diff options
| author | kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2010-07-13 09:38:55 +0000 |
|---|---|---|
| committer | kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2010-07-13 09:38:55 +0000 |
| commit | 4aa19048995f9ddca2f8943287a681992a55b79a (patch) | |
| tree | 32d3c58ff50764055d3b2fa7b068f48f11d91f79 /spss | |
| parent | 3e3f35ebc780085b2c6a4064adf708fee1b5d5d7 (diff) | |
| download | moa-id-spss-4aa19048995f9ddca2f8943287a681992a55b79a.tar.gz moa-id-spss-4aa19048995f9ddca2f8943287a681992a55b79a.tar.bz2 moa-id-spss-4aa19048995f9ddca2f8943287a681992a55b79a.zip | |
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1169 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'spss')
23 files changed, 30 insertions, 360 deletions
diff --git a/spss/handbook/conf/moa-spss/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA b/spss/handbook/conf/moa-spss/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA Binary files differnew file mode 100644 index 000000000..8ddc7d79b --- /dev/null +++ b/spss/handbook/conf/moa-spss/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA diff --git a/spss/handbook/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA b/spss/handbook/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA Binary files differnew file mode 100644 index 000000000..ab9e0cd7d --- /dev/null +++ b/spss/handbook/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd index a61eed289..ce1dd3747 100644 --- a/spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd +++ b/spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd @@ -1,7 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSPY v2004 rel. 4 U (http://www.xmlspy.com) by Klaus Stranacher (ORiON) -->
<!--
- MOA SP/SS 1.4.5 Configuration Schema
+ MOA SP/SS 1.4.7 Configuration Schema
-->
<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
@@ -139,8 +138,7 @@ <xs:sequence>
<xs:element name="Id" type="xs:token"/>
<xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>
- <xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
- <xs:element name="TSLLocation" type="xs:anyURI" minOccurs="0"/>
+ <xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
@@ -154,7 +152,7 @@ <xs:element name="MaxRevocationAge" type="xs:integer"/>
<xs:element name="ServiceOrder" minOccurs="0">
<xs:complexType>
- <xs:sequence maxOccurs="2">
+ <xs:sequence minOccurs="1" maxOccurs="2">
<xs:element name="Service">
<xs:simpleType>
<xs:restriction base="xs:token">
diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html index 1fe63c118..ec9b30d7b 100644 --- a/spss/handbook/handbook/config/config.html +++ b/spss/handbook/handbook/config/config.html @@ -689,13 +689,7 @@ als relativ zum Pfad jenes Verzeichnisses interpretiert werden, in dem die zentr relative URL wird relativ zum Pfad jenes Verzeichnisses interpretiert, in dem die zentrale Konfigurationsdatei gespeichert ist. Eine absolute URL muss als Protokoll-Teil <code>file</code> verwenden. Das referenzierte Verzeichnis muss eine oder mehrere DER-kodierte Zertifikatsdateien beinhalten. Jede Zertifikatsdatei - repräsentiert ein explizit erlaubtes Signatorzertifikat. </li> - <li>Element <code>TSLLocation</code>: Dieses optionale Element vom Typ <code>xs:anyURI </code> enthält - eine relative oder absolute URL, die ein Verzeichnis im lokalen Dateisystem referenziert. - Eine relative URL wird relativ zum Pfad jenes Verzeichnisses interpretiert, in dem die zentrale - Konfigurationsdatei gespeichert ist. Eine absolute URL muss als Protokoll-Teil <code>file</code> verwenden. Das referenzierte Verzeichnis muss ein oder mehrere Trust-sercice Status Lists beinhalten.