aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--common/src/main/java/at/gv/egovernment/moa/util/Constants.java4
-rw-r--r--common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd312
-rw-r--r--spss/handbook/clients/webservice/conf/http.properties13
-rw-r--r--spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.DataObject.xml82
-rw-r--r--spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.ServerSupplements.xml66
-rw-r--r--spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.Supplements.xml70
-rw-r--r--spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.xml58
-rw-r--r--spss/handbook/conf/moa-spss/spss.config.xml1
-rw-r--r--spss/handbook/handbook/config/MOA-SPSS-config-1.3.xsd254
-rw-r--r--spss/handbook/handbook/config/MOA-SPSS-config-1.4.3.xsd312
-rw-r--r--spss/handbook/handbook/config/config.html26
-rw-r--r--spss/handbook/handbook/faq/faq.html2
-rw-r--r--spss/handbook/handbook/index.html2
-rw-r--r--spss/handbook/handbook/install/install.html8
-rw-r--r--spss/handbook/handbook/intro/intro.html2
-rw-r--r--spss/handbook/handbook/usage/usage.html2
-rw-r--r--spss/server/history.txt38
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java16
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java17
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java7
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java21
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java27
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java4
23 files changed, 1041 insertions, 303 deletions
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
index d82947e3f..887363fdd 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -77,11 +77,11 @@ public interface Constants {
/** Local location of the MOA configuration XML schema definition. */
public static final String MOA_CONFIG_SCHEMA_LOCATION =
- SCHEMA_ROOT + "MOA-SPSS-config-1.3.xsd";
+ SCHEMA_ROOT + "MOA-SPSS-config-1.4.3.xsd";
/** Local location of the MOA ID configuration XML schema definition. */
public static final String MOA_ID_CONFIG_SCHEMA_LOCATION =
- SCHEMA_ROOT + "MOA-ID-Configuration-1.4.3.xsd";
+ SCHEMA_ROOT + "MOA-ID-Configuration-1.3.xsd";
/** URI of the Security Layer 1.0 namespace. */
public static final String SL10_NS_URI =
diff --git a/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd
new file mode 100644
index 000000000..2b2f1d689
--- /dev/null
+++ b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd
@@ -0,0 +1,312 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ MOA SP/SS 1.4.3 Configuration Schema
+-->
+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+ <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xs:element name="MOAConfiguration">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Common" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Name" type="xs:string"/>
+ <xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+ <xs:element name="UserPIN" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SignatureCreation" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="KeyModules">
+ <xs:complexType>
+ <xs:choice maxOccurs="unbounded">
+ <xs:element name="HardwareKeyModule">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="Name" type="xs:string"/>
+ <xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+ <xs:element name="UserPIN" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SoftwareKeyModule">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="FileName" type="xs:string"/>
+ <xs:element name="Password" type="xs:string" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="KeyGroup" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="Key">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="KeyModuleId" type="xs:token"/>
+ <xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="KeyGroupMapping" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>
+ <xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="XMLDSig">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>
+ <xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SignatureVerification" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CertificateValidation">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="PathConstruction">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="AutoAddCertificates" type="xs:boolean" />
+ <xs:element
+ name="UseAuthorityInformationAccess"
+ type="xs:boolean" />
+ <xs:element
+ name="CertificateStore">
+ <xs:complexType>
+ <xs:choice>
+ <xs:element
+ name="DirectoryStore">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Location" type="xs:token" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="PathValidation">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="ChainingMode">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="DefaultMode"
+ type="config:ChainingModeType" />
+ <xs:element
+ name="TrustAnchor" minOccurs="0"
+ maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Identification"
+ type="dsig:X509IssuerSerialType" />
+ <xs:element
+ name="Mode" type="config:ChainingModeType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="TrustProfile"
+ maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Id" type="xs:token" />
+ <xs:element
+ name="TrustAnchorsLocation" type="xs:anyURI" />
+ <xs:element
+ name="SignerCertsLocation" type="xs:anyURI"
+ minOccurs="0" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="RevocationChecking">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="EnableChecking" type="xs:boolean" />
+ <xs:element
+ name="MaxRevocationAge" type="xs:integer" />
+ <xs:element name="ServiceOrder"
+ minOccurs="0">
+ <xs:complexType>
+ <xs:sequence
+ minOccurs="2" maxOccurs="2">
+ <xs:element
+ name="Service">
+ <xs:simpleType>
+ <xs:restriction
+ base="xs:token">
+ <xs:enumeration
+ value="OCSP" />
+ <xs:enumeration
+ value="CRL" />
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="Archiving">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="EnableArchiving" type="xs:boolean" />
+ <xs:element
+ name="ArchiveDuration"
+ type="xs:nonNegativeInteger" minOccurs="0" />
+ <xs:element
+ name="Archive" minOccurs="0">
+ <xs:complexType>
+ <xs:choice>
+ <xs:element
+ name="DatabaseArchive">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="JDBCURL" type="xs:anyURI" />
+ <xs:element
+ name="JDBCDriverClassName" type="xs:token" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element
+ name="DistributionPoint" minOccurs="0"
+ maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="CAIssuerDN" type="xs:token" />
+ <xs:choice
+ maxOccurs="unbounded">
+ <xs:element
+ name="CRLDP">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Location" type="xs:anyURI" />
+ <xs:element
+ name="ReasonCode" minOccurs="0"
+ maxOccurs="unbounded">
+ <xs:simpleType>
+ <xs:restriction
+ base="xs:token">
+ <xs:enumeration
+ value="unused" />
+ <xs:enumeration
+ value="keyCompromise" />
+ <xs:enumeration
+ value="cACompromise" />
+ <xs:enumeration
+ value="affiliationChanged" />
+ <xs:enumeration
+ value="superseded" />
+ <xs:enumeration
+ value="cessationOfOperation" />
+ <xs:enumeration
+ value="certificateHold" />
+ <xs:enumeration
+ value="privilegeWithdrawn" />
+ <xs:enumeration
+ value="aACompromise" />
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element
+ name="OCSPDP">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Location" type="xs:anyURI" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="VerifyTransformsInfoProfile"
+ type="config:ProfileType" minOccurs="0"
+ maxOccurs="unbounded" />
+ <xs:element name="SupplementProfile"
+ type="config:ProfileType" minOccurs="0"
+ maxOccurs="unbounded" />
+ <xs:element name="PermitFileURIs" type="xs:boolean" minOccurs="0" maxOccurs="1" default="false"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:simpleType name="ChainingModeType">
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="chaining"/>
+ <xs:enumeration value="pkix"/>
+ </xs:restriction>
+ </xs:simpleType>
+ <xs:complexType name="ProfileType">
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="Location" type="xs:anyURI"/>
+ </xs:sequence>
+ </xs:complexType>
+</xs:schema>
diff --git a/spss/handbook/clients/webservice/conf/http.properties b/spss/handbook/clients/webservice/conf/http.properties
index 22f2d2cda..a75f0dfa9 100644
--- a/spss/handbook/clients/webservice/conf/http.properties
+++ b/spss/handbook/clients/webservice/conf/http.properties
@@ -10,13 +10,12 @@
signServiceQName = SignatureCreation
# Zugangspunkt des Webservices
-signServiceEndPoint = http://localhost:8080/moa-spss/services/SignatureCreation
-#signServiceEndPoint = https://localhost:8443/moa-spss/services/SignatureCreation
+signServiceEndPoint = https://localhost:8443/moa-spss/services/SignatureCreation
# Name des zu sendenden Signaturerstellungsrequests (entweder absolute
# oder relative Pfadangabe; eine relative Pfadangabe wird relativ zum
# Arbeitsverzeichnis der Java VM interpretiert)
-signRequest = resources/requests/CreateXMLSignatureRequest.Simple.xml
+#signRequest = resources/requests/CreateXMLSignatureRequest.Simple.xml
#signRequest=resources/requests/CreateXMLSignatureRequest.Refs.xml
#signRequest=resources/requests/CreateXMLSignatureRequest.Transforms.xml
#signRequest=resources/requests/CreateXMLSignatureRequest.Supplements.xml
@@ -30,8 +29,8 @@ signRequest = resources/requests/CreateXMLSignatureRequest.Simple.xml
verifyServiceQName = SignatureVerification
# Zugangspunkt des Webservices
-verifyServiceEndPoint = http://localhost:8080/moa-spss/services/SignatureVerification
-#verifyServiceEndPoint = https://localhost:8443/moa-spss/services/SignatureVerification
+
+verifyServiceEndPoint = https://localhost:8443/moa-spss/services/SignatureVerification
# Name des zu sendenden Signaturprüfrequests (entweder absolute
# oder relative Pfadangabe; eine relative Pfadangabe wird relativ zum
@@ -43,6 +42,10 @@ verifyRequest=resources/requests/VerifyCMSSignatureRequest.Simple.xml
#verifyRequest=resources/requests/VerifyXMLSignatureRequest.Supplements.xml
#verifyRequest=resources/requests/VerifyXMLSignatureRequest.SigManifest.xml
#verifyRequest=resources/requests/VerifyXMLSignatureRequest.XMLDSigManifest.xml
+#verifyRequest=resources/requests/VerifyXMLSignatureRequest.FileURIs.xml
