diff options
35 files changed, 1046 insertions, 1161 deletions
diff --git a/common/src/main/resources/resources/schemas/MOA-SPSS-1.5.2.xsd b/common/src/main/resources/resources/schemas/MOA-SPSS-1.5.2.xsd index 640f577aa..144918778 100644 --- a/common/src/main/resources/resources/schemas/MOA-SPSS-1.5.2.xsd +++ b/common/src/main/resources/resources/schemas/MOA-SPSS-1.5.2.xsd @@ -147,7 +147,7 @@ <xsd:sequence maxOccurs="unbounded"> <xsd:element name="SignerInfo" type="dsig:KeyInfoType"> <xsd:annotation> - <xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any</xsd:documentation> + <xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="SignatureCheck" type="CheckResultType"/> @@ -198,7 +198,7 @@ <xsd:sequence> <xsd:element name="SignerInfo" type="dsig:KeyInfoType"> <xsd:annotation> - <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any</xsd:documentation> + <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/> @@ -454,19 +454,31 @@ </xsd:element> </xsd:choice> </xsd:complexType> - <xsd:element name="QualifiedCertificate"/> + <xsd:element name="QualifiedCertificate"> + <xsd:complexType> + <xsd:attribute name="source" use="optional"> + <xsd:simpleType> + <xsd:restriction base="xsd:token"> + <xsd:enumeration value="TSL"/> + <xsd:enumeration value="Certificate"/> + </xsd:restriction> + </xsd:simpleType> + </xsd:attribute> + </xsd:complexType> + </xsd:element> <xsd:element name="SecureSignatureCreationDevice"> <xsd:complexType> - <xsd:attribute name="source" use="required"> - <xsd:simpleType> - <xsd:restriction base="xsd:token"> - <xsd:enumeration value="TSL"/> - <xsd:enumeration value="Certificate"/> - </xsd:restriction> - </xsd:simpleType> - </xsd:attribute> + <xsd:attribute name="source" use="optional"> + <xsd:simpleType> + <xsd:restriction base="xsd:token"> + <xsd:enumeration value="TSL"/> + <xsd:enumeration value="Certificate"/> + </xsd:restriction> + </xsd:simpleType> + </xsd:attribute> </xsd:complexType> </xsd:element> + <xsd:element name="IssuingCountry" type="xsd:token"/> <xsd:element name="PublicAuthority" type="PublicAuthorityType"/> <xsd:complexType name="PublicAuthorityType"> <xsd:sequence> diff --git a/id/oa/.settings/org.eclipse.jdt.core.prefs b/id/oa/.settings/org.eclipse.jdt.core.prefs index c788ee346..dc0892a32 100644 --- a/id/oa/.settings/org.eclipse.jdt.core.prefs +++ b/id/oa/.settings/org.eclipse.jdt.core.prefs @@ -1,8 +1,8 @@ eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
-org.eclipse.jdt.core.compiler.compliance=1.7
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.7
+org.eclipse.jdt.core.compiler.source=1.5
diff --git a/id/oa/.settings/org.eclipse.wst.common.component b/id/oa/.settings/org.eclipse.wst.common.component index 7e38d20b7..beb49b957 100644 --- a/id/oa/.settings/org.eclipse.wst.common.component +++ b/id/oa/.settings/org.eclipse.wst.common.component @@ -1,8 +1,8 @@ -<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="2.0">
+<?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
<wb-module deploy-name="moa-id-oa">
- <property name="context-root" value="moa-id-oa"/>
- <wb-resource deploy-path="/" source-path="src/main/webapp"/>
+ <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
+ <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
<property name="java-output-path" value="/target/classes"/>
+ <property name="context-root" value="oa"/>
</wb-module>
-</project-modules>
\ No newline at end of file +</project-modules>
diff --git a/id/oa/.settings/org.eclipse.wst.common.project.facet.core.xml b/id/oa/.settings/org.eclipse.wst.common.project.facet.core.xml index a801c94a0..fec12087a 100644 --- a/id/oa/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/id/oa/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -2,6 +2,6 @@ <faceted-project>
<fixed facet="jst.java"/>
<fixed facet="jst.web"/>
- <installed facet="jst.web" version="2.4"/>
- <installed facet="jst.java" version="1.4"/>
-</faceted-project>
\ No newline at end of file + <installed facet="jst.java" version="1.5"/>
+ <installed facet="jst.web" version="2.3"/>
+</faceted-project>
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component index e667e1ee5..90413a56a 100644 --- a/id/server/auth/.settings/org.eclipse.wst.common.component +++ b/id/server/auth/.settings/org.eclipse.wst.common.component @@ -6,9 +6,6 @@ <dependent-module archiveName="moa-common-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
<dependency-type>uses</dependency-type>
</dependent-module>
- <dependent-module archiveName="moa-id-lib-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
<dependent-module archiveName="stork-saml-engine-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/stork-saml-engine/stork-saml-engine">
<dependency-type>uses</dependency-type>
</dependent-module>
diff --git a/id/server/idserverlib/.settings/org.eclipse.wst.common.component b/id/server/idserverlib/.settings/org.eclipse.wst.common.component index 8f3380621..a5eb3d4d8 100644 --- a/id/server/idserverlib/.settings/org.eclipse.wst.common.component +++ b/id/server/idserverlib/.settings/org.eclipse.wst.common.component @@ -1,8 +1,7 @@ -<?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="2.0">
<wb-module deploy-name="moa-id-lib">
<wb-resource deploy-path="/" source-path="src/main/java"/>
<wb-resource deploy-path="/" source-path="src/main/resources"/>
- <wb-resource deploy-path="/" source-path="/src/main/java"/>
- <wb-resource deploy-path="/" source-path="/src/main/resources"/>
</wb-module>
-</project-modules>
+</project-modules>
\ No newline at end of file diff --git a/id/server/proxy/.settings/org.eclipse.wst.common.component b/id/server/proxy/.settings/org.eclipse.wst.common.component index cc61830e7..eeb0e2248 100644 --- a/id/server/proxy/.settings/org.eclipse.wst.common.component +++ b/id/server/proxy/.settings/org.eclipse.wst.common.component @@ -6,9 +6,6 @@ <dependent-module archiveName="moa-common-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
<dependency-type>uses</dependency-type>
</dependent-module>
- <dependent-module archiveName="moa-id-lib-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
<dependent-module archiveName="stork-saml-engine-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/stork-saml-engine/stork-saml-engine">
<dependency-type>uses</dependency-type>
</dependent-module>
@@ -68,10 +68,10 @@ <configuration>
<finalName>moa</finalName>
<descriptors>
- <descriptor>id/assembly-auth.xml</descriptor>-->
- <!-- <descriptor>id/assembly-proxy.xml</descriptor>-->
+ <descriptor>id/assembly-auth.xml</descriptor>
+ <descriptor>id/assembly-proxy.xml</descriptor>
<descriptor>spss/assembly.xml</descriptor>
- <!-- <descriptor>spss/assembly-lib.xml</descriptor>-->
+ <descriptor>spss/assembly-lib.xml</descriptor>
</descriptors>
</configuration>
</plugin>
@@ -211,32 +211,32 @@ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>3.8.1</version> <!-- TODO: version update? -->
+ <version>3.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
- <version>1.0.4</version> <!-- TODO: version update? -->
+ <version>1.0.4</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
- <version>2.4</version> <!-- TODO: version update? -->
+ <version>2.4</version>
<scope>provide</scope>
</dependency>
<dependency>
<groupId>javax.activation</groupId>
<artifactId>activation</artifactId>
- <version>1.1</version> <!-- TODO: version update? -->
+ <version>1.1</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>commons-discovery</groupId>
<artifactId>commons-discovery</artifactId>
- <version>0.2</version> <!-- TODO: version update? -->
+ <version>0.2</version>
<scope>compile</scope>
</dependency>
<!-- IAIK libraries -->
diff --git a/spss/handbook/clients/api/.classpath b/spss/handbook/clients/api/.classpath index ea8736aef..53806d1e8 100644 --- a/spss/handbook/clients/api/.classpath +++ b/spss/handbook/clients/api/.classpath @@ -1,43 +1,43 @@ <?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="src" path="src/main/java" including="**/*.java"/>
- <classpathentry kind="output" path="target/classes"/>
- <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/xml/bind/jaxb-api/2.2.6/jaxb-api-2.2.6.jar"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
- <classpathentry kind="var" path="M2_REPO/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/axis/axis-wsdl4j/1.5.1/axis-wsdl4j-1.5.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-discovery/commons-discovery/0.2/commons-discovery-0.2.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
- <classpathentry kind="var" path="M2_REPO/postgresql/postgresql/7.2/postgresql-7.2.jar"/>
- <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xalan/2.7.1/xalan-2.7.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/xalan/serializer/2.7.1/serializer-2.7.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/xml-apis/xml-apis/1.3.04/xml-apis-1.3.04.jar"/>
- <classpathentry kind="var" path="M2_REPO/xerces/xercesImpl/2.9.0/xercesImpl-2.9.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/serializer/2.7.1/serializer-2.7.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.jar"/>
- <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar"/>
- <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar"/>
- <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Provider/1.2.4/iaik_Pkcs11Provider-1.2.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Wrapper/1.2.17/iaik_Pkcs11Wrapper-1.2.17.jar"/>
- <classpathentry kind="src" path="/moa-common"/>
- <classpathentry kind="var" path="M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar"/>
- <classpathentry kind="var" path="M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar"/>
- <classpathentry kind="var" path="M2_REPO/joda-time/joda-time/1.6.2/joda-time-1.6.2.jar"/>
- <classpathentry kind="src" path="/moa-spss-lib"/>
- <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_util/0.23/iaik_util-0.23.jar"/>
- <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_xsect/1.1709142/iaik_xsect-1.1709142.jar"/>
- <classpathentry kind="var" path="M2_REPO/com/sun/xml/bind/jaxb-impl/2.2.5/jaxb-impl-2.2.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jsse/4.4/iaik_jsse-4.4.jar"/>
-</classpath>
\ No newline at end of file + <classpathentry including="**/*.java" kind="src" path="src/main/java"/>
+ <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/xml/bind/jaxb-api/2.2.6/jaxb-api-2.2.6.jar"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
+ <classpathentry kind="var" path="M2_REPO/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar" sourcepath="/AXIS-IAIK"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/axis/axis-wsdl4j/1.5.1/axis-wsdl4j-1.5.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-discovery/commons-discovery/0.2/commons-discovery-0.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/postgresql/postgresql/7.2/postgresql-7.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xalan/2.7.1/xalan-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xalan/serializer/2.7.1/serializer-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xml-apis/xml-apis/1.3.04/xml-apis-1.3.04.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xerces/xercesImpl/2.9.0/xercesImpl-2.9.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/serializer/2.7.1/serializer-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.5/iaik_moa-1.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/5.101/iaik_jce_full-5.101.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Provider/1.2.4/iaik_Pkcs11Provider-1.2.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Wrapper/1.2.17/iaik_Pkcs11Wrapper-1.2.17.jar"/>
+ <classpathentry kind="src" path="/moa-common"/>
+ <classpathentry kind="var" path="M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar"/>
+ <classpathentry kind="var" path="M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar"/>
+ <classpathentry kind="var" path="M2_REPO/joda-time/joda-time/1.6.2/joda-time-1.6.2.jar"/>