<br> - Ist dieses Element vorhanden so wird zusätzlich eine TSL Verifkation durchgeführt, deren Ergebnis in der Response im Element <code>TSLCheck</code> vorhanden ist. <br> - <strong>Anmerkung</strong>: Für die Nutzung der TSLs gehen wir davon aus, dass die Signatur der TSLs zuvor überprüft worden ist. </li> + repräsentiert ein explizit erlaubtes Signatorzertifikat. </li> </ul></td> </tr> </table> diff --git a/spss/handbook/handbook/install/install.html b/spss/handbook/handbook/install/install.html index f27da9479..768f6f045 100644 --- a/spss/handbook/handbook/install/install.html +++ b/spss/handbook/handbook/install/install.html @@ -114,7 +114,7 @@ <p> Die Basisinstallation des Webservices stellt einerseits die minimalen Anforderungen für den Betrieb von MOA SP/SS als Webservices dar, andererseits dient sie als Ausgangspunkt für optionale <a href="#webservice_erweiterungsmöglichkeiten">Erweiterungsmöglichkeiten</a>.</p> <p> Folgende Software ist Voraussetzung für die Basisinstallation des Webservices: </p> <ul> - <li><a href="#referenziertesoftware">J2SE 1.4.x SDK oder J2SE 5.0 SDK </a>(Anmerkung: Für die Nutzung der TSL Funktionlität ist <a href="#referenziertesoftware">J2SE 5.0 SDK</a> Voraussetzung)</li> + <li><a href="#referenziertesoftware">J2SE 1.4.x SDK oder J2SE 5.0 SDK </a></li> <li><a href="#referenziertesoftware">Apache Tomcat 4.1.18 oder höher </a></li> </ul> <p>In diesem Betriebs-Szenario wird das MOA SP/SS Webservice in Tomcat zum Einsatz gebracht. Tomcat fungiert gleichzeitig als HTTP- und HTTPS-Endpunkt für das MOA SP/SS Webservice. Beide Protokolle werden direkt in Tomcat konfiguriert. Das MOA SP/SS Webservice verwendet Log4j als Logging Toolkit.</p> diff --git a/spss/server/history.txt b/spss/server/history.txt index 3f2f420a0..9e838b525 100644 --- a/spss/server/history.txt +++ b/spss/server/history.txt @@ -2,13 +2,7 @@ 1.4.7 ############## -- In den Trustprofilen können nun Trust-service Status Lists (TSLs) angegeben werden. - MOA-SP liefert hierbei in der Response das TSL Verifikationsergebnis im Element - TSLCheck retour (siehe hierzu Dokumentation - Konfiguration Kapitel "2.3.1.2.2 - Vertrauensprofile"). - -- Bei Nutzung der TSL-Funktionalität ist Java 1.5 Voraussetzung - +- - IAIK Libraries aktualisiert: iaik-moa: Version 1.27 ############## diff --git a/spss/server/readme.update.txt b/spss/server/readme.update.txt index fb87ed327..cabee33b6 100644 --- a/spss/server/readme.update.txt +++ b/spss/server/readme.update.txt @@ -18,9 +18,6 @@ CATALINA_HOME bezeichnet das Wurzelverzeichnis der Tomcat-Installation MOA_SPSS_INST bezeichnet das Verzeichnis, in das Sie die Datei moa-spss-1.4.7.zip entpackt haben. -Anmerkung: Wenn Sie MOA-SP mit TSL Unterstützung verwenden wollen, dann -ist die Verwendung von Java 1.5 Voraussetzung dafür. - ================= Update Variante A ================= diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java index 1a778ad2b..daca95eb2 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java @@ -32,7 +32,6 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; -import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.Content; import at.gv.egovernment.moa.spss.api.common.MetaInfo; import at.gv.egovernment.moa.spss.api.common.SignerInfo; @@ -434,8 +433,7 @@ public abstract class SPSSFactory { * @param signerInfo Information about the signer certificate. * @param signatureCheck Result of the singature value check. * @param certificateCheck Result of the certificate status check. - * @param tslCheck Result of the TSL check - * @return The new <code>VerifyCMSSignatureResponseElement</code> containing + * @return The new <code>VerifyCMSSignatureResponseElement</code> containing * the above data. * * @pre signerInfo != null && signatureCheck != null && @@ -445,8 +443,7 @@ public abstract class SPSSFactory { public abstract VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement( SignerInfo signerInfo, CheckResult signatureCheck, - CheckResult certificateCheck, - CheckTSLResult tslCheck); + CheckResult certificateCheck); // // Factory methods for verifying XML signatures @@ -700,8 +697,7 @@ public abstract class SPSSFactory { ReferencesCheckResult signatureCheck, ReferencesCheckResult signatureManifestCheck, List xmlDsigManifestChecks, - CheckResult certificateCheck, - CheckTSLResult tslCheck); + CheckResult certificateCheck); /** * Create a new <code>ReferencesCheckResult</code> object. @@ -990,18 +986,7 @@ public abstract class SPSSFactory { */ public abstract CheckResult createCheckResult(int code, NodeList info); - /** - * Create a new <code>CheckTSLResult</code> object. - * - * @param code The numerical error code. - * @param info Verbose error information. - * @return The new <code>CheckTSLResult</code> containing the above data. - * - * @pre code >= 0 - * @pre info != null - * @post return != null - */ - public abstract CheckTSLResult createCheckTSLResult(int code, String info); + /** * Create a new <code>SignerInfo</code> object. diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java index e2f44c540..4920aac0c 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java @@ -16,7 +16,6 @@ package at.gv.egovernment.moa.spss.api.cmsverify; import at.gv.egovernment.moa.spss.api.common.CheckResult; -import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -45,10 +44,5 @@ public interface VerifyCMSSignatureResponseElement { * @return The result of the certificate verification. */ public CheckResult getCertificateCheck(); - /** - * Gets the result of the TSL verification - * - * @return The result of the TSL verification - */ - public CheckTSLResult getTSLCheck(); + } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java deleted file mode 100644 index f31512cdb..000000000 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java +++ /dev/null @@ -1,40 +0,0 @@ -/*
-* Copyright 2003 Federal Chancellery Austria
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-package at.gv.egovernment.moa.spss.api.common;
-
-import org.w3c.dom.NodeList;
-
-/**
- * Object encapsulating the result of a TSL verification.
- *
- * @author Patrick Peck
- * @author Stephan Grill
- * @version $Id: CheckResult.java 1087 2008-08-28 07:55:59Z mcentner $
- */
-public interface CheckTSLResult {
- /**
- * Gets the result code.
- *
- * @return The result code.
- */
- public int getCode();
- /**
- * Gets descriptive information.
- *
- * @return Descriptive information.
- */
- public String getInfo();
-}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java deleted file mode 100644 index 62f3ab979..000000000 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java +++ /dev/null @@ -1,66 +0,0 @@ -/*
-* Copyright 2003 Federal Chancellery Austria
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-package at.gv.egovernment.moa.spss.api.impl;
-
-import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
-
-/**
- * Default implementation of <code>CheckTSLResult</code>.
- *
- * @author Fatemeh Philippi
- * @author Klaus Stranacher
- * @version $Id: CheckResultImpl.java 1087 2008-08-28 07:55:59Z mcentner $
- */
-public class CheckTSLResultImpl implements CheckTSLResult {
- /** The result code. */
- private int code;
-
- /** Additional information. */
- private String info;
-
- /**
- * Sets a result code.
- *
- * @param code The result code.
- */
- public void setCode(int code) {
- this.code = code;
- }
-
- /**
- * @see at.gv.egovernment.moa.spss.api.common.CheckTSLResult#getCode()
- */
- public int getCode() {
- return code;
- }
-
- /**
- * Sets a descriptive information.
- *
- * @param info The descriptive information.