+#verifyRequest=resources/requests/VerifyXMLSignatureRequest.FileURIs.DataObject.xml
+#verifyRequest=resources/requests/VerifyXMLSignatureRequest.FileURIs.Supplements.xml
+#verifyRequest=resources/requests/VerifyXMLSignatureRequest.FileURIs.ServerSupplements.xml
#
# JSSE-Konfiguration
diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.DataObject.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.DataObject.xml
new file mode 100644
index 000000000..5b4b61938
--- /dev/null
+++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.DataObject.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyXMLSignatureRequest
+ xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#"
+ xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/20020822# file:D:/_java/moa-idspss/trunk/common/src/main/resources/resources/schemas/MOA-SPSS-1.3.xsd
+ http://www.w3.org/2000/09/xmldsig# http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd">
+ <VerifySignatureInfo>
+ <VerifySignatureEnvironment>
+ <XMLContent>
+ <dsig:Signature Id="signature-1-1"
+ xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod
+ Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <dsig:SignatureMethod
+ Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" />
+ <dsig:Reference
+ Type="http://www.w3.org/2000/09/xmldsig#Manifest"
+ URI="#dsig-manifest-1-1">
+ <dsig:DigestMethod
+ Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue>
+ XRuYnuRTOAInpu8TzwDWn9Er4/Y=
+ </dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>
+ O3/U4zcVG6BOdc2C/m09xe+vxGhp6TKz7lEukgjINsc1o1Bvdelo77T8cEG/muYd
+ </dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:X509Data>
+ <dsig:X509Certificate>
+ MIIELjCCAxagAwIBAgIBEzANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJBVDEQ
+ MA4GA1UEChMHVFUgR3JhejENMAsGA1UECxMERUdJWjEUMBIGA1UEAxMLTU9BIFRl
+ c3QgQ0EwHhcNMDcwODIzMTM1ODU0WhcNMTIwODIzMTM1ODU0WjBpMQswCQYDVQQG
+ EwJBVDEQMA4GA1UEChMHVFUgR1JBWjENMAsGA1UECxMERUdJWjE5MDcGA1UEAxMw
+ VGVzdCBTaWduYXR1cmRpZW5zdCBhbGxlciBLdW5kZW46IEVDRFNBIChQMTkydjEp
+ MIHzMIG8BgcqhkjOPQIBMIGwAgEBMCQGByqGSM49AQECGQD/////////////////
+ ///+//////////8wNAQY/////////////////////v/////////8BBhkIQUZ5ZyA
+ 5w+n6atyJDBJ/rje7MFGubEEMQQYjagOsDCQ9ny/IOtDoYgA9P8K/YL/EBIHGSuV
+ /8jaeGMQEe1rJM3Vc/l3oR55SBECGQD///////////////+Z3vg2FGvJsbTSKDEC
+ AQEDMgAExf78b6N6BUhK+FHmunDUCQefSxpQmC6m4yq/+pqdDMJalTWATFhQwZqE
+ qSMXJ2Tqo4IBNDCCATAwDgYDVR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYD
+ VR0OBBYEFBrwapQSMwabwPPOijtgOu3iNlt3MHAGA1UdIARpMGcwZQYMKwYBBAGV
+ EgECewEBMFUwUwYIKwYBBQUHAgIwRxpFVGhpcyBjZXJ0aWZpY2F0ZSBvbmx5IG1h
+ eSBiZSB1c2VkIGZvciBkZW1vbnN0cmF0aW9uIGFuZCB0ZXN0IHB1cnBvc2VzMEYG
+ A1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9tb2EtaWRzcHNzLmVnb3ZsYWJzLmd2LmF0
+ L2NybHMvbW9hLXRlc3QtY2EuY3JsMBYGByooAAoBAQEECxMJRUdJWi1UZXN0MB8G
+ A1UdIwQYMBaAFFKXvB3Ugd6H51ClcBGdjhYJNiRSMA0GCSqGSIb3DQEBBQUAA4IB
+ AQB60RLi9zIwF/Rmy/Wo0yf1/ZktElIt91vfBsXlpgLJ4Q6ol/4hTjMJ4FIa8GOl
+ 0b9dIkEe+WGq77JFJVgltsRoJfQBSvnK9jdLfB5YJD0ETDnMdckBV+RsxkEtl5Lr
+ IrT6vExyJUAWz15XJiHgkYZncJCBTy1oh8f3V8cR1VZYwO4QBRDwRdVdZsaL5PME
+ vvLrcAMJhF5fS4AiqMex2Eh2kav5t6/I5bmB4CKEe+0+dPO8DGl7areEfzQEPd8p
+ jkkX5PnxriQvZfgVzwrdXGDqMTnBNaRtCGMiQU/0kp21a6BVtT4am27yr9p3ddhl
+ z7sJ4Z6ys1bwB0on/O65tdn7
+ </dsig:X509Certificate>
+ </dsig:X509Data>
+ </dsig:KeyInfo>
+ <dsig:Object>
+ <dsig:Manifest Id="dsig-manifest-1-1">
+ <dsig:Reference Id="reference-1-1"
+ URI="file:referencedData/Text.txt">
+ <dsig:DigestMethod
+ Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue>
+ TrE7WPVlNnBf1dh9PRiZdwpTaxs=
+ </dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:Manifest>
+ </dsig:Object>
+ </dsig:Signature>
+ </XMLContent>
+ </VerifySignatureEnvironment>
+ <VerifySignatureLocation
+ xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ /dsig:Signature
+ </VerifySignatureLocation>
+ </VerifySignatureInfo>
+ <TrustProfileID>Test-Signaturdienste</TrustProfileID>
+</VerifyXMLSignatureRequest>
+
diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.ServerSupplements.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.ServerSupplements.xml
new file mode 100644
index 000000000..4b9fa43fe
--- /dev/null
+++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.ServerSupplements.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyXMLSignatureRequest
+ xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#"
+ xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/20020822# file:D:/_java/moa-idspss/trunk/common/src/main/resources/resources/schemas/MOA-SPSS-1.3.xsd
+ http://www.w3.org/2000/09/xmldsig# http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd">
+ <VerifySignatureInfo>
+ <VerifySignatureEnvironment>
+ <XMLContent>
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="signature-1208432475-242867937-18096">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
+ <dsig:Reference Id="signed-data-reference-0-1208432475-242867937-22960" URI="urn:Document">
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>te0YD8LFaK3JLQV8cL69DPnFRLc=</dsig:DigestValue>
+ </dsig:Reference>
