td> diff --git a/spss/handbook/handbook/install/install.html b/spss/handbook/handbook/install/install.html index 1f9ed69e4..7abb103bd 100644 --- a/spss/handbook/handbook/install/install.html +++ b/spss/handbook/handbook/install/install.html @@ -40,7 +40,7 @@ </ol> </li> <li><a href="#webservice_basisinstallation_installation_spssdeploy">Einsatz des MOA SP/SS Webservices in Tomcat</a></li> - <li><a href="#webservice_basisinstallation_installation_tomcatconfig_httpsconn">Starten und Stoppen von Tomcat</a> + <li><a href="#webservice_basisinstallation_installation_tomcatstartstop">Starten und Stoppen von Tomcat</a> <ol> <li><a href="#webservice_basisinstallation_installation_tomcatstartstop_windows">Unter Windows</a></li> <li><a href="#webservice_basisinstallation_installation_tomcatstartstop_unix">Unter Unix</a></li> diff --git a/spss/server/history.txt b/spss/server/history.txt index 7154bd22f..7d1d3d323 100644 --- a/spss/server/history.txt +++ b/spss/server/history.txt @@ -1,4 +1,16 @@ ############## +1.5.2 +############## + +- TSL Unterstützung +- Libraries aktualisiert bzw. hinzugefügt: + iaik-moa: Version 1.32 ? + iaik-ixsil: Version 1.2.2.5 ? + Axis: Version 1.0_IAIK ? + iaik-tsl Versio x.x + + +############## 1.5.1 ############## diff --git a/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs b/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs index 7dfadf4fe..81f1dbf57 100644 --- a/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs +++ b/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs @@ -1,4 +1,4 @@ -#Tue Dec 18 14:23:26 CET 2012
+#Thu Dec 27 13:40:40 CET 2012
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml index 3679d8190..656f15b87 100644 --- a/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -4,4 +4,4 @@ <fixed facet="jst.utility"/>
<installed facet="jst.utility" version="1.0"/>
<installed facet="jst.java" version="5.0"/>
-</faceted-project>
+</faceted-project>
\ No newline at end of file diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index 481464f63..d425edb83 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -143,40 +143,33 @@ </dependency>
<dependency>
- <groupId>iaik</groupId>
+ <groupId>iaik.prod</groupId>
<artifactId>iaik_tsl</artifactId>
- <!-- <version>0.0.1-SNAPSHOT</version> -->
</dependency>
<dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik.util</artifactId>
- <!-- <version>0.23</version> -->
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_util</artifactId>
</dependency>
<dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik.xsect</artifactId>
- <!-- <version>1.1709142</version> -->
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_xsect</artifactId>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
- <!-- <version>2.2.6</version>-->
- </dependency>
+ </dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
- <!-- <version>2.2.5</version>-->
</dependency>
<dependency>
<groupId>org.xerial</groupId>
<artifactId>sqlite-jdbc</artifactId>
- <!-- <version>3.7.8-SNAPSHOT</version>-->
- </dependency>
+ </dependency>
<dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik.jsse</artifactId>
- <!-- <version>4.4</version>-->
- </dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_jsse</artifactId>
+ </dependency>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java index 1971096a8..7ad838822 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java @@ -99,7 +99,6 @@ public class VerifyCMSSignatureResponseBuilder { CheckResult signatureCheck = responseElement.getSignatureCheck(); CheckResult certCheck = responseElement.getCertificateCheck(); - // TODO CMS TSL check ResponseBuilderUtils.addSignerInfo( responseDoc, responseElem, @@ -107,7 +106,7 @@ public class VerifyCMSSignatureResponseBuilder { signerInfo.isQualifiedCertificate(), signerInfo.isPublicAuthority(), signerInfo.getPublicAuhtorityID(), - false); + signerInfo.isSSCD()); ResponseBuilderUtils.addCodeInfoElement( responseDoc, diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index c9b76dd7e..d9e20fda9 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -135,7 +135,7 @@ public class SystemInitializer { //start TSL Update TSLUpdaterTimerTask.tslconnector_ = tslconnector; - TSLUpdaterTimerTask.update(); + //TSLUpdaterTimerTask.update(); //initialize TSL Update Task initTSLUpdateTask(tslconfig); @@ -147,20 +147,20 @@ public class SystemInitializer { catch (TSLEngineDiedException e) { Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); } - catch (TSLSearchException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } - catch (CertStoreException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } catch (TrustStoreException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } catch (CertificateException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } catch (FileNotFoundException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } catch (IOException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } +// catch (TSLSearchException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } +// catch (CertStoreException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } catch (TrustStoreException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } catch (CertificateException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } catch (FileNotFoundException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } catch (IOException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } // set IXSIL debug output IXSILInit.setPrintDebugLog( diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index ba2513d2f..2c4bbd4eb 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -30,6 +30,9 @@ import iaik.server.modules.cmsverify.CMSSignatureVerificationModule; import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory; import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; +import iaik.x509.X509Certificate; +import iaik.xml.crypto.tsl.ex.TSLEngineDiedException; +import iaik.xml.crypto.tsl.ex.TSLSearchException; import java.io.IOException; import java.io.InputStream; @@ -37,6 +40,8 @@ import java.util.Date; import java.util.Iterator; import java.util.List; +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.logging.LoggingContext; import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.MOAApplicationException; @@ -52,6 +57,8 @@ import at.gv.egovernment.moa.spss.server.logging.IaikLog; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask; +import at.gv.egovernment.moa.spss.util.MessageProvider; /** * A class providing an interface to the @@ -183,7 +190,12 @@ public class CMSSignatureVerificationInvoker { for (resultIter = results.iterator(); resultIter.hasNext();) { result = (CMSSignatureVerificationResult) resultIter.next(); - responseBuilder.addResult(result, trustProfile); + + // check QC and SSCD via TSL (if enabled) + boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain()); + boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());; + + responseBuilder.addResult(result, trustProfile, checkQCFromTSL, checkSSCDFromTSL); } } else { int i; @@ -194,7 +206,12 @@ public class CMSSignatureVerificationInvoker { try { result = (CMSSignatureVerificationResult) results.get(signatories[i] - 1); - responseBuilder.addResult(result, trustProfile); + // check QC and SSCD via TSL (if enabled) + boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain()); + boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());; + + + responseBuilder.addResult(result, trustProfile, checkQCFromTSL, checkSSCDFromTSL); } catch (IndexOutOfBoundsException e) { throw new MOAApplicationException( "2249", @@ -206,6 +223,65 @@ public class CMSSignatureVerificationInvoker { return responseBuilder.getResponse(); } + private boolean checkQC(boolean tslEnabledTrustProfile, List chainlist) { + boolean checkQCFromTSL = false; + try { + if (tslEnabledTrustProfile) { + if (chainlist != null) { + X509Certificate[] chain = new X509Certificate[chainlist.size()]; + + Iterator it = chainlist.iterator(); + int i = 0; + while(it.hasNext()) { + chain[i] = (X509Certificate)it.next(); + i++; + } + + checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain); + //checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain); + } + } + } + catch (TSLEngineDiedException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); + } catch (TSLSearchException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); + } + + return checkQCFromTSL; + } + + private boolean checkSSCD(boolean tslEnabledTrustProfile, List chainlist) { + boolean checkSSCDFromTSL = false; + try { + if (tslEnabledTrustProfile) { + if (chainlist != null) { + X509Certificate[] chain = new X509Certificate[chainlist.size()]; + + Iterator it = chainlist.iterator(); + int i = 0; + while(it.hasNext()) { + chain[i] = (X509Certificate)it.next(); + i++; + } + + checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain); + } + } + } + catch (TSLEngineDiedException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); + } catch (TSLSearchException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); + } + + return checkSSCDFromTSL; + } + /** * Get the signed content contained either in the request itself or given as a * reference to external data. diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index fcd5ae0e7..3b82c6caf 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -71,9 +71,13 @@ public class VerifyCMSSignatureResponseBuilder { * * @param result The result to add. * @param trustprofile The actual trustprofile + * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the + * certificate as qualified, otherwise <code>false</code>. + * @param checkSSCDFromTSL <code>true</code>, if the TSL check verifies the + * signature based on a SSDC, otherwise <code>false</code>. * @throws MOAException */ - public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile) + public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQCFromTSL, boolean checkSSCDFromTSL) throws MOAException { CertificateValidationResult certResult = @@ -86,16 +90,28 @@ public class