- */
- public void setInfo(String info) {
- this.info = info;
- }
-
- /**
- * @see at.gv.egovernment.moa.spss.api.common.CheckTSLResult#getInfo()
- */
- public String getInfo() {
- return info;
- }
-
-}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java index 8cf06bb15..7c8b7b561 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java @@ -32,7 +32,6 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; -import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.Content; import at.gv.egovernment.moa.spss.api.common.MetaInfo; import at.gv.egovernment.moa.spss.api.common.SignerInfo; @@ -260,14 +259,12 @@ public class SPSSFactoryImpl extends SPSSFactory { public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement( SignerInfo signerInfo, CheckResult signatureCheck, - CheckResult certificateCheck, - CheckTSLResult tslCheck) { + CheckResult certificateCheck) { VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement = new VerifyCMSSignatureResponseElementImpl(); verifyCMSSignatureResponseElement.setSignerInfo(signerInfo); verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck); verifyCMSSignatureResponseElement.setCertificateCheck(certificateCheck); - verifyCMSSignatureResponseElement.setTSLCheck(tslCheck); return verifyCMSSignatureResponseElement; } @@ -394,8 +391,7 @@ public class SPSSFactoryImpl extends SPSSFactory { ReferencesCheckResult signatureCheck, ReferencesCheckResult signatureManifestCheck, List xmlDsigManifestChecks, - CheckResult certificateCheck, - CheckTSLResult tslCheck) { + CheckResult certificateCheck) { VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse = new VerifyXMLSignatureResponseImpl(); verifyXMLSignatureResponse.setSignerInfo(signerInfo); @@ -406,7 +402,6 @@ public class SPSSFactoryImpl extends SPSSFactory { signatureManifestCheck); verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks); verifyXMLSignatureResponse.setCertificateCheck(certificateCheck); - verifyXMLSignatureResponse.setTSLCheck(tslCheck); return verifyXMLSignatureResponse; } @@ -565,12 +560,6 @@ public class SPSSFactoryImpl extends SPSSFactory { return checkResult; } - public CheckTSLResult createCheckTSLResult(int code, String info) { - CheckTSLResultImpl checkTSLResult = new CheckTSLResultImpl(); - checkTSLResult.setCode(code); - checkTSLResult.setInfo(info); - return checkTSLResult; - } public SignerInfo createSignerInfo( X509Certificate signerCertificate, diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java index f80c4ace2..6d14692fd 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java @@ -17,7 +17,6 @@ package at.gv.egovernment.moa.spss.api.impl; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; -import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -35,8 +34,6 @@ public class VerifyCMSSignatureResponseElementImpl private CheckResult signatureCheck; /** Information about the certificate check. */ private CheckResult certificateCheck; - /** Information about the TSL check */ - private CheckTSLResult tslCheck; /** * Sets a SignerInfo element according to CMS. @@ -77,16 +74,4 @@ public class VerifyCMSSignatureResponseElementImpl return certificateCheck; } - /** - * Sets a result of the TSL verification. - * - * @param tslCheck The result of the TSL verification. - */ - public void setTSLCheck(CheckTSLResult tslCheck) { - this.tslCheck = tslCheck; - } - - public CheckTSLResult getTSLCheck() { - return tslCheck; - } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java index ea6a180a7..3cad988ff 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java @@ -20,7 +20,6 @@ import java.util.Collections; import java.util.List; import at.gv.egovernment.moa.spss.api.common.CheckResult; -import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; @@ -53,8 +52,6 @@ public class VerifyXMLSignatureResponseImpl private List xmlDsigManifestChecks = new ArrayList(); /** Information about the certificate check. */ private CheckResult certificateCheck; - /** Information about the TSL check. */ - private CheckTSLResult tslCheck; /** * Sets information about the signer certificate. @@ -139,18 +136,7 @@ public class VerifyXMLSignatureResponseImpl public CheckResult getCertificateCheck() { return certificateCheck; } - /** - * Sets the result of the TSL verification. - * - * @param certificateCheck The result of the