+ <classpathentry kind="src" path="/moa-spss-lib"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_util/0.23/iaik_util-0.23.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_xsect/1.1709142/iaik_xsect-1.1709142.jar"/>
+ <classpathentry kind="var" path="M2_REPO/com/sun/xml/bind/jaxb-impl/2.2.5/jaxb-impl-2.2.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jsse/4.4/iaik_jsse-4.4.jar"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd index 669ebe53f..91d281171 100644 --- a/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd +++ b/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd @@ -19,20 +19,36 @@ </xs:sequence>
</xs:complexType>
</xs:element>
- <xs:element name="PermitExternalUris" minOccurs="0">
- <xs:complexType>
- <xs:sequence minOccurs="0" maxOccurs="unbounded">
- <xs:element name="BlackListUri">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="IP" type="xs:string"/>
- <xs:element name="Port" type="xs:int" minOccurs="0"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
+ <xs:choice>
+ <xs:element name="PermitExternalUris" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence minOccurs="0">
+ <xs:element name="BlackListUri" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="IP" type="xs:string"/>
+ <xs:element name="Port" type="xs:int" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="ForbidExternalUris" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="WhiteListUri" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="IP" type="xs:string"/>
+ <xs:element name="Port" type="xs:int" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
</xs:sequence>
</xs:complexType>
</xs:element>
@@ -78,6 +94,7 @@ </xs:complexType>
</xs:element>
</xs:sequence>
+ <xs:element name="DigestMethodAlgorithm" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
@@ -99,6 +116,19 @@ </xs:element>
<xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="XAdES" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Version">
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="1.4.2"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
@@ -147,7 +177,7 @@ </xs:sequence>
</xs:complexType>
</xs:element>
- <xs:element name="TrustProfile" maxOccurs="unbounded">
+ <xs:element name="TrustProfile" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="Id" type="xs:token"/>
@@ -283,6 +313,7 @@ <xs:element name="TSLConfiguration" minOccurs="0">
<xs:complexType>
<xs:sequence>
+ <xs:element name="EUTSLUrl" type="xs:anyURI" minOccurs="0"/>
<xs:element name="UpdateSchedule" minOccurs="0">
<xs:complexType>
<xs:sequence>
diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html index 96270bde1..f44bd7dc0 100644 --- a/spss/handbook/handbook/config/config.html +++ b/spss/handbook/handbook/config/config.html @@ -1071,7 +1071,10 @@ Wird der Wert auf -1 gesetzt, dann bedeutet das ein unendlich langes Intervall. <td><p>Das Element <code>cfg:TSLConfiguration</code><code></code> legt die TSL Konfiguration fest, wenn Vertrauensprofile mit TSL Unterstützung konfiguriert sind. Das Element weist folgende Kind-Elemente auf: <ul> <ul> - <li>Element <code>cfg:UpdateSchedule</code>: Dieses Element legt fest wann und in welchem Intervall die EU-TSL erneut eingelesen werden soll. Das Element <code>cfg:UpdateSchedule</code> besteht dabei aus folgenden Kind-Elementen:</li> + <li>Element <code>cfg:EUTSLUrl</code>: Dieses optionale Element legt die URL zur EU-TSL fest.<br> + </li> + <em>Hinweis</em>: Wird kein <code>cfg:EUTSLUrl</code> Element angegeben so wird defaultmäßig <code>https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml</code> als EU-TSL URL herangezogen. + <li>Element <code>cfg:UpdateSchedule</code>: Dieses optionale Element legt fest wann und in welchem Intervall die EU-TSL erneut eingelesen werden soll. Das Element <code>cfg:UpdateSchedule</code> besteht dabei aus folgenden Kind-Elementen:</li> <ul> <li>Element <code>cfg:StartTime</code>: Legt eine Startzeit im Format hh:mm:ss fest. </li> <li>Element <code>cfg:Period</code>: Legt das Intervall (in Millisekunden) fest, in welchem die EU-TSL erneut eingelesen werden soll</li> @@ -1085,7 +1088,6 @@ Wird der Wert auf -1 gesetzt, dann bedeutet das ein unendlich langes Intervall. Wichtig</strong>: Das angegebene Verzeichnis muss jedenfalls die Unterverzeichnis "trust" aus der <a href="../../../conf/moa-spss/tslworking">Beispiel-Konfiguration</a> beinhalten. In dessen Unterverzeichnis "eu" müssen jene vertrauenswürdigen Zertifikate angegeben werden, mit denen die EU-TSL signiert ist. </ul> - <p><strong>Wichtig</strong>: Beim Tomcat-Start muss zusätzlich noch ein so genannten Hashcache Verzeichnis angegeben werden. Dies erfolgt mit dem Parameter iaik.xml.crypto.tsl.BinaryHashCache.DIR (siehe auch <a href="../install/install.html#webservice_basisinstallation_installation_tomcatstartstop">Starten und Stoppen von Tomcat</a>). </p> <p><em>Hinweis</em>: Um die TSL Überprüfung zu aktivieren muss auch (zumindest) ein Vertrauensprofil mit TSL Überprüfung konfiguriert werden (siehe <a href="#konfigurationsparameter_sp_certificatevalidation_pathvalidation_trustprofile">Vertrauensprofil</a>)</p></td> </tr> diff --git a/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.xsd b/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.xsd index 137ad6deb..144918778 100644 --- a/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.xsd +++ b/spss/handbook/handbook/spec/MOA-SPSS-1.5.2.xsd @@ -1,15 +1,56 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- - MOA SP/SS 1.3 Schema + MOA SP/SS 1.5.2 Schema --> <xsd:schema xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2"> <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/> <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/> <!--########## Create CMS Signature ###--> <!--### Create CMS Signature Request ###--> - <xsd:element name="CreateCMSSignatureRequest"/> - <!--### Create CMS Signature Response ###--> - <xsd:element name="CreateCMSSignatureResponse"/> + <xsd:element name="CreateCMSSignatureRequest"> + <xsd:complexType> + <xsd:complexContent> + <xsd:extension base="CreateCMSSignatureRequestType"/> + </xsd:complexContent> + </xsd:complexType> + </xsd:element> + <xsd:complexType name="CreateCMSSignatureRequestType"> + <xsd:sequence> + <xsd:element name="KeyIdentifier" type="KeyIdentifierType"/> + <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded"> + <xsd:annotation> + <xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="DataObjectInfo"> + <xsd:complexType> + <xsd:complexContent> + <xsd:extension base="CMSDataObjectInfoType"/> + </xsd:complexContent> + </xsd:complexType> + </xsd:element> + </xsd:sequence> + <xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/> + </xsd:complexType> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + <!--### Create CMS Signature Response ###--> + <xsd:element name="CreateCMSSignatureResponse" type="CreateCMSSignatureResponseType"/> + <xsd:complexType name="CreateCMSSignatureResponseType"> + <xsd:choice maxOccurs="unbounded"> + <xsd:annotation> + <xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation> + </xsd:annotation> + <xsd:element name="CMSSignature" type="xsd:base64Binary"> + <xsd:annotation> + <xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation> + </xsd:annotation> + </xsd:element> + <xsd:element ref="ErrorResponse"/> + </xsd:choice> + </xsd:complexType> <!--########## Create XML Signature ###--> <!--### Create XML Signature Request ###--> <xsd:element name="CreateXMLSignatureRequest"> @@ -106,7 +147,7 @@ <xsd:sequence maxOccurs="unbounded"> <xsd:element name="SignerInfo" type="dsig:KeyInfoType"> <xsd:annotation> - <xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any</xsd:documentation> + <xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="SignatureCheck" type="CheckResultType"/> @@ -157,7 +198,7 @@ <xsd:sequence> <xsd:element name="SignerInfo" type="dsig:KeyInfoType"> <xsd:annotation> - <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any</xsd:documentation> + <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/> @@ -228,6 +269,25 @@ </xsd:simpleType> </xsd:attribute> </xsd:complexType> + <xsd:complexType name="CMSDataObjectInfoType"> + <xsd:sequence> + <xsd:element name="DataObject"> + <xsd:complexType> + <xsd:complexContent> + <xsd:extension base="CMSDataObjectRequiredMetaType"/> + </xsd:complexContent> + </xsd:complexType> + </xsd:element> + </xsd:sequence> + <xsd:attribute name="Structure" use="required"> + <xsd:simpleType> + <xsd:restriction base="xsd:string"> + <xsd:enumeration value="detached"/> + <xsd:enumeration value="enveloping"/> + </xsd:restriction> + </xsd:simpleType> + </xsd:attribute> + </xsd:complexType> <xsd:complexType name="TransformsInfoType"> <xsd:sequence> <xsd:element ref="dsig:Transforms" minOccurs="0"/> @@ -246,6 +306,12 @@ <xsd:element name="Content" type="CMSContentBaseType"/> </xsd:sequence> </xsd:complexType> + <xsd:complexType name="CMSDataObjectRequiredMetaType"> + <xsd:sequence> + <xsd:element name="MetaInfo" type="MetaInfoType"/> + <xsd:element name="Content" type="CMSContentBaseType"/> + </xsd:sequence> + </xsd:complexType> <xsd:complexType name="CMSContentBaseType"> <xsd:complexContent> <xsd:restriction base="ContentOptionalRefType"> @@ -388,7 +454,31 @@ </xsd:element> </xsd:choice> </xsd:complexType> - <xsd:element name="QualifiedCertificate"/> + <xsd:element name="QualifiedCertificate"> + <xsd:complexType> + <xsd:attribute name="source" use="optional"> + <xsd:simpleType> + <xsd:restriction base="xsd:token"> + <xsd:enumeration value="TSL"/> + <xsd:enumeration value="Certificate"/> + </xsd:restriction> + </xsd:simpleType> + </xsd:attribute> + </xsd:complexType> + </xsd:element> + <xsd:element name="SecureSignatureCreationDevice"> + <xsd:complexType> + <xsd:attribute name="source" use="optional"> + <xsd:simpleType> + <xsd:restriction base="xsd:token"> + <xsd:enumeration value="TSL"/> + <xsd:enumeration value="Certificate"/> + </xsd:restriction> + </xsd:simpleType> + </xsd:attribute> + </xsd:complexType> + </xsd:element> + <xsd:element name="IssuingCountry" type="xsd:token"/> <xsd:element name="PublicAuthority" type="PublicAuthorityType"/> <xsd:complexType name="PublicAuthorityType"> <xsd:sequence> diff --git a/spss/server/serverlib/resources/data/deploy/tomcat/unix/moa-env.sh b/spss/server/serverlib/resources/data/deploy/tomcat/unix/moa-env.sh index 6d5be35c0..f114a40f8 100644 --- a/spss/server/serverlib/resources/data/deploy/tomcat/unix/moa-env.sh +++ b/spss/server/serverlib/resources/data/deploy/tomcat/unix/moa-env.sh @@ -3,14 +3,11 @@ MOA_START=`pwd` CONFIG_OPT=-Dmoa.spss.server.configuration=$MOA_START/conf/moa-spss/spss.config.xml LOGGING_OPT=-Dlog4j.configuration=file:$MOA_START/conf/moa-spss/log4j.properties -# Hashcache Parameter für TSL Unterstuetzung bei MOA-SP -#PARAM_HASHCACHE=-Diaik.xml.crypto.tsl.BinaryHashCache.DIR=$MOA_START/conf/moa-spss/hashcache/ - # NODE_ID_OPT=-Dmoa.node-id=node1 # TRUST_STORE_OPT=-Djavax.net.ssl.trustStore=truststore.jks # TRUST_STORE_PASS_OPT=-Djavax.net.ssl.trustStorePassword=changeit # TRUST_STORE_TYPE_OPT=-Djavax.net.ssl.trustStoreType=jks -export CATALINA_OPTS="$CONFIG_OPT $LOGGING_OPT $NODE_ID_OPT $PARAM_HASHCACHE $TRUST_STORE_OPT $TRUST_STORE_PASS_OPT $TRUST_STORE_TYPE_OPT" +export CATALINA_OPTS="$CONFIG_OPT $LOGGING_OPT $NODE_ID_OPT $TRUST_STORE_OPT $TRUST_STORE_PASS_OPT $TRUST_STORE_TYPE_OPT" echo CATALINA_OPTS=$CATALINA_OPTS diff --git a/spss/server/serverlib/resources/data/deploy/tomcat/win32/startTomcat.bat b/spss/server/serverlib/resources/data/deploy/tomcat/win32/startTomcat.bat index 729bddbf3..de36fd5c4 100644 --- a/spss/server/serverlib/resources/data/deploy/tomcat/win32/startTomcat.bat +++ b/spss/server/serverlib/resources/data/deploy/tomcat/win32/startTomcat.bat @@ -15,10 +15,7 @@ set PARAM_SPSSCONFIG=-Dmoa.spss.server.configuration=%MOA_SPSS_CFG_HOME%\spss.co set PARAM_LOGGING=-Dlog4j.configuration=file:%MOA_SPSS_CFG_HOME%\log4j.properties
set PARAM_NODEID=-Dmoa.node-id=Node1
-rem Hashcache Parameter für TSL Unterstuetzung bei MOA-SP
-rem set PARAM_HASHCACHE=-Diaik.xml.crypto.tsl.BinaryHashCache.DIR=%MOA_SPSS_CFG_HOME%\hashcache\