+ <dsig:Reference Id="etsi-data-reference-0-1208432475-242867937-11431" Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-data-object-0-1208432475-242867937-12332')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)">
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>2M9g7DopnXtz86dkz+7yk5SHSHo=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>Ti3ckR8eq4D0mUhb+ylUFhIYn7mfUHTc2AjTys4oaq4gFkXvQlQI41Iggp40c916</dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:X509Data>
+ <dsig:X509Certificate>MIIDlzCCAf+gAwIBAgIRMrFTcaHacn5T5kRFML4Ck6swDQYJKoZIhvcNAQEFBQAwTTESMBAGA1UEAwwJVlNpZyBDQSAyMSowKAYDVQQKDCFIYXVwdHZlcmJhbmQgw7ZzdGVyci4gU296aWFsdmVycy4xCzAJBgNVBAYTAkFUMB4XDTA2MDEyMDA1MTExMVoXDTExMDEyMDA1MTExMVowXzEVMBMGA1UEAwwMRGF2aWQgRmVyYmFzMSowKAYDVQQKDCFIYXVwdHZlcmJhbmQgw7ZzdGVyci4gU296aWFsdmVycy4xDTALBgNVBAsMBFZTaWcxCzAJBgNVBAYTAkFUMEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEc7ESyZ4IdIM9UDtze29i0IqfCbwWSODfCF8bTiXxdJZLWZOE0eqwL2ybWVTEmCXDo4G6MIG3MBMGA1UdIwQMMAqACEhpdVw8ryMqMBEGA1UdDgQKBAhP473ttlxOBjAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0gBA8wDTALBgkqKAAKAQQBZgAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5lY2FyZC5zb3ppYWx2ZXJzaWNoZXJ1bmcuYXQwIAYDVR0RBBkwF4EVZGF2aWQuZmVyYmFzQGlub2RlLmF0MA0GCSqGSIb3DQEBBQUAA4IBgQAu74FsENLTC9kqN4UVEX+pJz4ckOjAI8NbzCEvHgDqfpXmjZKA+8354fE6hsCd8uCJWCJ36ig2cMcOjGJrW+4YExYFRpiq1U2u9N1eKEj7j1oQzNZw4lotDxMFHnzd5WBjXjWekgy3uWkFhqE+NvQtauNtRiR3kg2jMt4MmcjZpck3WoTibrV9sMOzyM8L4y3HdDix97aWTefqxJ28IF9Anuk/uNGu74KcuJjYuIZx7q1ULsuXEs/HJMxU2/9lcT6lRhsp5VE0Z0/zOWdenQYUBscdbNrEDg3gmGU9T7SuxNQfHRLQ1OGzjolJL7kvhsRiK/l7pBtGAt2oPO6OKbLgWhW/6DEYJqnUrScQCli34EVDFC8W9yOBq3BHHZCQOzGgYtxtpI2QzCHLMGEwaxdFAYQp9pVBnX7HGbPqhq2r5osDlcyJDLO9uYW+63CTCVIeJ9018OxvOxNNvb6JzunW/oQAVMj+vTiR4GE74A0qVbuYd0fvEvc47J1q6++QlKc=</dsig:X509Certificate>
+ </dsig:X509Data>
+ </dsig:KeyInfo>
+ <dsig:Object Id="etsi-data-object-0-1208432475-242867937-12332">
+ <etsi:QualifyingProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" Target="#signature-1208432475-242867937-18096">
+ <etsi:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#">
+ <etsi:SignedSignatureProperties>
+ <etsi:SigningTime>2008-04-17T11:41:15Z</etsi:SigningTime>
+ <etsi:SigningCertificate>
+ <etsi:Cert>
+ <etsi:CertDigest>
+ <etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <etsi:DigestValue>RREWB1U7AWw/Xy+QkwfAiityVDs=</etsi:DigestValue>
+ </etsi:CertDigest>
+ <etsi:IssuerSerial>
+ <dsig:X509IssuerName>C=AT,O=Hauptverband österr. Sozialvers.,CN=VSig CA 2</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>17249824966675737197051526866457224975275</dsig:X509SerialNumber>
+ </etsi:IssuerSerial>
+ </etsi:Cert>
+ </etsi:SigningCertificate>
+ <etsi:SignaturePolicyIdentifier>
+ <etsi:SignaturePolicyImplied/>
+ </etsi:SignaturePolicyIdentifier>
+ </etsi:SignedSignatureProperties>
+ <etsi:SignedDataObjectProperties>
+ <etsi:DataObjectFormat ObjectReference="#signed-data-reference-0-1208432475-242867937-22960">
+ <etsi:MimeType>text/plain</etsi:MimeType>
+ </etsi:DataObjectFormat>
+ </etsi:SignedDataObjectProperties>
+ </etsi:SignedProperties>
+ </etsi:QualifyingProperties>
+ </dsig:Object>
+ </dsig:Signature>
+ </XMLContent>
+ </VerifySignatureEnvironment>
+ <VerifySignatureLocation xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">/dsig:Signature</VerifySignatureLocation>
+ </VerifySignatureInfo>
+ <SupplementProfileID>testID</SupplementProfileID>
+ <TrustProfileID>certifiedSignature+Test</TrustProfileID>
+</VerifyXMLSignatureRequest>
diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.Supplements.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.Supplements.xml
new file mode 100644
index 000000000..27929cefd
--- /dev/null
+++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.Supplements.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyXMLSignatureRequest
+ xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#"
+ xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/20020822# file:D:/_java/moa-idspss/trunk/common/src/main/resources/resources/schemas/MOA-SPSS-1.3.xsd
+ http://www.w3.org/2000/09/xmldsig# http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd">
+ <VerifySignatureInfo>
+ <VerifySignatureEnvironment>
+ <XMLContent>
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="signature-1208432475-242867937-18096">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
+ <dsig:Reference Id="signed-data-reference-0-1208432475-242867937-22960" URI="urn:Document">
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>te0YD8LFaK3JLQV8cL69DPnFRLc=</dsig:DigestValue>
+ </dsig:Reference>
+ <dsig:Reference Id="etsi-data-reference-0-1208432475-242867937-11431" Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-data-object-0-1208432475-242867937-12332')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)">
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>2M9g7DopnXtz86dkz+7yk5SHSHo=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>Ti3ckR8eq4D0mUhb+ylUFhIYn7mfUHTc2AjTys4oaq4gFkXvQlQI41Iggp40c916</dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:X509Data>