VerifyCMSSignatureResponseBuilder { SignerInfo signerInfo; CheckResult signatureCheck; CheckResult certificateCheck; - - // TODO Check TSL check + + + boolean qualifiedCertificate = false; + + // verify qualified certificate checks (certificate or TSL) + if (trustProfile.isTSLEnabled()) { + // take TSL result + qualifiedCertificate = checkQCFromTSL; + } + else { + // take result from certificate + qualifiedCertificate = certResult.isQualifiedCertificate(); + } + // add SignerInfo element signerInfo = factory.createSignerInfo( (X509Certificate) certResult.getCertificateChain().get(0), - certResult.isQualifiedCertificate(), + qualifiedCertificate, certResult.isPublicAuthorityCertificate(), certResult.getPublicAuthorityID(), - false); + checkSSCDFromTSL); // add SignatureCheck element signatureCheck = factory.createCheckResult(signatureCheckCode, null); @@ -103,6 +119,7 @@ public class VerifyCMSSignatureResponseBuilder { // add CertificateCheck element certificateCheck = factory.createCheckResult(certificateCheckCode, null); + // build the response element diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index 290841c66..8a5b6f5b7 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -229,6 +229,14 @@ public class XMLSignatureVerificationInvoker { profile, signingTime, new TransactionId(context.getTransactionID())); + } catch (IAIKException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (IAIKRuntimeException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } + try { if (tp.isTSLEnabled()) { List list = result.getCertificateValidationResult().getCertificateChain(); if (list != null) { @@ -245,21 +253,14 @@ public class XMLSignatureVerificationInvoker { checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain); checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain); } - - } - - } catch (IAIKException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IAIKRuntimeException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (TSLEngineDiedException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; + } + } + catch (TSLEngineDiedException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); } catch (TSLSearchException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); } // swap back in the request as root document diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java index 7e8dcf0c4..defaedd86 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java @@ -41,8 +41,10 @@ public class Configurator { throw new TSLEngineDiedException(e);
}
- //@TODO Check "/"
- Configurator._TSLWorkingDirectoryPath = TSLWorkingDirectoryPath + "/";
+ if (!TSLWorkingDirectoryPath.endsWith("/"))
+ TSLWorkingDirectoryPath += "/";
+
+ Configurator._TSLWorkingDirectoryPath = TSLWorkingDirectoryPath;
initialDefaultConfig();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java index b88255115..2e4af2817 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java @@ -92,17 +92,12 @@ public class TSLConnector implements TSLConnectorInterface { //TODO: clean hascash and TLS Download folder
String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
- System.out.println("hashcachedir: " + hashcachedir);
-
if (hashcachedir==null)
hashcachedir = DEFAULT_HASHCACHE_DIR;
String tsldownloaddir = Configurator.get_TSLWorkingDirectoryPath() + "TslDownload";
- System.out.println("hashcachedir: " + hashcachedir);
-
File hashcachefile = new File(hashcachedir);
- System.out.println("Hashcache: " + hashcachefile.getAbsolutePath());
File[] filelist = hashcachefile.listFiles();
@@ -247,8 +242,8 @@ public class TSLConnector implements TSLConnectorInterface { Countries expectedTerritory = entry.getValue().getSchemeTerritory();
try {
- if (expectedTerritory.equals("RO"))
- System.out.println("Stop");
+// if (expectedTerritory.equals("RO"))
+// System.out.println("Stop");
Number otpId = entry.getKey();
LocationAndCertHash lac = entry.getValue();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java index 6798a5db1..c365a1121 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java @@ -1,21 +1,40 @@ package at.gv.egovernment.moa.spss.tsl.timer;
import iaik.pki.store.certstore.CertStoreException;
+import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.truststore.TrustStoreException;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.utils.StoreUpdater;
+import iaik.server.ConfigurationData;
+import iaik.x509.X509Certificate;
import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
import iaik.xml.crypto.tsl.ex.TSLSearchException;
+import java.io.File;
+import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.Map;
import java.util.TimerTask;
import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;
import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.StringUtils;
+
public class TSLUpdaterTimerTask extends TimerTask {
@@ -31,7 +50,7 @@ public class TSLUpdaterTimerTask extends TimerTask { Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
// TODO wenn update nicht erfolgreich, dann soll TSL-Trustprofil nicht zur
- // Verfügung stehen.