-
-set PARAMS_MOA=%PARAM_SPSSCONFIG% %PARAM_LOGGING% %PARAM_NODEID% %PARAM_HASHCACHE%
+set PARAMS_MOA=%PARAM_SPSSCONFIG% %PARAM_LOGGING% %PARAM_NODEID%
rem set PARAM_TRUST_STORE=-Djavax.net.ssl.trustStore=truststore.jks
rem set PARAM_TRUST_STORE_PASS=-Djavax.net.ssl.trustStorePassword=changeit
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java index 80f996b36..b5cc96a04 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java @@ -1101,6 +1101,7 @@ public abstract class SPSSFactory { * signature based on a SSDC, otherwise <code>false</code>. * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, * otherwise <code>false</code>. + * @param issuerCountryCode contains the signer certificate issuer country code. * @return The <code>SignerInfo</code> containing the above data. * * @pre signerCertSubjectName != null @@ -1114,7 +1115,8 @@ public abstract class SPSSFactory { boolean publicAuthority, String publicAuthorityID, boolean sscd, - boolean sscdSourceTSL); + boolean sscdSourceTSL, + String issuerCountryCode); /** * Create a new <code>X509IssuerSerial</code> object. diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java index 337f775bf..777365ad3 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java @@ -68,7 +68,11 @@ public interface SignerInfo { */ public String getQCSource(); - + /** + * Returns the signer certificate issuer country code + * @return + */ + public String getIssuerCountryCode(); /** * Checks, whether the certificate contained in this object is a * public authority certificate. diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java index 74f65cb70..8e3bb7636 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java @@ -626,7 +626,8 @@ public class SPSSFactoryImpl extends SPSSFactory { boolean publicAuthority, String publicAuthorityID, boolean sscd, - boolean sscdSourceTSL) { + boolean sscdSourceTSL, + String issuerCountryCode) { SignerInfoImpl signerInfo = new SignerInfoImpl(); signerInfo.setSignerCertificate(signerCertificate); signerInfo.setQualifiedCertificate(qualifiedCertificate); @@ -635,6 +636,7 @@ public class SPSSFactoryImpl extends SPSSFactory { signerInfo.setPublicAuhtorityID(publicAuthorityID); signerInfo.setSSCD(sscd); signerInfo.setSSCDSourceTSL(sscdSourceTSL); + signerInfo.setIssuerCountryCode(issuerCountryCode); return signerInfo; } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java index 5d26397c5..7a108e8a4 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java @@ -56,6 +56,9 @@ public class SignerInfoImpl implements SignerInfo { /** Determines, if the QC check bases upon on TSL */ private boolean qcSourceTSL; + /** The certificate issuer country code */ + private String issuerCountryCode; + /** * Sets the signer certificate. * @@ -118,6 +121,13 @@ public class SignerInfoImpl implements SignerInfo { return "Certificate"; } + public void setIssuerCountryCode(String issuerCountryCode) { + this.issuerCountryCode = issuerCountryCode; + } + public String getIssuerCountryCode() { + return issuerCountryCode; + } + /** * Sets, whether the certificate contained in this object is an * e-government certificate or not. diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java index 505303bc1..2e2afaf7c 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java @@ -121,7 +121,8 @@ class ResponseBuilderUtils { boolean isPublicAuthority, String publicAuthorityID, boolean isSSCD, - String sscdSource) + String sscdSource, + String issuerCountryCode) throws MOAApplicationException { Element signerInfoElem = response.createElementNS(MOA_NS_URI, "SignerInfo"); @@ -147,6 +148,12 @@ class ResponseBuilderUtils { isSSCD ? response.createElementNS(MOA_NS_URI, "SecureSignatureCreationDevice") : null; + Element issuerCountryCodeElem = null; + if (issuerCountryCode != null) { + issuerCountryCodeElem = response.createElementNS(MOA_NS_URI, "IssuerCountryCode"); + issuerCountryCodeElem.setTextContent(issuerCountryCode); + } + Element publicAuthorityElem = isPublicAuthority ? response.createElementNS(MOA_NS_URI, "PublicAuthority") @@ -184,8 +191,10 @@ class ResponseBuilderUtils { x509DataElem.appendChild(x509IssuerSerialElem); x509DataElem.appendChild(x509CertificateElem); if (isQualified) { - qualifiedCertificateElem.setAttributeNS(MOA_NS_URI, "Source", qcSource); - x509DataElem.appendChild(qualifiedCertificateElem); + if (qcSource.compareToIgnoreCase("TSL") == 0) + qualifiedCertificateElem.setAttributeNS(MOA_NS_URI, "Source", qcSource); + + x509DataElem.appendChild(qualifiedCertificateElem); } if (isPublicAuthority) { x509DataElem.appendChild(publicAuthorityElem); @@ -195,9 +204,12 @@ class ResponseBuilderUtils { } } if (isSSCD) { - sscdElem.setAttributeNS(MOA_NS_URI, "Source", sscdSource); + sscdElem.setAttributeNS(MOA_NS_URI, "Source", sscdSource); x509DataElem.appendChild(sscdElem); } + if (issuerCountryCodeElem != null) + x509DataElem.appendChild(issuerCountryCodeElem); + signerInfoElem.appendChild(x509DataElem); root.appendChild(signerInfoElem); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java index 238875351..b11560b28 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java @@ -99,7 +99,6 @@ public class VerifyCMSSignatureResponseBuilder { CheckResult signatureCheck = responseElement.getSignatureCheck(); CheckResult certCheck = responseElement.getCertificateCheck(); - //TODO ResponseBuilderUtils.addSignerInfo( responseDoc, responseElem, @@ -109,7 +108,8 @@ public class VerifyCMSSignatureResponseBuilder { signerInfo.isPublicAuthority(), signerInfo.getPublicAuhtorityID(), signerInfo.isSSCD(), - signerInfo.getSSCDSource()); + signerInfo.getSSCDSource(), + signerInfo.getIssuerCountryCode()); ResponseBuilderUtils.addCodeInfoElement( responseDoc, diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java index 8673fba1c..dd4e13ad9 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java @@ -100,7 +100,8 @@ public class VerifyXMLSignatureResponseBuilder { response.getSignerInfo().isPublicAuthority(), response.getSignerInfo().getPublicAuhtorityID(), response.getSignerInfo().isSSCD(), - response.getSignerInfo().getSSCDSource()); + response.getSignerInfo().getSSCDSource(), + response.getSignerInfo().getIssuerCountryCode()); // add HashInputData elements responseData = response.getHashInputDatas(); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index d2ee75116..0908d88c9 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -1225,7 +1225,6 @@ public class ConfigurationPartsBuilder { tp.mkdir(); if (!tp.isDirectory()) { error("config.50", new Object[] { tp.getPath() }); - // TODO? } File tpid = new File(tp, id); @@ -1233,11 +1232,8 @@ public class ConfigurationPartsBuilder { tpid.mkdir(); if (!tpid.isDirectory()) { error("config.50", new Object[] { tpid.getPath() }); - // TODO? } - - //System.out.println("tps: " + tpid.getAbsolutePath()); // create profile profile = new TrustProfile(id, tpid.getAbsolutePath(), signerCertsLocStr, tslEnabled, countries); @@ -1257,10 +1253,6 @@ public class ConfigurationPartsBuilder { FileUtils.copyFile(file, new File(tpid, file.getName())); } -// System.out.println("ID: " + id); -// System.out.println("Str: " + trustAnchorsLocStr); -// System.out.println("URI: " + trustAnchorsLocURI.toString()); -// System.out.println("tslWorkingDir: " + tslWorkingDir); } else { @@ -1698,7 +1690,6 @@ public class ConfigurationPartsBuilder { map.put(x509IssuerName, interval); } - //System.out.println("Name: " + x509IssuerName + " - Interval: " + interval); } return map; diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index 3640dc23f..12d8b0126 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -119,7 +119,7 @@ public class SystemInitializer { try { ConfigurationProvider config = ConfigurationProvider.getInstance(); ConfigurationData configData = new IaikConfigurator().configure(config); - + //initialize TSL module TSLConfiguration tslconfig = config.getTSLConfiguration(); @@ -131,13 +131,11 @@ public class SystemInitializer { } -// System.out.println("Hashcache 1: " + BinaryHashCache.DIR); //start TSL Update TSLUpdaterTimerTask.tslconnector_ = tslconnector; TSLUpdaterTimerTask.update(); -// System.out.println("Hashcache 2: " + BinaryHashCache.DIR); //initialize TSL Update Task initTSLUpdateTask(tslconfig); @@ -156,13 +154,13 @@ public class SystemInitializer { Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); } catch (TrustStoreException e) { Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } catch (CertificateException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); } catch (FileNotFoundException e) { Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); } catch (IOException e) { Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } + } catch (CertificateException e) { + Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); + } // set IXSIL debug output IXSILInit.setPrintDebugLog( diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 6aa34573e..7a4103957 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -60,6 +60,7 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask; import at.gv.egovernment.moa.spss.util.CertificateUtils; import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moa.spss.util.QCSSCDResult; /** * A class providing an interface to the @@ -185,6 +186,8 @@ public class CMSSignatureVerificationInvoker { } } + QCSSCDResult qcsscdresult = new QCSSCDResult(); + // build the response: for each signatory add the result to the response signatories = request.getSignatories(); if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) { @@ -192,61 +195,28 @@ public class CMSSignatureVerificationInvoker { for (resultIter = results.iterator(); resultIter.hasNext();) { result = (CMSSignatureVerificationResult) resultIter.next(); - boolean sscdSourceTSL = false; - boolean qcSourceTSL = false; - - boolean checkQC = false; - boolean checkSSCD = false; - - List chain = result.getCertificateValidationResult().getCertificateChain(); - // check QC and SSCD via TSL (if enabled) - boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), chain); - boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), chain); - - if (!checkSSCDFromTSL) { - - boolean checkQCPPlus = CertificateUtils.checkQCPPlus((X509Certificate)chain.get(0)); - boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD((X509Certificate)chain.get(0)); - - if (checkQCPPlus) - checkSSCD = true; - if (checkQcEuSSCD) - checkSSCD = true; - - sscdSourceTSL = false; - - System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL); - System.out.println("checkQCPPlus: " + checkQCPPlus); - System.out.println("checkQcEuSSCD: " + checkQcEuSSCD); - } - else { - checkSSCD = true; - sscdSourceTSL = true; - } - - if (!checkQCFromTSL) { - - boolean checkQCP = CertificateUtils.checkQCP((X509Certificate)chain.get(0)); - boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance((X509Certificate)chain.get(0)); - - if (checkQCP) - checkQC = true; - if (checkQcEuCompliance) - checkQC = true; - - qcSourceTSL = false; - - System.out.println("checkQCFromTSL: " + checkQCFromTSL); - System.out.println("checkQCP: " + checkQCP); - System.out.println("checkQcEuCompliance: " + checkQcEuCompliance); - } - else { - checkQC = true; - qcSourceTSL = true; + String issuerCountryCode = null; + // QC/SSCD check + List list = result.