+ <dsig:X509Certificate>MIIDlzCCAf+gAwIBAgIRMrFTcaHacn5T5kRFML4Ck6swDQYJKoZIhvcNAQEFBQAwTTESMBAGA1UEAwwJVlNpZyBDQSAyMSowKAYDVQQKDCFIYXVwdHZlcmJhbmQgw7ZzdGVyci4gU296aWFsdmVycy4xCzAJBgNVBAYTAkFUMB4XDTA2MDEyMDA1MTExMVoXDTExMDEyMDA1MTExMVowXzEVMBMGA1UEAwwMRGF2aWQgRmVyYmFzMSowKAYDVQQKDCFIYXVwdHZlcmJhbmQgw7ZzdGVyci4gU296aWFsdmVycy4xDTALBgNVBAsMBFZTaWcxCzAJBgNVBAYTAkFUMEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEc7ESyZ4IdIM9UDtze29i0IqfCbwWSODfCF8bTiXxdJZLWZOE0eqwL2ybWVTEmCXDo4G6MIG3MBMGA1UdIwQMMAqACEhpdVw8ryMqMBEGA1UdDgQKBAhP473ttlxOBjAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0gBA8wDTALBgkqKAAKAQQBZgAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5lY2FyZC5zb3ppYWx2ZXJzaWNoZXJ1bmcuYXQwIAYDVR0RBBkwF4EVZGF2aWQuZmVyYmFzQGlub2RlLmF0MA0GCSqGSIb3DQEBBQUAA4IBgQAu74FsENLTC9kqN4UVEX+pJz4ckOjAI8NbzCEvHgDqfpXmjZKA+8354fE6hsCd8uCJWCJ36ig2cMcOjGJrW+4YExYFRpiq1U2u9N1eKEj7j1oQzNZw4lotDxMFHnzd5WBjXjWekgy3uWkFhqE+NvQtauNtRiR3kg2jMt4MmcjZpck3WoTibrV9sMOzyM8L4y3HdDix97aWTefqxJ28IF9Anuk/uNGu74KcuJjYuIZx7q1ULsuXEs/HJMxU2/9lcT6lRhsp5VE0Z0/zOWdenQYUBscdbNrEDg3gmGU9T7SuxNQfHRLQ1OGzjolJL7kvhsRiK/l7pBtGAt2oPO6OKbLgWhW/6DEYJqnUrScQCli34EVDFC8W9yOBq3BHHZCQOzGgYtxtpI2QzCHLMGEwaxdFAYQp9pVBnX7HGbPqhq2r5osDlcyJDLO9uYW+63CTCVIeJ9018OxvOxNNvb6JzunW/oQAVMj+vTiR4GE74A0qVbuYd0fvEvc47J1q6++QlKc=</dsig:X509Certificate>
+ </dsig:X509Data>
+ </dsig:KeyInfo>
+ <dsig:Object Id="etsi-data-object-0-1208432475-242867937-12332">
+ <etsi:QualifyingProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" Target="#signature-1208432475-242867937-18096">
+ <etsi:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#">
+ <etsi:SignedSignatureProperties>
+ <etsi:SigningTime>2008-04-17T11:41:15Z</etsi:SigningTime>
+ <etsi:SigningCertificate>
+ <etsi:Cert>
+ <etsi:CertDigest>
+ <etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <etsi:DigestValue>RREWB1U7AWw/Xy+QkwfAiityVDs=</etsi:DigestValue>
+ </etsi:CertDigest>
+ <etsi:IssuerSerial>
+ <dsig:X509IssuerName>C=AT,O=Hauptverband österr. Sozialvers.,CN=VSig CA 2</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>17249824966675737197051526866457224975275</dsig:X509SerialNumber>
+ </etsi:IssuerSerial>
+ </etsi:Cert>
+ </etsi:SigningCertificate>
+ <etsi:SignaturePolicyIdentifier>
+ <etsi:SignaturePolicyImplied/>
+ </etsi:SignaturePolicyIdentifier>
+ </etsi:SignedSignatureProperties>
+ <etsi:SignedDataObjectProperties>
+ <etsi:DataObjectFormat ObjectReference="#signed-data-reference-0-1208432475-242867937-22960">
+ <etsi:MimeType>text/plain</etsi:MimeType>
+ </etsi:DataObjectFormat>
+ </etsi:SignedDataObjectProperties>
+ </etsi:SignedProperties>
+ </etsi:QualifyingProperties>
+ </dsig:Object>
+ </dsig:Signature>
+ </XMLContent>
+ </VerifySignatureEnvironment>
+ <VerifySignatureLocation xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">/dsig:Signature</VerifySignatureLocation>
+ </VerifySignatureInfo>
+ <SupplementProfile>
+ <Content Reference="urn:Document">
+ <LocRefContent>file:D:/Programme/apache-tomcat-5.5.26/webapps/referencedData/enno-sp.pdf_bku_sign_out.pdf</LocRefContent>
+ </Content>
+ </SupplementProfile>
+ <TrustProfileID>certifiedSignature+Test</TrustProfileID>
+</VerifyXMLSignatureRequest>
diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.xml
new file mode 100644
index 000000000..fc67859ba
--- /dev/null
+++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyXMLSignatureRequest
+ xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <VerifySignatureInfo>
+ <VerifySignatureEnvironment>
+ <XMLContent>
+ <dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" />
+ <dsig:Reference Id="reference-1-1" URI="file:../conf/server.xml">
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue>tLODyeiWFbAkQKwhrR23jtcgu4k=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>
+ VEjXB6+geUL16oTPDVx5lcQliGl/oyVobug3BVxVwhu8CU7WK65moTcTuo/CL2hQ
+ </dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:X509Data>
+ <dsig:X509Certificate>
+ MIID+DCCA2WgAwIBAgIBCTAJBgUrDgMCHQUAMH8xCzAJBgNVBAYTAkFUMSwwKgYD
+ VQQKEyNTdGFic3RlbGxlIElLVC1TdHJhdGVnaWUgZGVzIEJ1bmRlczEeMBwGA1UE
+ CxMVVGVjaG5payB1bmQgU3RhbmRhcmRzMSIwIAYDVQQDExlUZXN0IENBIC0gU2ln
+ bmF0dXJkaWVuc3RlMB4XDTA0MDgwNDA4MjM0OFoXDTA3MDgwNDA4MjM0OFowgZgx
+ CzAJBgNVBAYTAkFUMS0wKwYDVQQKEyRTdGFic3N0ZWxsZSBJS1QtU3RyYXRlZ2ll
+ IGRlcyBCdW5kZXMxHjAcBgNVBAsTFVRlY2huaWsgdW5kIFN0YW5kYXJkczE6MDgG
+ A1UEAxMxVGVzdDogU2lnbmF0dXJkaWVuc3QgYWxsZXIgS3VuZGVuOiBFQ0RTQSAo
+ UDE5MnYxKTCB8zCBvAYHKoZIzj0CATCBsAIBATAkBgcqhkjOPQEBAhkA////////
+ /////////////v//////////MDQEGP////////////////////7//////////AQY
+ ZCEFGeWcgOcPp+mrciQwSf643uzBRrmxBDEEGI2oDrAwkPZ8vyDrQ6GIAPT/Cv2C
+ /xASBxkrlf/I2nhjEBHtayTN1XP5d6EeeUgRAhkA////////////////md74NhRr
+ ybG00igxAgEBAzIABNHWY9lQOE1zgmpcpjTg2WIg6qgEsGhpXELPinJoMPDVheTv
+ 2BZPG42YJsNfvWgC06OCARwwggEYMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8E
+ AjAAMB0GA1UdDgQWBBRHH5EXnrWosCmIa+JyEM5seMxFVzBdBgNVHSAEVjBUMFIG
+ DCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0
+ IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2VlaWduZXQuMEMGA1UdHwQ8MDowOKA2
+ oDSGMmh0dHA6Ly9sYWJzLmNpby5ndi5hdC90ZW1wL2NybHMvc2lnbmF0dXJkaWVu
+ c3QuY3JsMBQGByooAAoBAQEECQwHQktBLUlLVDAfBgNVHSMEGDAWgBRAl0P5fWaw