TSL verification. - */ - public void setTSLCheck(CheckTSLResult tslCheck) { - this.tslCheck = tslCheck; - } - - public CheckTSLResult getTSLCheck() { - return tslCheck; - } + /** * Sets the XMLDSigManifestChecks. diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java index 2e4a95a89..1215f1ccc 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java @@ -25,7 +25,6 @@ import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; -import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -90,8 +89,7 @@ public class VerifyCMSSignatureResponseBuilder { SignerInfo signerInfo = responseElement.getSignerInfo(); CheckResult signatureCheck = responseElement.getSignatureCheck(); CheckResult certCheck = responseElement.getCertificateCheck(); - CheckTSLResult tslCheck = responseElement.getTSLCheck(); - + ResponseBuilderUtils.addSignerInfo( responseDoc, responseElem, @@ -114,12 +112,7 @@ public class VerifyCMSSignatureResponseBuilder { certCheck.getCode(), certCheck.getInfo()); - ResponseBuilderUtils.addCodeInfoElement( - responseDoc, - responseElem, - "TSLCheck", - tslCheck.getCode(), - tslCheck.getInfo()); + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java index dedb1dc88..1ca931e9c 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java @@ -136,12 +136,7 @@ public class VerifyXMLSignatureResponseBuilder { response.getCertificateCheck().getCode(), response.getCertificateCheck().getInfo()); - ResponseBuilderUtils.addCodeInfoElement( - responseDoc, - responseElem, - "TSLCheck", - response.getTSLCheck().getCode(), - response.getTSLCheck().getInfo()); + return responseDoc; } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java index 63da503cb..1ccbae133 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java @@ -18,7 +18,6 @@ package at.gv.egovernment.moa.spss.api.xmlverify; import java.util.List; import at.gv.egovernment.moa.spss.api.common.CheckResult; -import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -73,12 +72,6 @@ public interface VerifyXMLSignatureResponse { */ public CheckResult getCertificateCheck(); - /** - * Gets the result of the TSL verification. - * - * @return The result of the TSL verification. - */ - public CheckTSLResult getTSLCheck(); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 51669026f..9e0dc7688 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -949,7 +949,6 @@ public class ConfigurationPartsBuilder { String id = getElementValue(profileElem, CONF + "Id", null); String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); - String tslLocStr = getElementValue(profileElem, CONF + "TSLLocation", null); URI trustAnchorsLocURI = null; try @@ -976,33 +975,7 @@ public class ConfigurationPartsBuilder { } - URI tslLocURI = null; - if (tslLocStr != null) { - - try - { - tslLocURI = new URI(tslLocStr); - if (!tslLocURI.isAbsolute()) { // make it absolute to the config file - tslLocURI = new URI(configRoot_.toURL() + tslLocStr); - } - } - catch (URIException e) { - warn("config.14", new Object[] { "uriTSL", id, tslLocStr }, e); - continue; - } - catch (MalformedURLException e) - { - warn("config.33", new Object[] {id}, e); - continue; - } - - File profileDirTSL = new File(tslLocURI.getPath()); - if (!profileDirTSL.exists() || !profileDirTSL.isDirectory()) { - warn("config.27", new Object[] { "uriTSL", id }); - continue; - } - } - + if (trustProfiles.containsKey(id)) { warn("config.04", new Object[] { "TrustProfile", id }); continue; @@ -1033,10 +1006,7 @@ public class ConfigurationPartsBuilder { } signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null; - String tslLocURIString = null; - if (tslLocURI != null) - tslLocURIString = tslLocURI.toString(); - TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslLocURIString); + TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr); trustProfiles.put(id, profile); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java index 66c08e34e..b1031c4cb 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java @@ -28,8 +28,6 @@ public class TrustProfile { private String uri; /** The URI giving the location of the allowed signer certificates. */ private String signerCertsUri; - /** The URI giving the location of the TSLs */ - private String uriTSL; /** * Create a <code>TrustProfile</code>. @@ -38,13 +36,11 @@ public class TrustProfile { * @param uri The URI