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while(it.hasNext()) { + chain[i] = (X509Certificate)it.next(); + i++; + } + + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); + } - - responseBuilder.addResult(result, trustProfile, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL); + responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode); } } else { int i; @@ -257,64 +227,27 @@ public class CMSSignatureVerificationInvoker { try { result = (CMSSignatureVerificationResult) results.get(signatories[i] - 1); - boolean sscdSourceTSL = false; - boolean qcSourceTSL = false; - boolean checkQC = false; - boolean checkSSCD = false; - - List chain = result.getCertificateValidationResult().getCertificateChain(); - // check QC and SSCD via TSL (if enabled) - boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), chain); - boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), chain); - - if (!checkSSCDFromTSL) { - - boolean checkQCPPlus = CertificateUtils.checkQCPPlus((X509Certificate)chain.get(0)); - boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD((X509Certificate)chain.get(0)); - - if (checkQCPPlus) - checkSSCD = true; - if (checkQcEuSSCD) - checkSSCD = true; - - sscdSourceTSL = false; - - System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL); - System.out.println("checkQCPPlus: " + checkQCPPlus); - System.out.println("checkQcEuSSCD: " + checkQcEuSSCD); - } - else { - checkSSCD = true; - sscdSourceTSL = true; - } - - if (!checkQCFromTSL) { - - boolean checkQCP = CertificateUtils.checkQCP((X509Certificate)chain.get(0)); - boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance((X509Certificate)chain.get(0)); - - if (checkQCP) - checkQC = true; - if (checkQcEuCompliance) - checkQC = true; - - qcSourceTSL = false; - - System.out.println("checkQCFromTSL: " + checkQCFromTSL); - System.out.println("checkQCP: " + checkQCP); - System.out.println("checkQcEuCompliance: " + checkQcEuCompliance); - - } - else { - checkQC = true; - qcSourceTSL = true; + String issuerCountryCode = null; + // QC/SSCD check + List list = result.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int j = 0; + while(it.hasNext()) { + chain[j] = (X509Certificate)it.next(); + j++; + } + + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); + + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); } - - - - responseBuilder.addResult(result, trustProfile, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL); + responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode); } catch (IndexOutOfBoundsException e) { throw new MOAApplicationException( "2249", @@ -326,65 +259,7 @@ public class CMSSignatureVerificationInvoker { return responseBuilder.getResponse(); } - private boolean checkQC(boolean tslEnabledTrustProfile, List chainlist) { - boolean checkQCFromTSL = false; - try { - if (tslEnabledTrustProfile) { - if (chainlist != null) { - X509Certificate[] chain = new X509Certificate[chainlist.size()]; - - Iterator it = chainlist.iterator(); - int i = 0; - while(it.hasNext()) { - chain[i] = (X509Certificate)it.next(); - i++; - } - - checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain); - //checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain); - } - } - } - catch (TSLEngineDiedException e) { - MessageProvider msg = MessageProvider.getInstance(); - Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); - } catch (TSLSearchException e) { - MessageProvider msg = MessageProvider.getInstance(); - Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); - } - - return checkQCFromTSL; - } - - private boolean checkSSCD(boolean tslEnabledTrustProfile, List chainlist) { - boolean checkSSCDFromTSL = false; - try { - if (tslEnabledTrustProfile) { - if (chainlist != null) { - X509Certificate[] chain = new X509Certificate[chainlist.size()]; - - Iterator it = chainlist.iterator(); - int i = 0; - while(it.hasNext()) { - chain[i] = (X509Certificate)it.next(); - i++; - } - - checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain); - } - } - } - catch (TSLEngineDiedException e) { - MessageProvider msg = MessageProvider.getInstance(); - Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); - } catch (TSLSearchException e) { - MessageProvider msg = MessageProvider.getInstance(); - Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); - } - - return checkSSCDFromTSL; - } - + /** * Get the signed content contained either in the request itself or given as a * reference to external data. diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index f44cce62a..1ea10cb4e 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -79,7 +79,7 @@ public class VerifyCMSSignatureResponseBuilder { * otherwise <code>false</code>. * @throws MOAException */ - public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL) + public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode) throws MOAException { CertificateValidationResult certResult = @@ -104,7 +104,8 @@ public class VerifyCMSSignatureResponseBuilder { certResult.isPublicAuthorityCertificate(), certResult.getPublicAuthorityID(), checkSSCD, - sscdSourceTSL); + sscdSourceTSL, + issuerCountryCode); // add SignatureCheck element signatureCheck = factory.createCheckResult(signatureCheckCode, null); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index 4fdb1eeb7..193495171 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -142,7 +142,8 @@ public class VerifyXMLSignatureResponseBuilder { boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, - boolean isTSLEnabledTrustprofile) + boolean isTSLEnabledTrustprofile, + String issuerCountryCode) throws MOAApplicationException { CertificateValidationResult certResult = @@ -167,7 +168,8 @@ public class VerifyXMLSignatureResponseBuilder { certResult.isPublicAuthorityCertificate(), certResult.getPublicAuthorityID(), checkSSCD, - sscdSourceTSL); + sscdSourceTSL, + issuerCountryCode); // Create HashInputData Content objects referenceDataList = result.getReferenceDataList(); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index c3cc8bfe8..c90bc534a 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -24,10 +24,7 @@ package at.gv.egovernment.moa.spss.server.invoke; -import at.gv.egovernment.moa.spss.util.CertificateUtils; - import iaik.ixsil.exceptions.URIException; - import iaik.ixsil.util.URI; import iaik.server.modules.IAIKException; import iaik.server.modules.IAIKRuntimeException; @@ -43,8 +40,6 @@ import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory; import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile; import iaik.server.modules.xmlverify.XMLSignatureVerificationResult; import iaik.x509.X509Certificate; -import iaik.xml.crypto.tsl.ex.TSLEngineDiedException; -import iaik.xml.crypto.tsl.ex.TSLSearchException; import java.io.File; import java.io.FileInputStream; @@ -90,8 +85,9 @@ import at.gv.egovernment.moa.spss.server.logging.IaikLog; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; -import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask; +import at.gv.egovernment.moa.spss.util.CertificateUtils; import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moa.spss.util.QCSSCDResult; import at.gv.egovernment.moa.util.CollectionUtils; import at.gv.egovernment.moa.util.Constants; @@ -211,12 +207,7 @@ public class XMLSignatureVerificationInvoker { requestElement); } - boolean sscdSourceTSL = false; - boolean qcSourceTSL = false; - - boolean checkQC = false; - boolean checkSSCD = false; - + QCSSCDResult qcsscdresult = new QCSSCDResult(); String tpID = profile.getCertificateValidationProfile().getTrustStoreProfile().getId(); ConfigurationProvider config = ConfigurationProvider.getInstance(); TrustProfile tp = config.getTrustProfile(tpID); @@ -242,73 +233,27 @@ public class XMLSignatureVerificationInvoker { MOAException moaException = IaikExceptionMapper.getInstance().map(e); throw moaException; } - try { - if (tp.isTSLEnabled()) { - List list = result.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int i = 0; - while(it.hasNext()) { - chain[i] = (X509Certificate)it.next(); - i++; - } - - boolean checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain); - boolean checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain); - - if (!checkSSCDFromTSL) { - - boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]); - boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]); - - if (checkQCPPlus) - checkSSCD = true; - if (checkQcEuSSCD) - checkSSCD = true; - - sscdSourceTSL = false; - } - else { - checkSSCD = true; - sscdSourceTSL = true; - } - - if (!checkQCFromTSL) { - - boolean checkQCP = CertificateUtils.checkQCP(chain[0]); - boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); - - if (checkQCP) - checkQC = true; - if (checkQcEuCompliance) - checkQC = true; - - qcSourceTSL = false; - } - else { - checkQC = true; - qcSourceTSL = true; - } - -// System.out.println("chain[0]: " + chain[0]); -// -// System.out.println("checkQCFromTSL: " + checkQCFromTSL); -// System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL); -// System.out.println("checkQCPPlus: " + checkQCPPlus); -// System.out.println("checkQcEuSSCD: " + checkQcEuSSCD); + + + // QC/SSCD check + List list = result.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while(it.hasNext()) { + chain[i] = (X509Certificate)it.next(); + i++; } - } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, tp.isTSLEnabled()); } - catch (TSLEngineDiedException e) { - MessageProvider msg = MessageProvider.getInstance(); - Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); - } catch (TSLSearchException e) { - MessageProvider msg = MessageProvider.getInstance(); - Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); - } + + // get signer certificate issuer country code + String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); + // swap back in the request as root document if (requestElement != signatureEnvironment.getElement()) { requestElement.getOwnerDocument().replaceChild( @@ -325,14 +270,9 @@ public class XMLSignatureVerificationInvoker { TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); CheckResult certificateCheck = validateSignerCertificate(result, trustProfile); -// System.out.println("checkQC: " + checkQC); -// System.out.println("qcSourceTSL: " + qcSourceTSL); -// System.out.println("checkSSCD: " + checkSSCD); -// System.out.println("sscdSourceTSL: " + sscdSourceTSL); // build the response - responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL, tp.isTSLEnabled()); - + responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode); return responseBuilder.getResponse(); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java index 49f715cb8..07da0a998 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java @@ -83,6 +83,15 @@ public class TSLConnector implements TSLConnectorInterface { return updateAndGetQualifiedCACertificates(dateTime, null, serviceLevelStatus);
}
+ public void updateTSLs(Date dateTime,
+ String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {
+
+ if (Configurator.is_isInitialised() == false)
+ new TSLEngineFatalException("The TSL Engine is not initialized!");
+
+ updateTSLs(dateTime, null, serviceLevelStatus);
+ }
+
public ArrayList<File> updateAndGetQualifiedCACertificates(Date dateTime,
String[] countries, String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {
@@ -326,6 +335,249 @@ public class TSLConnector implements TSLConnectorInterface { return getQualifiedCACertificates(dateTime, countries, serviceLevelStatus);
}
+ public void updateTSLs(Date dateTime,
+ String[] countries, String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {
+
+ if (Configurator.is_isInitialised() == false)
+ new TSLEngineFatalException("The TSL Engine is not initialized!");
+
+ String tsldownloaddir = Configurator.get_TSLWorkingDirectoryPath() + "TslDownload";
+
+// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
+// System.out.println("hashcachedir: " + hashcachedir);
+// if (hashcachedir==null)
+// hashcachedir = DEFAULT_HASHCACHE_DIR;
+
+// File hashcachefile = new File(hashcachedir);
+// File[] filelist = hashcachefile.listFiles();
+// if (filelist != null) {
+// for (File f : filelist)
+// f.delete();
+// }
+
+ File tsldownloadfile = new File(tsldownloaddir);
+ if (!tsldownloadfile.exists()) {
+ tsldownloadfile.mkdir();
+ }
+ File[] tslfilelist = tsldownloadfile.listFiles();
+ if (tslfilelist != null) {
+ for (File f : tslfilelist)
+ f.delete();
+ }
+
+ //create sqlLite database
+ File dbFile = new File(Configurator.get_TempdbFile());
+ try {
+ dbFile.delete();
+ dbFile.createNewFile();
+ } catch (IOException e) {
+ throw new TSLEngineDiedException("Could not create temporary data base file", e);
+ }
+
+ //the TSL library uses the iaik.util.logging environment.