+ vf59+uxGcYY9wffZPTAJBgUrDgMCHQUAA4GBAIMKUsnajgfBtpHeDdMdQMLA8fdt
+ lluezDOM78WYYSFURP04QZk5iHkShzptgZCF5Y/T4an3dC3SnytL67LJvEoKUyja
+ iTMLo7650xRTvAjTaMJ+nly/wTRYJKplOLXKWj3WwfObMHXdsDE8NJmpJSRE7Sw7
+ +tj+UiTiNNSaXirq
+ </dsig:X509Certificate>
+ </dsig:X509Data>
+ </dsig:KeyInfo>
+ </dsig:Signature>
+ </XMLContent>
+ </VerifySignatureEnvironment>
+ <VerifySignatureLocation xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">/dsig:Signature</VerifySignatureLocation>
+ </VerifySignatureInfo>
+ <SignatureManifestCheckParams ReturnReferenceInputData="true">
+ <ReferenceInfo>
+ <VerifyTransformsInfoProfile />
+ </ReferenceInfo>
+ </SignatureManifestCheckParams>
+ <TrustProfileID>Test-Signaturdienste</TrustProfileID>
+</VerifyXMLSignatureRequest> \ No newline at end of file
diff --git a/spss/handbook/conf/moa-spss/spss.config.xml b/spss/handbook/conf/moa-spss/spss.config.xml
index 8e167af57..9f79c5a19 100644
--- a/spss/handbook/conf/moa-spss/spss.config.xml
+++ b/spss/handbook/conf/moa-spss/spss.config.xml
@@ -145,5 +145,6 @@
</cfg:Archiving>
</cfg:RevocationChecking>
</cfg:CertificateValidation>
+ <cfg:PermitFileURIs>false</cfg:PermitFileURIs>
</cfg:SignatureVerification>
</cfg:MOAConfiguration>
diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.3.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-1.3.xsd
deleted file mode 100644
index 1521b4f1b..000000000
--- a/spss/handbook/handbook/config/MOA-SPSS-config-1.3.xsd
+++ /dev/null
@@ -1,254 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- MOA SP/SS 1.3 Configuration Schema
--->
-<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">
- <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
- <xs:element name="MOAConfiguration">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Common" minOccurs="0">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Name" type="xs:string"/>
- <xs:element name="SlotId" type="xs:string" minOccurs="0"/>
- <xs:element name="UserPIN" type="xs:string"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="SignatureCreation" minOccurs="0">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="KeyModules">
- <xs:complexType>
- <xs:choice maxOccurs="unbounded">
- <xs:element name="HardwareKeyModule">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Id" type="xs:token"/>
- <xs:element name="Name" type="xs:string"/>
- <xs:element name="SlotId" type="xs:string" minOccurs="0"/>
- <xs:element name="UserPIN" type="xs:string"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="SoftwareKeyModule">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Id" type="xs:token"/>
- <xs:element name="FileName" type="xs:string"/>
- <xs:element name="Password" type="xs:string" minOccurs="0"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:choice>
- </xs:complexType>
- </xs:element>
- <xs:element name="KeyGroup" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Id" type="xs:token"/>
- <xs:sequence maxOccurs="unbounded">
- <xs:element name="Key">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="KeyModuleId" type="xs:token"/>
- <xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="KeyGroupMapping" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>
- <xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="XMLDSig">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>
- <xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="SignatureVerification" minOccurs="0">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="CertificateValidation">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="PathConstruction">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="AutoAddCertificates" type="xs:boolean"/>
- <xs:element name="UseAuthorityInformationAccess" type="xs:boolean"/>
- <xs:element name="CertificateStore">
- <xs:complexType>
- <xs:choice>
- <xs:element name="DirectoryStore">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Location" type="xs:token"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:choice>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="PathValidation">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="ChainingMode">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="DefaultMode" type="config:ChainingModeType"/>
- <xs:element name="TrustAnchor" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Identification" type="dsig:X509IssuerSerialType"/>
- <xs:element name="Mode" type="config:ChainingModeType"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="TrustProfile" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Id" type="xs:token"/>
- <xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>
- <xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="RevocationChecking">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="EnableChecking" type="xs:boolean"/>
- <xs:element name="MaxRevocationAge" type="xs:integer"/>
- <xs:element name="ServiceOrder" minOccurs="0">
- <xs:complexType>
- <xs:sequence minOccurs="2" maxOccurs="2">
- <xs:element name="Service">
- <xs:simpleType>
- <xs:restriction base="xs:token">
- <xs:enumeration value="OCSP"/>