of the <code>TrustProfile</code> to create. * @param signerCertsUri The URI of the location of the allowed signer * certificates of the <code>TrustProfile</code> to create. - * @param uriTSL The URI to the TSLs */ - public TrustProfile(String id, String uri, String signerCertsUri, String uriTSL) { + public TrustProfile(String id, String uri, String signerCertsUri) { this.id = id; this.uri = uri; this.signerCertsUri = signerCertsUri; - this.uriTSL = uriTSL; } /** @@ -75,11 +71,5 @@ public class TrustProfile { return signerCertsUri; } - /** - * Return the URI of the location of the TSLS - * @return The URI of the location of the TSLS - */ - public String getUriTSL() { - return uriTSL; - } + } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index b7bdbc9b8..dc23b5c2d 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -30,7 +30,6 @@ import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; -import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; import at.gv.egovernment.moa.spss.server.config.TrustProfile; import at.gv.egovernment.moa.spss.util.MessageProvider; @@ -82,8 +81,7 @@ public class VerifyCMSSignatureResponseBuilder { SignerInfo signerInfo; CheckResult signatureCheck; CheckResult certificateCheck; - CheckTSLResult tslCheck; - + // add SignerInfo element signerInfo = factory.createSignerInfo( @@ -98,54 +96,17 @@ public class VerifyCMSSignatureResponseBuilder { // add CertificateCheck element certificateCheck = factory.createCheckResult(certificateCheckCode, null); - // add TSL check - tslCheck = validateTSL(result, trustProfile); - + // build the response element responseElement = factory.createVerifyCMSSignatureResponseElement( signerInfo, signatureCheck, - certificateCheck, - tslCheck); + certificateCheck); responseElements.add(responseElement); } - /** - * Checks the certificate chain against the given (in the provided <code>trustProfile</code>) TSLs - * - * @param result The result produced by the <code>XMLSignatureVerificationModule</code>. - * - * @param trustProfile The trust profile the signer certificate is validated against. - * - * @return The overal result of the TSL validation. - * - * @throws MOAException - */ - private CheckTSLResult validateTSL(CMSSignatureVerificationResult result, TrustProfile trustProfile) - throws MOAException -{ - MessageProvider msg = MessageProvider.getInstance(); - //String logMsg = msg.getMessage("tsl.00", new Object[]{trustProfile.getId(), files[i].getName()}); - - // TODO KS: TSL initialisieren, TSL abfrage mit chain - - List chain = result.getCertificateValidationResult().getCertificateChain(); - String uriTSL = trustProfile.getUriTSL(); - //System.out.println("Size: " + chain.size()); - ListIterator it = chain.listIterator(); - while(it.hasNext()) { - X509Certificate cert = (X509Certificate) it.next(); - //System.out.println(cert.getSubjectDN()); - } - //System.out.println("URL-TSL: " + uriTSL); - - int resultCode = 0; - String resultInfo = msg.getMessage("tsl.00", null); - - SPSSFactory factory = SPSSFactory.getInstance(); - return factory.createCheckTSLResult(resultCode, resultInfo); -} + } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index 68ba4ad7e..7d66811db 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -42,7 +42,6 @@ import org.w3c.dom.NodeList; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.CheckResult; -import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.Content; import at.gv.egovernment.moa.spss.api.common.InputData; import at.gv.egovernment.moa.spss.api.common.SignerInfo; @@ -87,10 +86,7 @@ public class VerifyXMLSignatureResponseBuilder { private List xmlDsigManifestChecks; /** The result of the certificate check. */ private CheckResult certificateCheck; - /** The result of the TSL check. */ - private CheckTSLResult tslCheck; - /** * Get the <code>VerifyMLSignatureResponse</code> built so far. * @@ -104,8 +100,7 @@ public class VerifyXMLSignatureResponseBuilder { signatureCheck, signatureManifestCheck, xmlDsigManifestChecks, - certificateCheck, - tslCheck); + certificateCheck); } /** @@ -119,15 +114,13 @@ public class VerifyXMLSignatureResponseBuilder { * @param transformsSignatureManifestCheck The overall result for the signature * manifest check. * @param certificateCheck The overall result for the certificate check. - * @param tslCheck