+ //iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.WARN);
+ iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.OFF);
+
+ log.info("Starting EU TSL import.");
+
+ // Certificates in Germany, Estonia, Greece, Cyprus,
+ // Lithuainia, Hungary, Poland, Finland, Norway use SURNAME
+ log.debug("### SURNAME registered as " + ObjectID.surName + " ###");
+ RFC2253NameParser.register("SURNAME", ObjectID.surName);
+
+ XSecProvider.addAsProvider(false);
+
+ TSLEngine tslEngine;
+ TslSqlConnectionWrapper connection = null;
+
+ try {
+ // register the Https JSSE Wrapper
+ TLS.register();
+ log.trace("### Https JSSE Wrapper registered ###");
+
+
+ log.debug("### Connect to Database.###");
+ connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);
+
+ log.trace("### Connected ###");
+
+ // empty the database and recreate the tables
+ tslEngine = new TSLEngine(dbFile, Configurator.get_TSLWorkingDirectoryPath(),
+ connection, true, true);
+
+ } catch (TSLEngineFatalException e1) {
+ throw new TSLEngineDiedException(e1);
+
+ }
+
+ // H.2.2.1 Same-scheme searching
+ // H.2.2.2 Known scheme searching
+ // H.2.2.3 "Blind" (unknown) scheme searching
+ Number tId = null;
+ Countries euTerritory = Countries.EU;
+ TSLImportContext topLevelTslContext = new TSLEUImportFromFileContext(
+ euTerritory, Configurator.get_euTSLURL(), Configurator.get_TSLWorkingDirectoryPath(),
+ Configurator.is_sqlMultithreaded(),
+ Configurator.is_throwExceptions(), Configurator.is_logExceptions(),
+ Configurator.is_throwWarnings(), Configurator.is_logWarnings(),
+ Configurator.is_nullRedundancies());
+
+ TSLEngineEU tslengineEU;
+ try {
+ tslengineEU = tslEngine.new TSLEngineEU();
+
+ } catch (TSLEngineFatalException e1) {
+ throw new TSLEngineDiedException(e1);
+ }
+
+ // establish EU TSL trust anchor
+ ListIterator<java.security.cert.X509Certificate> expectedEuTslSignerCerts =
+ tslEngine.loadCertificatesFromResource(
+ Configurator.get_euTrustAnchorsPath(), topLevelTslContext);
+
+ log.debug("Process EU TSL");
+ // process the EU TSL to receive the pointers to the other TSLs
+ // and the trust anchors for the TSL signers
+ Set<Entry<Number, LocationAndCertHash>> pointersToMsTSLs = null;
+
+ try {
+
+ tId = tslengineEU.processEUTSL(topLevelTslContext, expectedEuTslSignerCerts);
+ log.info("Process EU TSL finished");
+
+ log.debug(Thread.currentThread() + " waiting for other threads ...");
+
+ topLevelTslContext.waitForAllOtherThreads();
+ log.debug(Thread.currentThread()
+ + " reactivated after other threads finished ...");
+
+
+ // get the TSLs pointed from the EU TSL
+ LinkedHashMap<Number, LocationAndCertHash> tslMap = tslengineEU
+ .getOtherTslMap(tId, topLevelTslContext);
+
+ pointersToMsTSLs = tslMap.entrySet();
+
+ //set Errors and Warrnings
+
+ } catch (TSLEngineFatalRuntimeException e) {
+ throw new TSLEngineDiedException(topLevelTslContext.dumpFatals());
+
+ } catch (TSLTransactionFailedRuntimeException e) {
+ throw new TSLEngineDiedException(topLevelTslContext.dumpTransactionFaliures());
+ }
+
+ //Backup implementation if the EU TSL includes a false signer certificate
+ // establish additional trust anchors for member states
+// Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {
+// Countries.CZ,
+// Countries.LU,
+// Countries.ES,
+// Countries.AT,
+// };
+ Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {};
+
+ Map<Countries, java.util.ListIterator<java.security.cert.X509Certificate>>
+ trustAnchorsWrongOnEuTsl = loadCertificatesFromResource(
+ Configurator.get_msTrustAnchorsPath(), tslEngine, topLevelTslContext,
+ countriesWithPotentiallyWrongCertsOnEuTsl);
+
+ log.info("Starting EU member TSL import.");
+
+ for (Entry<Number, LocationAndCertHash> entry : pointersToMsTSLs) {
+
+ TSLImportContext msTslContext;
+
+ Countries expectedTerritory = entry.getValue().getSchemeTerritory();
+ try {
+
+// if (expectedTerritory.equals("RO"))
+// System.out.println("Stop");
+
+ Number otpId = entry.getKey();
+ LocationAndCertHash lac = entry.getValue();
+
+ URL uriReference = null;
+ try {
+ uriReference = new URL(lac.getUrl());
+
+ } catch (MalformedURLException e) {
+ log.warn("Could not process: " + uriReference, e);
+ continue;
+ }
+
+ String baseURI = uriReference == null ? "" : "" + uriReference;
+
+ msTslContext = new TSLImportFromFileContext(
+ expectedTerritory, uriReference, otpId, Configurator.get_TSLWorkingDirectoryPath(),
+ Configurator.is_sqlMultithreaded(),
+ Configurator.is_throwExceptions(), Configurator.is_logExceptions(),
+ Configurator.is_throwWarnings(), Configurator.is_logWarnings(),
+ Configurator.is_nullRedundancies(), baseURI, trustAnchorsWrongOnEuTsl,
+ topLevelTslContext);
+
+ ListIterator<X509Certificate> expectedTslSignerCerts = null;
+ expectedTslSignerCerts = tslEngine.getCertificates(lac, msTslContext);
+
+ if (expectedTslSignerCerts == null) {
+
+ // no signer certificate on the EU TSL
+ // ignore this msTSL and log a warning
+ log.warn("NO signer certificate found on EU TSL! "
+ + lac.getSchemeTerritory() + "TSL ignored.");
+
+ }
+ else {
+ tslEngine.processMSTSL(topLevelTslContext, msTslContext, expectedTslSignerCerts);
+ }
+
+ } catch (TSLExceptionB e) {
+ log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory()
+ + " TSL ignored.");
+ log.debug("Failed to process TSL. " + entry, e);
+ continue;
+ } catch (TSLRuntimeException e) {
+ log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory()
+ + " TSL ignored.");
+ log.debug("Failed to process TSL. " + entry, e);
+ continue;
+ }
+ }
+
+ log.debug(Thread.currentThread() + " waiting for other threads ...");
+ topLevelTslContext.waitForAllOtherThreads();
+
+ log.debug(_.dumpAllThreads());
+ log.debug(Thread.currentThread() + " reactivated after other threads finished ...");
+
+ connection = null;
+ try {
+ connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);
+ tslEngine.recreateTablesInvalidatedByImport(connection);
+
+
+ //TODO: implement database copy operation!
+ File working_database = new File(Configurator.get_dbFile());
+ working_database.delete();
+ copy(dbFile, working_database);
+
+
+ } catch (TSLEngineFatalException e) {
+ throw new TSLEngineDiedException(e);
+
+ } finally {
+ try {
+ connection.closeConnection();
+
+ } catch (TSLEngineFatalException e) {
+ throw new TSLEngineDiedException(e);
+
+ }
+ }
+
+ //return getQualifiedCACertificates(dateTime, countries, serviceLevelStatus);
+ }
+
public ArrayList<File> getQualifiedCACertificates(Date dateTime,
String[] serviceLevelStatus) throws TSLEngineDiedException,
TSLSearchException {
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java index 76be8217a..0cb18a08e 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java @@ -33,13 +33,14 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStorePro import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;
import at.gv.egovernment.moa.spss.util.MessageProvider;
-import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.StringUtils;
public class TSLUpdaterTimerTask extends TimerTask {
public static TSLConnector tslconnector_;
+
+ public static ConfigurationData configData_ = null;
@Override
public void run() {
@@ -49,10 +50,6 @@ public class TSLUpdaterTimerTask extends TimerTask { } catch (TSLEngineDiedException e) {
MessageProvider msg = MessageProvider.getInstance();
Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
-
- // TODO wenn update nicht erfolgreich, dann soll TSL-Trustprofil nicht zur
- // Verfügung stehen?
-
} catch (TSLSearchException e) {
MessageProvider msg = MessageProvider.getInstance();
Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
@@ -68,105 +65,138 @@ public class TSLUpdaterTimerTask extends TimerTask { } catch (TrustStoreException e) {
MessageProvider msg = MessageProvider.getInstance();
Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
- } catch (CertificateException e) {
+ } catch (FileNotFoundException e) {
MessageProvider msg = MessageProvider.getInstance();
Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
- } catch (FileNotFoundException e) {
+ } catch (IOException e) {
MessageProvider msg = MessageProvider.getInstance();
Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
- } catch (IOException e) {
+ } catch (CertificateException e) {
MessageProvider msg = MessageProvider.getInstance();
Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
}
}
- public static void update() throws TSLEngineDiedException, TSLSearchException, ConfigurationException, MOAApplicationException, CertStoreException, TrustStoreException, CertificateException, FileNotFoundException, IOException {
+ public static void update() throws TSLEngineDiedException, TSLSearchException, ConfigurationException, MOAApplicationException, CertStoreException, TrustStoreException, CertificateException, IOException {
MessageProvider msg = MessageProvider.getInstance();
- //get TSl configuration
- ConfigurationProvider config = ConfigurationProvider.getInstance();
- ConfigurationData configData = new IaikConfigurator().configure(config);
- TSLConfiguration tslconfig = config.getTSLConfiguration();
- if (tslconfig != null) {
-
- Logger.info(new LogMsg(msg.getMessage("config.42", null)));
+ //TrustProfile tp = null;
+ TrustStoreProfile tsp = null;
+ StoreUpdater storeUpdater = null;
+ TransactionId tid = null;
+
+ //get TSl configuration
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ if (configData_ == null)
+ configData_ = new IaikConfigurator().configure(config);
- // get certstore parameters
- CertStoreParameters[] certStoreParameters = configData.getPKIConfiguration().getCertStoreConfiguration().getParameters();
+ TSLConfiguration tslconfig = config.getTSLConfiguration();
+ if (tslconfig != null) {
- // iterate over all truststores
- Map mapTrustProfiles = config.getTrustProfiles();
- Iterator it = mapTrustProfiles.entrySet().iterator();
- while (it.hasNext()) {
- Map.Entry pairs = (Map.Entry)it.next();
- TrustProfile tp = (TrustProfile) pairs.getValue();
- if (tp.isTSLEnabled()) {
- TrustStoreProfile tsp = new TrustStoreProfileImpl(config, tp.getId());
- TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
- trustStoreProfiles[0] = tsp;
-
- Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
-
- TransactionId tid = new TransactionId("TSLConfigurator-" + tp.getId());
- ArrayList tsl_certs = null;
- if (StringUtils.isEmpty(tp.getCountries())) {
- Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-
- // get certificates from TSL from all countries
- tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
- }
- else {
- Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
- // get selected countries as array
- String countries = tp.getCountries();
- String[] array = countries.split(",");
- for (int i = 0; i < array.length; i++)
- array[i] = array[i].trim();
-
- // get certificates from TSL from given countries
- tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
- }
-
- // create store updater for each TSL enabled truststore
- Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
- StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
-
-
- // delete files in trustprofile
- File ftp = new File(tp.getUri());
- File[] files = ftp.listFiles();
- for (File file : files)
- file.delete();
+ tslconnector_.updateTSLs(new Date(), new String[]{"accredited","undersupervision"});
+
+ Logger.info(new LogMsg(msg.getMessage("config.42", null)));
+
+ // get certstore parameters
+ CertStoreParameters[] certStoreParameters = configData_.getPKIConfiguration().getCertStoreConfiguration().getParameters();
- // convert ArrayList<File> to X509Certificate[]
- X509Certificate[] addCertificates = new X509Certificate[tsl_certs.size()];
- Iterator itcert = tsl_certs.iterator();
- int i = 0;
- while(itcert.hasNext()) {
- File f = (File)itcert.next();
- X509Certificate cert = new X509Certificate(new FileInputStream(f));
- addCertificates[i] = cert;
+ // iterate over all truststores
+ Map mapTrustProfiles = config.getTrustProfiles();
+ Iterator it = mapTrustProfiles.entrySet().iterator();
+ while (it.hasNext()) {
+ Map.Entry pairs = (Map.Entry)it.next();
+ TrustProfile tp = (TrustProfile) pairs.getValue();
+ if (tp.isTSLEnabled()) {
+ tsp = new TrustStoreProfileImpl(config, tp.getId());
+ TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
+ trustStoreProfiles[0] = tsp;
+
+ Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
+
+ tid = new TransactionId("TSLConfigurator-" + tp.getId());
+ ArrayList tsl_certs = null;
+ if (StringUtils.isEmpty(tp.getCountries())) {
+ Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+
+ // get certificates from TSL from all countries
+ tsl_certs = tslconnector_.getQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
+ }
+ else {
+ Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+ // get selected countries as array
+ String countries = tp.getCountries();
+ String[] array = countries.split(",");
+ for (int i = 0; i < array.length; i++)
+ array[i] = array[i].trim();
+
+ // get certificates from TSL from given countries
+ tsl_certs = tslconnector_.getQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
+ }
+
+ // create store updater for each TSL enabled truststore
+ Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
+ storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
+
+ // delete files in trustprofile
+
+ File ftp = new File(tp.getUri());
+ File[] files = ftp.listFiles();
+ X509Certificate[] removeCertificates = new X509Certificate[files.length];
+ int i = 0;
+ for (File file : files) {
+ FileInputStream fis = new FileInputStream(file);
+ removeCertificates[i] = new X509Certificate(fis);
+ i++;
+ fis.close();
+ //file.delete();
+ }
+
+ // remove all certificates
+ storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
+ storeUpdater.removeCertificatesFromCertStores(removeCertificates, tid);
+
- i++;
+ // copy files from original trustAnchorsLocURI into tslworking trust profile
+ File src = new File(tp.getUriOrig());
+ files = src.listFiles();
+ X509Certificate[] addCertificates = new X509Certificate[files.length];
+ i = 0;
+ for (File file : files) {
+ FileInputStream fis = new FileInputStream(file);
+ addCertificates[i] = new X509Certificate(fis);
+ //FileUtils.copyFile(file, new File(tp.getUri(), file.getName()));
+ i++;
+ fis.close();
+ }
+
+ // convert ArrayList<File> to X509Certificate[]
+ X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];
+ Iterator itcert = tsl_certs.iterator();
+ i = 0;
+ File f = null;
+ while(itcert.hasNext()) {
+ f = (File)itcert.next();
+ FileInputStream fis = new FileInputStream(f);
+ X509Certificate cert = new X509Certificate(fis);
+ addCertificatesTSL[i] = cert;
+
+ i++;
+ fis.close();
+ }
+
+ Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates."));
+ storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);
+ storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);
+
+ Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
+ storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+ storeUpdater.addCertificatesToCertStores(addCertificates, tid);
+
+
}
-
-
- // copy files from original trustAnchorsLocURI into tslworking trust profile
- File src = new File(tp.getUriOrig());
- files = src.listFiles();
- for (File file : files) {
- FileUtils.copyFile(file, new File(tp.getUri(), file.getName()));
- }
-
- Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
- storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
- storeUpdater.addCertificatesToCertStores(addCertificates, tid);
-
-
}
}
- }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java new file mode 100644 index 000000000..544ea916c --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java @@ -0,0 +1,286 @@ +package at.gv.egovernment.moa.spss.util; + +import iaik.asn1.ObjectID; +import iaik.asn1.structures.Name; +import iaik.asn1.structures.PolicyInformation; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; +import iaik.x509.extensions.CertificatePolicies; +import iaik.x509.extensions.qualified.QCStatements; +import iaik.x509.extensions.qualified.structures.QCStatement; +import iaik.x509.extensions.qualified.structures.etsi.QcEuCompliance; +import iaik.x509.extensions.qualified.structures.etsi.QcEuSSCD; +import iaik.xml.crypto.tsl.ex.TSLEngineDiedException; +import iaik.xml.crypto.tsl.ex.TSLSearchException; + +import java.security.Principal; + +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask; + +public class CertificateUtils { + + + /** + * Verifies if the given certificate contains QCP+ statement + * @param cert X509Certificate + * @return true if the given certificate contains QCP+ statement, else false + */ + private static boolean checkQCPPlus(X509Certificate cert) { + Logger.debug("Checking QCP+ extension"); + String OID_QCPPlus = "0.4.0.1456.1.1"; + try { + CertificatePolicies certPol = (CertificatePolicies) cert.getExtension(CertificatePolicies.oid); + if (certPol == null) { + Logger.debug("No CertificatePolicies extension found"); + return false; + } + + PolicyInformation[] polInfo = certPol.getPolicyInformation(); + if (polInfo == null) { + Logger.debug("No policy information found"); + return false; + } + + for (int i = 0; i < polInfo.length; i++) { + ObjectID oid = polInfo[i].getPolicyIdentifier(); + String oidStr = oid.getID(); + if (oidStr.compareToIgnoreCase(OID_QCPPlus) == 0) { + Logger.debug("QCP+ extension found"); + return true; + } + } + + Logger.debug("No QCP+ extension found"); + + return false; + } catch (X509ExtensionInitException e) { + Logger.debug("No QCP+ extension found"); + + return false; + } + + } + + /** + * Verifies if the given certificate contains QCP statement + * @param cert X509Certificate + * @return true if the given certificate contains QCP statement, else false + */ + private static boolean checkQCP(X509Certificate cert) { + Logger.debug("Checking QCP extension"); + String OID_QCP = "0.4.0.1456.1.2"; + try { + CertificatePolicies certPol = (CertificatePolicies) cert.getExtension(CertificatePolicies.oid); + if (certPol == null) { + Logger.debug("No CertificatePolicies extension found"); + return false; + } + + PolicyInformation[] polInfo = certPol.getPolicyInformation(); + if (polInfo == null) { + Logger.debug("No policy information found"); + return false; + } + + for (int i = 0; i < polInfo.length; i++) { + ObjectID oid = polInfo[i].getPolicyIdentifier(); + String oidStr = oid.getID(); + if (oidStr.compareToIgnoreCase(OID_QCP) == 0) { + Logger.debug("QCP extension found"); + return true; + } + + } + + Logger.debug("No QCP extension found"); + return false; + + } catch (X509ExtensionInitException e) { + Logger.debug("No QCP extension found"); + return false; + } + + } + + /** + * Verifies if the given certificate contains QcEuCompliance statement + * @param cert X509Certificate + * @return true if the given certificate contains QcEuCompliance statement, else false + */ + private static boolean checkQcEuCompliance(X509Certificate cert) { + Logger.debug("Checking QcEUCompliance extension"); + try { + QCStatements qcStatements = (QCStatements) cert.getExtension(QCStatements.oid); + + if (qcStatements == null) { + Logger.debug("No QcStatements extension found"); + return false; + } + + QCStatement qcEuCompliance = qcStatements.getQCStatements(QcEuCompliance.statementID); + + if (qcEuCompliance != null) { + Logger.debug("QcEuCompliance extension found"); + return true; + } + + Logger.debug("No QcEuCompliance extension found"); + return false; + + } catch (X509ExtensionInitException e) { + Logger.debug("No QcEuCompliance extension found"); + return false; + } + + } + + /** + * Verifies if the given certificate contains QcEuSSCD statement + * @param cert X509Certificate + * @return true if the given certificate contains QcEuSSCD statement, else false + */ + private static boolean checkQcEuSSCD(X509Certificate cert) { + Logger.debug("Checking QcEuSSCD extension"); + try { + QCStatements qcStatements = (QCStatements) cert.getExtension(QCStatements.oid); + if (qcStatements == null) { + Logger.debug("No QcStatements extension found"); + return false; + } + + QCStatement qcEuSSCD = qcStatements.getQCStatements(QcEuSSCD.statementID); + + if (qcEuSSCD != null) { + Logger.debug("QcEuSSCD extension found"); + return true; + } + + Logger.debug("No QcEuSSCD extension found"); + return false; + + } catch (X509ExtensionInitException e) { + Logger.debug("No QcEuSSCD extension found"); + return false; + } + + } + + public static QCSSCDResult checkQCSSCD(X509Certificate[] chain, boolean isTSLenabledTrustprofile) { + + boolean qc = false; + boolean qcSourceTSL = false; + boolean sscd = false; + boolean sscdSourceTSL = false; + + try { + + if (isTSLenabledTrustprofile) { + // perform QC check via TSL + boolean checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain); + if (!checkQCFromTSL) { + // if QC check via TSL returns false + // try certificate extensions QCP and QcEuCompliance + Logger.debug("QC check via TSL returned false - checking certificate extensions"); + boolean checkQCP = CertificateUtils.checkQCP(chain[0]); + boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); + + if (checkQCP || checkQcEuCompliance) { + Logger.debug("Certificate is QC (Source: Certificate)"); + qc = true; + } + + qcSourceTSL = false; + } + else { + // use TSL result + Logger.debug("Certificate is QC (Source: TSL)"); + qc = true; + qcSourceTSL = true; + } + + // perform SSCD check via TSL + boolean checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain); + if (!checkSSCDFromTSL) { + // if SSCD check via TSL returns false + // try certificate extensions QCP+ and QcEuSSCD + Logger.debug("SSCD check via TSL returned false - checking certificate extensions"); + boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]); + boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]); + + if (checkQCPPlus || checkQcEuSSCD) { + Logger.debug("Certificate is SSCD (Source: Certificate)"); + sscd = true; + } + + sscdSourceTSL = false; + } + else { + // use TSL result + Logger.debug("Certificate is SSCD (Source: TSL)"); + sscd = true; + sscdSourceTSL = true; + } + + } + else { + // Trustprofile is not TSL enabled - use certificate extensions only + + // perform QC check + // try certificate extensions QCP and QcEuCompliance + boolean checkQCP = CertificateUtils.checkQCP(chain[0]); + boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); + + if (checkQCP || checkQcEuCompliance) + qc = true; + + qcSourceTSL = false; + + // perform SSCD check + // try certificate extensions QCP+ and QcEuSSCD + boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]); + boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]); + + if (checkQCPPlus || checkQcEuSSCD) + sscd = true; + + sscdSourceTSL = false; + } + } + catch (TSLEngineDiedException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); + } catch (TSLSearchException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); + } + + QCSSCDResult result = new QCSSCDResult(qc, qcSourceTSL, sscd, sscdSourceTSL); + + return result; + } + + /** + * Gets the country from the certificate issuer + * @param cert X509 certificate + * @return Country code from the certificate issuer + */ + public static String getIssuerCountry(X509Certificate cert) { + String country = null; + Principal issuerdn = cert.getIssuerX500Principal(); + RFC2253NameParser nameParser = new RFC2253NameParser(issuerdn.getName()); + + try { + Name name = nameParser.parse(); + country = name.getRDN(ObjectID.country); + } catch (RFC2253NameParserException e) { + Logger.warn("Could not get country code from issuer."); + } + + + return country; + } +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java new file mode 100644 index 000000000..99af84308 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.spss.util; + +public class QCSSCDResult { + + private boolean qc; + private boolean qcSourceTSL; + + private boolean sscd; + private boolean sscdSourceTSL; + + public QCSSCDResult() { + this.qc = false; + this.qcSourceTSL = false; + this.sscd = false; + this.sscdSourceTSL = false; + } + + public QCSSCDResult(boolean qc, boolean qcSourceTSL, boolean sscd, boolean sscdSourceTSL) { + this.qc = qc; + this.qcSourceTSL = qcSourceTSL; + this.sscd = sscd; + this.sscdSourceTSL = sscdSourceTSL; + } + + public boolean isQC() { + return this.qc; + } + public boolean isQCSourceTSL() { + return this.qcSourceTSL; + } + public boolean isSSCD() { + return this.sscd; + } + public boolean isSSCDSourceTSL() { + return this.sscdSourceTSL; + } +} diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml index 101b16882..4372c76d0 100644 --- a/spss/server/serverws/pom.xml +++ b/spss/server/serverws/pom.xml @@ -38,7 +38,8 @@ <directory>${basedir}/resources/wsdl</directory> <targetPath>resources/schemas</targetPath> <includes> - <inclulde>*.xsd</inclulde> + <include>*.xsd</include> + <include>*.wsdl</include> </includes> </resource> <resource> diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl deleted file mode 100644 index 135f26f68..000000000 --- a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.wsdl +++ /dev/null @@ -1,128 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Web Service Description for MOA SP/SS 1.4 ---> -<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> - <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-1.5.2.xsd"/> - <message name="CreateCMSSignatureInput"> - <part name="body" element="moa:CreateCMSSignatureRequest"/> - </message> - <message