+ // Verfügung stehen?
} catch (TSLSearchException e) {
MessageProvider msg = MessageProvider.getInstance();
@@ -62,86 +81,86 @@ public class TSLUpdaterTimerTask extends TimerTask { }
public static void update() throws TSLEngineDiedException, TSLSearchException, ConfigurationException, MOAApplicationException, CertStoreException, TrustStoreException, CertificateException, FileNotFoundException, IOException {
-// MessageProvider msg = MessageProvider.getInstance();
-//
-// //get TSl configuration
-// ConfigurationProvider config = ConfigurationProvider.getInstance();
-// ConfigurationData configData = new IaikConfigurator().configure(config);
-// TSLConfiguration tslconfig = config.getTSLConfiguration();
-// if (tslconfig != null) {
-//
-// Logger.info(new LogMsg(msg.getMessage("config.42", null)));
-//
-// // get certstore parameters
-// CertStoreParameters[] certStoreParameters = configData.getPKIConfiguration().getCertStoreConfiguration().getParameters();
-//
-// // iterate over all truststores
-// Map mapTrustProfiles = config.getTrustProfiles();
-// Iterator it = mapTrustProfiles.entrySet().iterator();
-// while (it.hasNext()) {
-// Map.Entry pairs = (Map.Entry)it.next();
-// TrustProfile tp = (TrustProfile) pairs.getValue();
-// if (tp.isTSLEnabled()) {
-// TrustStoreProfile tsp = new TrustStoreProfileImpl(config, tp.getId());
-// TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
-// trustStoreProfiles[0] = tsp;
-//
-// Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
-//
-// TransactionId tid = new TransactionId("TSLConfigurator-" + tp.getId());
-// ArrayList tsl_certs = null;
-// if (StringUtils.isEmpty(tp.getCountries())) {
-// Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-//
-// // get certificates from TSL from all countries
-// tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
-// }
-// else {
-// Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-// // get selected countries as array
-// String countries = tp.getCountries();
-// String[] array = countries.split(",");
-// for (int i = 0; i < array.length; i++)
-// array[i] = array[i].trim();
-//
-// // get certificates from TSL from given countries
-// tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
-// }
-//
-// // create store updater for each TSL enabled truststore
-// Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
-// StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
-//
-// // convert ArrayList<File> to X509Certificate[]
-// X509Certificate[] addCertificates = new X509Certificate[tsl_certs.size()];
-// Iterator itcert = tsl_certs.iterator();
-// int i = 0;
-// while(itcert.hasNext()) {
-// File f = (File)itcert.next();
-// X509Certificate cert = new X509Certificate(new FileInputStream(f));
-// addCertificates[i] = cert;
-//
-// i++;
-// }
-//
-// // get certificates to be removed
-// X509Certificate[] removeCertificates = tp.getCertficatesToBeRemoved();
-//
-//
-// //Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-// Logger.debug(new LogMsg("Remove " + removeCertificates.length + " certificates."));
-// storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
-//
-//
-// Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
-// storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
-//
-// // set the certifcates to be removed for the next TSL update
-// tp.setCertificatesToBeRemoved(addCertificates);
-//
-// }
-// }
-// }
+ MessageProvider msg = MessageProvider.getInstance();
+
+ //get TSl configuration
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ ConfigurationData configData = new IaikConfigurator().configure(config);
+ TSLConfiguration tslconfig = config.getTSLConfiguration();
+ if (tslconfig != null) {
+
+ Logger.info(new LogMsg(msg.getMessage("config.42", null)));
+
+ // get certstore parameters