The result of the TSL check * @throws MOAApplicationException An error occurred adding the result. */ public void setResult( XMLSignatureVerificationResult result, XMLSignatureVerificationProfile profile, ReferencesCheckResult transformsSignatureManifestCheck, - CheckResult certificateCheck, - CheckTSLResult tslCheck) + CheckResult certificateCheck) throws MOAApplicationException { CertificateValidationResult certResult = @@ -292,8 +285,7 @@ public class VerifyXMLSignatureResponseBuilder { // create the certificate check this.certificateCheck = certificateCheck; - // create the tsl check - this.tslCheck = tslCheck; + } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index 765a48e79..eb6275b3a 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -59,7 +59,6 @@ import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.CheckResult; -import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; @@ -236,11 +235,9 @@ public class XMLSignatureVerificationInvoker { TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); CheckResult certificateCheck = validateSignerCertificate(result, trustProfile); - // Check the TSL result - CheckTSLResult tslCheck = validateTSL(result, trustProfile); // build the response - responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, tslCheck); + responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck); return responseBuilder.getResponse(); } @@ -325,41 +322,7 @@ public class XMLSignatureVerificationInvoker { return factory.createCheckResult(resultCode, null); } - /** - * Checks the certificate chain against the given (in the provided <code>trustProfile</code>) TSLs - * - * @param result The result produced by the <code>XMLSignatureVerificationModule</code>. - * - * @param trustProfile The trust profile the signer certificate is validated against. - * - * @return The overal result of the TSL validation. - * - * @throws MOAException - */ - private CheckTSLResult validateTSL(XMLSignatureVerificationResult result, TrustProfile trustProfile) - throws MOAException -{ - MessageProvider msg = MessageProvider.getInstance(); - //String logMsg = msg.getMessage("tsl.00", new Object[]{trustProfile.getId(), files[i].getName()}); - - // TODO KS: TSL initialisieren, TSL abfrage mit chain - - List chain = result.getCertificateValidationResult().getCertificateChain(); - String uriTSL = trustProfile.getUriTSL(); - //System.out.println("Size: " + chain.size()); - ListIterator it = chain.listIterator(); - while(it.hasNext()) { - X509Certificate cert = (X509Certificate) it.next(); - //System.out.println(cert.getSubjectDN()); - } - //System.out.println("URL-TSL: " + uriTSL); - - int resultCode = 0; - String resultInfo = msg.getMessage("tsl.00", null); - SPSSFactory factory = SPSSFactory.getInstance(); - return factory.createCheckTSLResult(resultCode, resultInfo); -} /** * Select the <code>dsig:Signature</code> DOM element within the signature diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties index 4c9d11f63..3920da4d9 100644 --- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties +++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties @@ -134,7 +134,6 @@ config.28=Einen detaillierten Fehlerbericht entnehmen Sie bitte der Log-Datei. config.29=Es sind folgende leichte Fehler aufgetreten:
config.31=Fehler in der Konfiguration der KeyGroup mit id={0}: Der Schlüssel im KeyModule id={1} mit IssuerName={2} und SerialNumber={3} konnte nicht geladen werden
config.32=Fehler in der Konfiguration: Verzeichnisangabe für den Zertifikatsspeicher ist ungültig ({0}).
-config.33=Fehler beim Erstellen des TrustProfile id={0}: Name des TSL-Verzeichnisses konnte nicht in eine URL umgewandet werden
handler.00=Starte neue Transaktion: TID={0}, Service={1}
handler.01=Aufruf von Adresse={0}
@@ -148,6 +147,4 @@ handler.07=SOAP Request empfangen: Request={0} invoker.00=Das Signature Environment konnte nicht validierend geparst werden
invoker.01=Keine passende Transformationskette gefunden (Index={0})
invoker.02=Der Hashwert der Transformation stimmt nicht überein (Index={0})
-invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1})
-
-tsl.00 = Das Zertifikat konnte erfolgreich gegen die TSL verifiziert werden
\ No newline at end of file +invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1})
\ No newline at end of file |