name="CreateCMSSignatureOutput"> - <part name="body" element="moa:CreateCMSSignatureResponse"/> - </message> - <message name="CreateXMLSignatureInput"> - <part name="body" element="moa:CreateXMLSignatureRequest"/> - </message> - <message name="CreateXMLSignatureOutput"> - <part name="body" element="moa:CreateXMLSignatureResponse"/> - </message> - <message name="VerifyCMSSignatureInput"> - <part name="body" element="moa:VerifyCMSSignatureRequest"/> - </message> - <message name="VerifyCMSSignatureOutput"> - <part name="body" element="moa:VerifyCMSSignatureResponse"/> - </message> - <message name="VerifyXMLSignatureInput"> - <part name="body" element="moa:VerifyXMLSignatureRequest"/> - </message> - <message name="VerifyXMLSignatureOutput"> - <part name="body" element="moa:VerifyXMLSignatureResponse"/> - </message> - <message name="MOAFault"> - <part name="body" element="moa:ErrorResponse"/> - </message> - <portType name="SignatureCreationPortType"> - <operation name="createXMLSignature"> - <input message="tns:CreateXMLSignatureInput"/> - <output message="tns:CreateXMLSignatureOutput"/> - <fault name="MOAFault" message="tns:MOAFault"/> - </operation> - <operation name="createCMSSignature"> - <input message="tns:CreateCMSSignatureInput"/> - <output message="tns:CreateCMSSignatureOutput"/> - <fault name="MOAFault" message="tns:MOAFault"/> - </operation> - </portType> - <portType name="SignatureVerificationPortType"> - <operation name="verifyCMSSignature"> - <input message="tns:VerifyCMSSignatureInput"/> - <output message="tns:VerifyCMSSignatureOutput"/> - <fault name="MOAFault" message="tns:MOAFault"/> - </operation> - <operation name="verifyXMLSignature"> - <input message="tns:VerifyXMLSignatureInput"/> - <output message="tns:VerifyXMLSignatureOutput"/> - <fault name="MOAFault" message="tns:MOAFault"/> - </operation> - </portType> - <binding name="SignatureCreationBinding" type="tns:SignatureCreationPortType"> - <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> - <operation name="createXMLSignature"> - <soap:operation soapAction="urn:CreateXMLSignatureAction"/> - <input> - <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> - </input> - <output> - <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> - </output> - <fault name="MOAFault"> - <soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> - </fault> - </operation> - <operation name="createCMSSignature"> - <soap:operation soapAction="urn:CreateCMSSignatureAction"/> - <input> - <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> - </input> - <output> - <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> - </output> - <fault name="MOAFault"> - <soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> - </fault> - </operation> - </binding> - <binding name="SignatureVerificationBinding" type="tns:SignatureVerificationPortType"> - <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> - <operation name="verifyCMSSignature"> - <soap:operation soapAction="urn:VerifyCMSSignatureAction"/> - <input> - <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> - </input> - <output> - <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> - </output> - <fault name="MOAFault"> - <soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> - </fault> - </operation> - <operation name="verifyXMLSignature"> - <soap:operation soapAction="urn:VerifyXMLSignatureAction"/> - <input> - <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> - </input> - <output> - <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> - </output> - <fault name="MOAFault"> - <soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/> - </fault> - </operation> - </binding> - <service name="SignatureCreationService"> - <port name="SignatureCreationPort" binding="tns:SignatureCreationBinding"> - <!-- - Please note that the location URL must be adapted to the actual service URL. - <soap:address location="http://localhost/moa-spss/services/SignatureCreation"/> - --> - </port> - </service> - <service name="SignatureVerificationService"> - <port name="SignatureVerificationPort" binding="tns:SignatureVerificationBinding"> - <!-- - Please note that the location URL must be adapted to the actual service URL. - <soap:address location="http://localhost/moa-spss/services/SignatureVerification"/> - --> - </port> - </service> -</definitions> diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd deleted file mode 100644 index 06232f189..000000000 --- a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd +++ /dev/null @@ -1,551 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - MOA SP/SS 1.5.2 Schema ---> -<xsd:schema xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2"> - <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/> - <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/> - <!--########## Create CMS Signature ###--> - <!--### Create CMS Signature Request ###--> - <xsd:element name="CreateCMSSignatureRequest"> - <xsd:complexType> - <xsd:complexContent> - <xsd:extension base="CreateCMSSignatureRequestType"/> - </xsd:complexContent> - </xsd:complexType> - </xsd:element> - <xsd:complexType name="CreateCMSSignatureRequestType"> - <xsd:sequence> - <xsd:element name="KeyIdentifier" type="KeyIdentifierType"/> - <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded"> - <xsd:annotation> - <xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation> - </xsd:annotation> - <xsd:complexType> - <xsd:sequence> - <xsd:element name="DataObjectInfo" maxOccurs="unbounded"> - <xsd:complexType> - <xsd:complexContent> - <xsd:extension base="CMSDataObjectInfoType"/> - </xsd:complexContent> - </xsd:complexType> - </xsd:element> - </xsd:sequence> - <xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/> - </xsd:complexType> - </xsd:element> - </xsd:sequence> - </xsd:complexType> - <!--### Create CMS Signature Response ###--> - <xsd:element name="CreateCMSSignatureResponse" type="CreateCMSSignatureResponseType"/> - <xsd:complexType name="CreateCMSSignatureResponseType"> - <xsd:choice maxOccurs="unbounded"> - <xsd:annotation> - <xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation> - </xsd:annotation> - <xsd:element name="CMSSignature" type="xsd:base64Binary"> - <xsd:annotation> - <xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation> - </xsd:annotation> - </xsd:element> - <xsd:element ref="ErrorResponse"/> - </xsd:choice> - </xsd:complexType> - <!--########## Create XML Signature ###--> - <!--### Create XML Signature Request ###--> - <xsd:element name="CreateXMLSignatureRequest"> - <xsd:complexType> - <xsd:complexContent> - <xsd:extension base="CreateXMLSignatureRequestType"/> - </xsd:complexContent> - </xsd:complexType> - </xsd:element> - <xsd:complexType name="CreateXMLSignatureRequestType"> - <xsd:sequence> - <xsd:element name="KeyIdentifier" type="KeyIdentifierType"/> - <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded"> - <xsd:annotation> - <xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation> - </xsd:annotation> - <xsd:complexType> - <xsd:sequence> - <xsd:element name="DataObjectInfo" maxOccurs="unbounded"> - <xsd:complexType> - <xsd:complexContent> - <xsd:extension base="DataObjectInfoType"> - <xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/> - </xsd:extension> - </xsd:complexContent> - </xsd:complexType> - </xsd:element> - <xsd:element name="CreateSignatureInfo" minOccurs="0"> - <xsd:complexType> - <xsd:sequence> - <xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/> - <xsd:choice> - <xsd:annotation> - <xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation> - </xsd:annotation> - <xsd:element ref="CreateSignatureEnvironmentProfile"/> - <xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/> - </xsd:choice> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - </xsd:sequence> - <xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/> - </xsd:complexType> - </xsd:element> - </xsd:sequence> - </xsd:complexType> - <!--### Create XML Signature Response ###--> - <xsd:complexType name="CreateXMLSignatureResponseType"> - <xsd:choice maxOccurs="unbounded"> - <xsd:annotation> - <xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation> - </xsd:annotation> - <xsd:element name="SignatureEnvironment"> - <xsd:annotation> - <xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation> - </xsd:annotation> - <xsd:complexType> - <xsd:sequence> - <xsd:any namespace="##any" processContents="lax"/> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:element ref="ErrorResponse"/> - </xsd:choice> - </xsd:complexType> - <xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/> - <!--########## Verify CMS Signature ###--> - <!--### Verifiy CMS Signature Request ###--> - <xsd:element name="VerifyCMSSignatureRequest"> - <xsd:complexType> - <xsd:complexContent> - <xsd:extension base="VerifyCMSSignatureRequestType"> - <xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/> - </xsd:extension> - </xsd:complexContent> - </xsd:complexType> - </xsd:element> - <xsd:complexType name="VerifyCMSSignatureRequestType"> - <xsd:sequence> - <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/> - <xsd:element name="CMSSignature" type="xsd:base64Binary"/> - <xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/> - <xsd:element name="TrustProfileID" type="xsd:token"> - <xsd:annotation> - <xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation> - </xsd:annotation> - </xsd:element> - </xsd:sequence> - </xsd:complexType> - <!--### Verify CMS Signature Response ###--> - <xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/> - <xsd:complexType name="VerifyCMSSignatureResponseType"> - <xsd:sequence maxOccurs="unbounded"> - <xsd:element name="SignerInfo" type="dsig:KeyInfoType"> - <xsd:annotation> - <xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any</xsd:documentation> - </xsd:annotation> - </xsd:element> - <xsd:element name="SignatureCheck" type="CheckResultType"/> - <xsd:element name="CertificateCheck" type="CheckResultType"/> - </xsd:sequence> - </xsd:complexType> - <!--########## Verify XML Signature ###--> - <!--### Verify XML Signature Request ###--> - <xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/> - <xsd:complexType name="VerifyXMLSignatureRequestType"> - <xsd:sequence> - <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/> - <xsd:element name="VerifySignatureInfo"> - <xsd:complexType> - <xsd:sequence> - <xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/> - <xsd:element name="VerifySignatureLocation" type="xsd:token"/> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:choice minOccurs="0" maxOccurs="unbounded"> - <xsd:element ref="SupplementProfile"/> - <xsd:element name="SupplementProfileID" type="xsd:string"/> - </xsd:choice> - <xsd:element name="SignatureManifestCheckParams" minOccurs="0"> - <xsd:complexType> - <xsd:sequence> - <xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded"> - <xsd:annotation> - <xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation> - </xsd:annotation> - </xsd:element> - </xsd:sequence> - <xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/> - </xsd:complexType> - </xsd:element> - <xsd:element name="ReturnHashInputData" minOccurs="0"/> - <xsd:element name="TrustProfileID" type="xsd:token"> - <xsd:annotation> - <xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation> - </xsd:annotation> - </xsd:element> - </xsd:sequence> - </xsd:complexType> - <!