+ CertStoreParameters[] certStoreParameters = configData.getPKIConfiguration().getCertStoreConfiguration().getParameters();
+
+ // iterate over all truststores
+ Map mapTrustProfiles = config.getTrustProfiles();
+ Iterator it = mapTrustProfiles.entrySet().iterator();
+ while (it.hasNext()) {
+ Map.Entry pairs = (Map.Entry)it.next();
+ TrustProfile tp = (TrustProfile) pairs.getValue();
+ if (tp.isTSLEnabled()) {
+ TrustStoreProfile tsp = new TrustStoreProfileImpl(config, tp.getId());
+ TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
+ trustStoreProfiles[0] = tsp;
+
+ Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
+
+ TransactionId tid = new TransactionId("TSLConfigurator-" + tp.getId());
+ ArrayList tsl_certs = null;
+ if (StringUtils.isEmpty(tp.getCountries())) {
+ Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+
+ // get certificates from TSL from all countries
+ tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
+ }
+ else {
+ Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+ // get selected countries as array
+ String countries = tp.getCountries();
+ String[] array = countries.split(",");
+ for (int i = 0; i < array.length; i++)
+ array[i] = array[i].trim();
+
+ // get certificates from TSL from given countries
+ tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
+ }
+
+ // create store updater for each TSL enabled truststore
+ Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
+ StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
+
+ // convert ArrayList<File> to X509Certificate[]
+ X509Certificate[] addCertificates = new X509Certificate[tsl_certs.size()];
+ Iterator itcert = tsl_certs.iterator();
+ int i = 0;
+ while(itcert.hasNext()) {
+ File f = (File)itcert.next();
+ X509Certificate cert = new X509Certificate(new FileInputStream(f));
+ addCertificates[i] = cert;
+
+ i++;
+ }
+
+ // get certificates to be removed
+ X509Certificate[] removeCertificates = tp.getCertficatesToBeRemoved();
+
+
+ //Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+ Logger.debug(new LogMsg("Remove " + removeCertificates.length + " certificates."));
+ storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
+
+
+ Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
+ storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+
+ // set the certifcates to be removed for the next TSL update
+ tp.setCertificatesToBeRemoved(addCertificates);
+
+ }
+ }
+ }
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties index 60786dc8a..645ff9f6d 100644 --- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties +++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties @@ -145,7 +145,7 @@ config.34=Blacklisted URI: {0}. config.35=External URIs not allowed.
config.36=No blacklisted URIs given.
config.37=Fehler beim Erstellen der TSL Konfiguration: Name des TSL Arbeits-Verzeichnisses konnte nicht in eine URL umgewandet werden (Wert="{0}")
-config.38=Fehler beim Erstellen der TSL Konfiguration: Das TSL Arbeits-Verzeichnis zeigt nicht auf ein existierendes Objekt, das kein Verzeichnis ist (Wert="{0}")
+config.38=Fehler beim Erstellen der TSL Konfiguration: Das TSL Arbeits-Verzeichnis ist kein Verzeichnis (Wert="{0}")
config.39=TSL Konfguration: Kein Attribut "{0}" angegeben oder Attribut konnte nicht ausgewertet werden. Verwenden Default-Wert ("{1}")
config.40=Fehler beim Erstellen der TSL Konfiguration: Es wurde mindestens ein TrustProfile mit aktivierter TSL-Unterstützung konfiguriert. Die allgemeine TSL-Konfiguration ist jedoch fehlerhaft.
config.41=Initialisiere TSL Bibliothek
@@ -169,4 +169,5 @@ invoker.01=Keine passende Transformationskette gefunden (Index={0}) invoker.02=Der Hashwert der Transformation stimmt nicht überein (Index={0})
invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1})
-tsl.00=Aktulisierung der TSL konnte nicht durchgeführt werden. TrustProfile mit aktiviertem TSL-Support stehen nicht zur Verfügung.