--### Verify XML Signature Response ###--> - <xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/> - <xsd:complexType name="VerifyXMLSignatureResponseType"> - <xsd:sequence> - <xsd:element name="SignerInfo" type="dsig:KeyInfoType"> - <xsd:annotation> - <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any</xsd:documentation> - </xsd:annotation> - </xsd:element> - <xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/> - <xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/> - <xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/> - <xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/> - <xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/> - <xsd:element name="CertificateCheck" type="CheckResultType"/> - </xsd:sequence> - </xsd:complexType> - <xsd:simpleType name="ProfileIdentifierType"> - <xsd:restriction base="xsd:token"/> - </xsd:simpleType> - <xsd:complexType name="InputDataType"> - <xsd:complexContent> - <xsd:extension base="ContentExLocRefBaseType"> - <xsd:attribute name="PartOf" use="optional" default="SignedInfo"> - <xsd:simpleType> - <xsd:restriction base="xsd:token"> - <xsd:enumeration value="SignedInfo"/> - <xsd:enumeration value="XMLDSIGManifest"/> - </xsd:restriction> - </xsd:simpleType> - </xsd:attribute> - <xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/> - </xsd:extension> - </xsd:complexContent> - </xsd:complexType> - <xsd:complexType name="MetaInfoType"> - <xsd:sequence> - <xsd:element name="MimeType" type="MimeTypeType"/> - <xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/> - <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/> - </xsd:sequence> - </xsd:complexType> - <xsd:complexType name="FinalDataMetaInfoType"> - <xsd:complexContent> - <xsd:extension base="MetaInfoType"> - <xsd:sequence> - <xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/> - </xsd:sequence> - </xsd:extension> - </xsd:complexContent> - </xsd:complexType> - <xsd:complexType name="DataObjectInfoType"> - <xsd:sequence> - <xsd:element name="DataObject"> - <xsd:complexType> - <xsd:complexContent> - <xsd:extension base="ContentOptionalRefType"/> - </xsd:complexContent> - </xsd:complexType> - </xsd:element> - <xsd:choice> - <xsd:annotation> - <xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation> - </xsd:annotation> - <xsd:element ref="CreateTransformsInfoProfile"/> - <xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/> - </xsd:choice> - </xsd:sequence> - <xsd:attribute name="Structure" use="required"> - <xsd:simpleType> - <xsd:restriction base="xsd:string"> - <xsd:enumeration value="detached"/> - <xsd:enumeration value="enveloping"/> - </xsd:restriction> - </xsd:simpleType> - </xsd:attribute> - </xsd:complexType> - <xsd:complexType name="CMSDataObjectInfoType"> - <xsd:sequence> - <xsd:element name="DataObject"> - <xsd:complexType> - <xsd:complexContent> - <xsd:extension base="CMSDataObjectRequiredMetaType"/> - </xsd:complexContent> - </xsd:complexType> - </xsd:element> - </xsd:sequence> - <xsd:attribute name="Structure" use="required"> - <xsd:simpleType> - <xsd:restriction base="xsd:string"> - <xsd:enumeration value="detached"/> - <xsd:enumeration value="enveloping"/> - </xsd:restriction> - </xsd:simpleType> - </xsd:attribute> - </xsd:complexType> - <xsd:complexType name="TransformsInfoType"> - <xsd:sequence> - <xsd:element ref="dsig:Transforms" minOccurs="0"/> - <xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/> - </xsd:sequence> - </xsd:complexType> - <xsd:complexType name="XMLDataObjectAssociationType"> - <xsd:sequence> - <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/> - <xsd:element name="Content" type="ContentRequiredRefType"/> - </xsd:sequence> - </xsd:complexType> - <xsd:complexType name="CMSDataObjectOptionalMetaType"> - <xsd:sequence> - <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/> - <xsd:element name="Content" type="CMSContentBaseType"/> - </xsd:sequence> - </xsd:complexType> - <xsd:complexType name="CMSDataObjectRequiredMetaType"> - <xsd:sequence> - <xsd:element name="MetaInfo" type="MetaInfoType"/> - <xsd:element name="Content" type="CMSContentBaseTypeLocRef"/> - </xsd:sequence> - </xsd:complexType> - <xsd:complexType name="CMSContentBaseType"> - <xsd:complexContent> - <xsd:restriction base="ContentOptionalRefType"> - <xsd:choice minOccurs="0"> - <xsd:element name="Base64Content" type="xsd:base64Binary"/> - </xsd:choice> - </xsd:restriction> - </xsd:complexContent> - </xsd:complexType> - <xsd:complexType name="CMSContentBaseTypeLocRef"> - <xsd:complexContent> - <xsd:restriction base="ContentOptionalRefType"> - <xsd:choice minOccurs="0"> - <xsd:element name="Base64Content" type="xsd:base64Binary"/> - <xsd:element name="LocRefContent" type="xsd:anyURI"/> - </xsd:choice> - </xsd:restriction> - </xsd:complexContent> - </xsd:complexType> - <xsd:complexType name="CheckResultType"> - <xsd:sequence> - <xsd:element name="Code" type="xsd:nonNegativeInteger"/> - <xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/> - </xsd:sequence> - </xsd:complexType> - <xsd:complexType name="ReferencesCheckResultType"> - <xsd:complexContent> - <xsd:restriction base="CheckResultType"> - <xsd:sequence> - <xsd:element name="Code" type="xsd:nonNegativeInteger"/> - <xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/> - </xsd:sequence> - </xsd:restriction> - </xsd:complexContent> - </xsd:complexType> - <xsd:complexType name="ReferencesCheckResultInfoType" mixed="true"> - <xsd:complexContent> - <xsd:restriction base="AnyChildrenType"> - <xsd:sequence> - <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> - <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/> - </xsd:sequence> - </xsd:restriction> - </xsd:complexContent> - </xsd:complexType> - <xsd:complexType name="ManifestRefsCheckResultType"> - <xsd:complexContent> - <xsd:restriction base="CheckResultType"> - <xsd:sequence> - <xsd:element name="Code" type="xsd:nonNegativeInteger"/> - <xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/> - </xsd:sequence> - </xsd:restriction> - </xsd:complexContent> - </xsd:complexType> - <xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true"> - <xsd:complexContent> - <xsd:restriction base="AnyChildrenType"> - <xsd:sequence> - <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> - <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/> - <xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/> - </xsd:sequence> - </xsd:restriction> - </xsd:complexContent> - </xsd:complexType> - <!--########## Error Response ###--> - <xsd:element name="ErrorResponse" type="ErrorResponseType"> - <xsd:annotation> - <xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation> - </xsd:annotation> - </xsd:element> - <xsd:complexType name="ErrorResponseType"> - <xsd:sequence> - <xsd:element name="ErrorCode" type="xsd:integer"/> - <xsd:element name="Info" type="xsd:string"/> - </xsd:sequence> - </xsd:complexType> - <!--########## Auxiliary Types ###--> - <xsd:simpleType name="KeyIdentifierType"> - <xsd:restriction base="xsd:string"/> - </xsd:simpleType> - <xsd:simpleType name="KeyStorageType"> - <xsd:restriction base="xsd:string"> - <xsd:enumeration value="Software"/> - <xsd:enumeration value="Hardware"/> - </xsd:restriction> - </xsd:simpleType> - <xsd:simpleType name="MimeTypeType"> - <xsd:restriction base="xsd:token"/> - </xsd:simpleType> - <xsd:complexType name="AnyChildrenType" mixed="true"> - <xsd:sequence> - <xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> - </xsd:sequence> - </xsd:complexType> - <xsd:complexType name="XMLContentType" mixed="true"> - <xsd:complexContent> - <xsd:extension base="AnyChildrenType"> - <xsd:attribute ref="xml:space" use="optional"/> - </xsd:extension> - </xsd:complexContent> - </xsd:complexType> - <xsd:complexType name="ContentBaseType"> - <xsd:choice minOccurs="0"> - <xsd:element name="Base64Content" type="xsd:base64Binary"/> - <xsd:element name="XMLContent" type="XMLContentType"/> - <xsd:element name="LocRefContent" type="xsd:anyURI"/> - </xsd:choice> - </xsd:complexType> - <xsd:complexType name="ContentExLocRefBaseType"> - <xsd:complexContent> - <xsd:restriction base="ContentBaseType"> - <xsd:choice minOccurs="0"> - <xsd:element name="Base64Content" type="xsd:base64Binary"/> - <xsd:element name="XMLContent" type="XMLContentType"/> - </xsd:choice> - </xsd:restriction> - </xsd:complexContent> - </xsd:complexType> - <xsd:complexType name="ContentOptionalRefType"> - <xsd:complexContent> - <xsd:extension base="ContentBaseType"> - <xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/> - </xsd:extension> - </xsd:complexContent> - </xsd:complexType> - <xsd:complexType name="ContentRequiredRefType"> - <xsd:complexContent> - <xsd:restriction base="ContentOptionalRefType"> - <xsd:choice minOccurs="0"> - <xsd:element name="Base64Content" type="xsd:base64Binary"/> - <xsd:element name="XMLContent" type="XMLContentType"/> - <xsd:element name="LocRefContent" type="xsd:anyURI"/> - </xsd:choice> - <xsd:attribute name="Reference" type="xsd:anyURI" use="required"/> - </xsd:restriction> - </xsd:complexContent> - </xsd:complexType> - <xsd:complexType name="VerifyTransformsDataType"> - <xsd:choice maxOccurs="unbounded"> - <xsd:annotation> - <xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation> - </xsd:annotation> - <xsd:element ref="VerifyTransformsInfoProfile"/> - <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string"> - <xsd:annotation> - <xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation> - </xsd:annotation> - </xsd:element> - </xsd:choice> - </xsd:complexType> - <xsd:element name="QualifiedCertificate"/> - <xsd:element name="SecureSignatureCreationDevice"/> - <xsd:element name="PublicAuthority" type="PublicAuthorityType"/> - <xsd:complexType name="PublicAuthorityType"> - <xsd:sequence> - <xsd:element name="Code" type="xsd:string" minOccurs="0"/> - </xsd:sequence> - </xsd:complexType> - <xsd:simpleType name="SignatoriesType"> - <xsd:union memberTypes="AllSignatoriesType"> - <xsd:simpleType> - <xsd:list itemType="xsd:positiveInteger"/> - </xsd:simpleType> - </xsd:union> - </xsd:simpleType> - <xsd:simpleType name="AllSignatoriesType"> - <xsd:restriction base="xsd:string"> - <xsd:enumeration value="all"/> - </xsd:restriction> - </xsd:simpleType> - <xsd:complexType name="CreateSignatureLocationType"> - <xsd:simpleContent> - <xsd:extension base="xsd:token"> - <xsd:attribute name="Index" type="xsd:integer" use="required"/> - </xsd:extension> - </xsd:simpleContent> - </xsd:complexType> - <xsd:complexType name="TransformParameterType"> - <xsd:choice minOccurs="0"> - <xsd:annotation> - <xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation> - </xsd:annotation> - <xsd:element name="Base64Content" type="xsd:base64Binary"> - <xsd:annotation> - <xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation> - </xsd:annotation> - </xsd:element> - <xsd:element name="Hash"> - <xsd:annotation> - <xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation> - </xsd:annotation> - <xsd:complexType> - <xsd:sequence> - <xsd:element ref="dsig:DigestMethod"/> - <xsd:element ref="dsig:DigestValue"/> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - </xsd:choice> - <xsd:attribute name="URI" type="xsd:anyURI" use="required"/> - </xsd:complexType> - <xsd:element name="CreateSignatureEnvironmentProfile"> - <xsd:complexType> - <xsd:sequence> - <xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/> - <xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:element name="VerifyTransformsInfoProfile"> - <xsd:annotation> - <xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation> - </xsd:annotation> - <xsd:complexType> - <xsd:sequence> - <xsd:element ref="dsig:Transforms" minOccurs="0"/> - <xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded"> - <xsd:annotation> - <xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation> - </xsd:annotation> - </xsd:element> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:element name="Supplement" type="XMLDataObjectAssociationType"/> - <xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/> - <xsd:element name="CreateTransformsInfoProfile"> - <xsd:complexType> - <xsd:sequence> - <xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/> - <xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/> - </xsd:sequence> - </xsd:complexType> - </xsd:element> -</xsd:schema> diff --git a/spss/server/serverws/src/main/webapp/WEB-INF/server-config.wsdd b/spss/server/serverws/src/main/webapp/WEB-INF/server-config.wsdd index eaa50865d..86d37c8bc 100644 --- a/spss/server/serverws/src/main/webapp/WEB-INF/server-config.wsdd +++ b/spss/server/serverws/src/main/webapp/WEB-INF/server-config.wsdd @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?>
<!--
- Axis Deployment Descriptor for MOA SP/SS 1.4
+ Axis Deployment Descriptor for MOA SP/SS 1.5
-->
<deployment name="defaultClientConfig"
xmlns="http://xml.apache.org/axis/wsdd/"
@@ -16,10 +16,8 @@ <namespace>http://reference.e-government.gv.at/namespace/moa/20020822#</namespace>
<parameter name="allowedMethods" value="CreateCMSSignatureRequest CreateXMLSignatureRequest"/>
<parameter name="className" value="at.gv.egovernment.moa.spss.server.service.SignatureCreationService"/>
- <!-- TODO -->
- <wsdlFile>C:\eclipse_workspaces\MOA_Git01\moa-idspss\spss\server\serverws\resources\wsdl\MOA-SPSS-1.5.2.wsdl</wsdlFile>
+ <wsdlFile>webapps/moa-spss/resources/schemas/MOA-SPSS-1.5.2.wsdl</wsdlFile>
- <!-- <wsdlFile>/resources/wsdl/MOA-SPSS-1.5.2.wsdl</wsdlFile>-->
<requestFlow>
<handler type="MOAHandler"/>
</requestFlow>
@@ -32,7 +30,7 @@ <namespace>http://reference.e-government.gv.at/namespace/moa/20020822#</namespace>
<parameter name="allowedMethods" value="VerifyCMSSignatureRequest VerifyXMLSignatureRequest"/>
<parameter name="className" value="at.gv.egovernment.moa.spss.server.service.SignatureVerificationService"/>
- <wsdlFile>/resources/wsdl/MOA-SPSS-1.5.2.wsdl</wsdlFile>
+ <wsdlFile>webapps/moa-spss/resources/schemas/MOA-SPSS-1.5.2.wsdl</wsdlFile>
<requestFlow>
<handler type="MOAHandler"/>
</requestFlow>
|