\ No newline at end of file +tsl.00=Aktulisierung der TSL konnte nicht durchgeführt werden. TrustProfile mit aktiviertem TSL-Support stehen nicht zur Verfügung.
+tsl.01=Fehler bei der QC (qualifiziertes Zertifikat) bzw. SSCD (sichere Signaturerstellungseinheit) Überprüfung via TSL.
\ No newline at end of file diff --git a/spss/server/serverws/.classpath b/spss/server/serverws/.classpath index af4743f8a..bd0d802c7 100644 --- a/spss/server/serverws/.classpath +++ b/spss/server/serverws/.classpath @@ -1,12 +1,38 @@ <?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
- <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER">
- <attributes>
- <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
- </attributes>
- </classpathentry>
- <classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
- <classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
- <classpathentry kind="output" path="target/classes"/>
-</classpath>
+ <classpathentry kind="output" path="target/classes"/>
+ <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/xml/bind/jaxb-api/2.2.6/jaxb-api-2.2.6.jar"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
+ <classpathentry kind="src" path="/moa-spss-lib"/>
+ <classpathentry kind="var" path="M2_REPO/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/axis/axis-wsdl4j/1.5.1/axis-wsdl4j-1.5.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-discovery/commons-discovery/0.2/commons-discovery-0.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/postgresql/postgresql/7.2/postgresql-7.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xalan/2.7.0/xalan-2.7.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xml-apis/2.7.0/xml-apis-2.7.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/serializer/2.7.0/serializer-2.7.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Provider/1.2.4/iaik_Pkcs11Provider-1.2.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Wrapper/1.2.17/iaik_Pkcs11Wrapper-1.2.17.jar"/>
+ <classpathentry kind="src" path="/moa-common"/>
+ <classpathentry kind="var" path="M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar"/>
+ <classpathentry kind="var" path="M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar"/>
+ <classpathentry kind="var" path="M2_REPO/joda-time/joda-time/1.6.2/joda-time-1.6.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_util/0.23/iaik_util-0.23.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_xsect/1.1709142/iaik_xsect-1.1709142.jar"/>
+ <classpathentry kind="var" path="M2_REPO/com/sun/xml/bind/jaxb-impl/2.2.5/jaxb-impl-2.2.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jsse/4.4/iaik_jsse-4.4.jar"/>
+</classpath>
\ No newline at end of file diff --git a/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs index 7e3b7e969..0e32dbb18 100644 --- a/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs +++ b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs @@ -1,7 +1,8 @@ -eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
-org.eclipse.jdt.core.compiler.compliance=1.4
-org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+#Thu Dec 27 15:45:22 CET 2012
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.compliance=1.5
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml index df66dd21b..564572b10 100644 --- a/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -2,6 +2,6 @@ <faceted-project>
<fixed facet="jst.java"/>
<fixed facet="jst.web"/>
- <installed facet="jst.java" version="1.4"/>
- <installed facet="jst.web" version="2.3"/>
-</faceted-project>
+ <installed facet="jst.web" version="2.4"/>
+ <installed facet="jst.java" version="5.0"/>
+</faceted-project>
\ No newline at end of file diff --git a/spss/server/tools/.classpath b/spss/server/tools/.classpath index a9bfad977..65abf443d 100644 --- a/spss/server/tools/.classpath +++ b/spss/server/tools/.classpath @@ -3,7 +3,7 @@ <classpathentry kind="src" path="src/main/java" including="**/*.java"/>
<classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/>
<classpathentry kind="output" path="target/classes"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar"/>
<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar"/>
<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar"/>
diff --git a/spss/server/tools/.settings/org.eclipse.jdt.core.prefs b/spss/server/tools/.settings/org.eclipse.jdt.core.prefs index a519d2f62..3bfb290ea 100644 --- a/spss/server/tools/.settings/org.eclipse.jdt.core.prefs +++ b/spss/server/tools/.settings/org.eclipse.jdt.core.prefs @@ -1,5 +1,6 @@ -eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
-org.eclipse.jdt.core.compiler.compliance=1.4
+#Thu Dec 27 15:45:21 CET 2012
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
|