- <xs:enumeration value="CRL"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="Archiving">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="EnableArchiving" type="xs:boolean"/>
- <xs:element name="ArchiveDuration" type="xs:nonNegativeInteger" minOccurs="0"/>
- <xs:element name="Archive" minOccurs="0">
- <xs:complexType>
- <xs:choice>
- <xs:element name="DatabaseArchive">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="JDBCURL" type="xs:anyURI"/>
- <xs:element name="JDBCDriverClassName" type="xs:token"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:choice>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="DistributionPoint" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="CAIssuerDN" type="xs:token"/>
- <xs:choice maxOccurs="unbounded">
- <xs:element name="CRLDP">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="IndirectCRLIssuer" type="xs:string" minOccurs="0" maxOccurs="1"/>
- <xs:element name="Location" type="xs:anyURI"/>
- <xs:element name="ReasonCode" minOccurs="0" maxOccurs="unbounded">
- <xs:simpleType>
- <xs:restriction base="xs:token">
- <xs:enumeration value="unused"/>
- <xs:enumeration value="keyCompromise"/>
- <xs:enumeration value="cACompromise"/>
- <xs:enumeration value="affiliationChanged"/>
- <xs:enumeration value="superseded"/>
- <xs:enumeration value="cessationOfOperation"/>
- <xs:enumeration value="certificateHold"/>
- <xs:enumeration value="privilegeWithdrawn"/>
- <xs:enumeration value="aACompromise"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="OCSPDP">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Location" type="xs:anyURI"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:choice>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="VerifyTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element name="SupplementProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:simpleType name="ChainingModeType">
- <xs:restriction base="xs:string">
- <xs:enumeration value="chaining"/>
- <xs:enumeration value="pkix"/>
- </xs:restriction>
- </xs:simpleType>
- <xs:complexType name="ProfileType">
- <xs:sequence>
- <xs:element name="Id" type="xs:token"/>
- <xs:element name="Location" type="xs:anyURI"/>
- </xs:sequence>
- </xs:complexType>
-</xs:schema>
diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.4.3.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-1.4.3.xsd
new file mode 100644
index 000000000..2b2f1d689
--- /dev/null
+++ b/spss/handbook/handbook/config/MOA-SPSS-config-1.4.3.xsd
@@ -0,0 +1,312 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ MOA SP/SS 1.4.3 Configuration Schema
+-->
+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+ <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xs:element name="MOAConfiguration">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Common" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Name" type="xs:string"/>
+ <xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+ <xs:element name="UserPIN" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SignatureCreation" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="KeyModules">
+ <xs:complexType>
+ <xs:choice maxOccurs="unbounded">
+ <xs:element name="HardwareKeyModule">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="Name" type="xs:string"/>
+ <xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+ <xs:element name="UserPIN" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SoftwareKeyModule">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="FileName" type="xs:string"/>
+ <xs:element name="Password" type="xs:string" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="KeyGroup" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="Key">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="KeyModuleId" type="xs:token"/>
+ <xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="KeyGroupMapping" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>
+ <xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="XMLDSig">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>
+ <xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SignatureVerification" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CertificateValidation">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="PathConstruction">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="AutoAddCertificates" type="xs:boolean" />
+ <xs:element
+ name="UseAuthorityInformationAccess"
+ type="xs:boolean" />
+ <xs:element
+ name="CertificateStore">
+ <xs:complexType>
+ <xs:choice>
+ <xs:element
+ name="DirectoryStore">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Location" type="xs:token" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="PathValidation">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="ChainingMode">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="DefaultMode"
+ type="config:ChainingModeType" />
+ <xs:element
+ name="TrustAnchor" minOccurs="0"
+ maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Identification"
+ type="dsig:X509IssuerSerialType" />
+ <xs:element
+ name="Mode" type="config:ChainingModeType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="TrustProfile"
+ maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Id" type="xs:token" />
+ <xs:element
+ name="TrustAnchorsLocation" type="xs:anyURI" />
+ <xs:element
+ name="SignerCertsLocation" type="xs:anyURI"
+ minOccurs="0" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="RevocationChecking">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="EnableChecking" type="xs:boolean" />
+ <xs:element
+ name="MaxRevocationAge" type="xs:integer" />
+ <xs:element name="ServiceOrder"
+ minOccurs="0">
+ <xs:complexType>
+ <xs:sequence
+ minOccurs="2" maxOccurs="2">
+ <xs:element
+ name="Service">
+ <xs:simpleType>
+ <xs:restriction
+ base="xs:token">
+ <xs:enumeration
+ value="OCSP" />
+ <xs:enumeration
+ value="CRL" />
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="Archiving">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="EnableArchiving" type="xs:boolean" />
+ <xs:element
+ name="ArchiveDuration"
+ type="xs:nonNegativeInteger" minOccurs="0" />
+ <xs:element
+ name="Archive" minOccurs="0">
+ <xs:complexType>
+ <xs:choice>
+ <xs:element
+ name="DatabaseArchive">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="JDBCURL" type="xs:anyURI" />
+ <xs:element
+ name="JDBCDriverClassName" type="xs:token" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element
+ name="DistributionPoint" minOccurs="0"
+ maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="CAIssuerDN" type="xs:token" />
+ <xs:choice
+ maxOccurs="unbounded">
+ <xs:element
+ name="CRLDP">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Location" type="xs:anyURI" />
+ <xs:element
+ name="ReasonCode" minOccurs="0"
+ maxOccurs="unbounded">
+ <xs:simpleType>
+ <xs:restriction
+ base="xs:token">
+ <xs:enumeration
+ value="unused" />
+ <xs:enumeration
+ value="keyCompromise" />
+ <xs:enumeration
+ value="cACompromise" />
+ <xs:enumeration
+ value="affiliationChanged" />
+ <xs:enumeration
+ value="superseded" />
+ <xs:enumeration
+ value="cessationOfOperation" />
+ <xs:enumeration
+ value="certificateHold" />
+ <xs:enumeration
+ value="privilegeWithdrawn" />
+ <xs:enumeration
+ value="aACompromise" />
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element
+ name="OCSPDP">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Location" type="xs:anyURI" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="VerifyTransformsInfoProfile"
+ type="config:ProfileType" minOccurs="0"
+ maxOccurs="unbounded" />
+ <xs:element name="SupplementProfile"
+ type="config:ProfileType" minOccurs="0"
+ maxOccurs="unbounded" />
+ <xs:element name="PermitFileURIs" type="xs:boolean" minOccurs="0" maxOccurs="1" default="false"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:simpleType name="ChainingModeType">
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="chaining"/>
+ <xs:enumeration value="pkix"/>
+ </xs:restriction>
+ </xs:simpleType>
+ <xs:complexType name="ProfileType">
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="Location" type="xs:anyURI"/>
+ </xs:sequence>
+ </xs:complexType>
+</xs:schema>
diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html
index 1bd968e96..a77a82b12 100644
--- a/spss/handbook/handbook/config/config.html
+++ b/spss/handbook/handbook/config/config.html
@@ -15,7 +15,7 @@
</tr>
</table>
<hr/>
- <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4</a></p>
+ <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.3</a></p>
<p class="subtitle">Konfiguration</p>
<hr/>
<h1>Inhalt</h1>
@@ -92,6 +92,7 @@
</li>
<li><a href="#konfigurationsparameter_sp_verifytransformsinfoprofile">Profil f&uuml;r Transformationen</a></li>
<li><a href="#konfigurationsparameter_sp_supplementprofile">Profil f&uuml;r Erg&auml;nzungsobjekte</a></li>
+ <li><a href="#konfigurationsparameter_sp_permitfileuris">file-URIs</a></li>
</ol>
</li>
</ol>
@@ -134,7 +135,7 @@
</tr>
</table>
<h2><a name="übersicht_zentraledatei" id="übersicht_zentraledatei"></a>1.2 Zentrale Konfigurationsdatei</h2>
- <p>Die Konfiguration von MOA SP/SS erfolgt zentral &uuml;ber eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema <a href="./MOA-SPSS-config-1.3.xsd">MOA-SPSS-config-1.3.xsd</a> entsprechen. <a href="#konfigurationsparameter">Abschnitt 2</a> erl&auml;utert die Konfigurationsm&ouml;glichkeiten im Einzelnen.</p>
+ <p>Die Konfiguration von MOA SP/SS erfolgt zentral &uuml;ber eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema <a href="./MOA-SPSS-config-1.4.3.xsd">MOA-SPSS-config-1.4.3.xsd</a> entsprechen. <a href="#konfigurationsparameter">Abschnitt 2</a> erl&auml;utert die Konfigurationsm&ouml;glichkeiten im Einzelnen.</p>
<h3><a name="&uuml;bersicht_zentraledatei_aktualisierung" id="&uuml;bersicht_zentraledatei_aktualisierung"></a>1.2.1
Aktualisierung auf das Format von MOA SP/SS 1.3</h3>
<p>Mit dem Wechsel auf Version 1.3 verwendet MOA SP/SS ein neues, &uuml;bersichtlicheres Format f&uuml;r die
@@ -984,6 +985,27 @@ als relativ zum Pfad jenes Verzeichnisses interpretiert werden, in dem die zentr
</ul></td>
</tr>
</table>
+ <h3><a name="konfigurationsparameter_sp_permitfileuris" id="konfigurationsparameter_sp_permitfileuris"></a>2.3.4 file-URIs</h3>
+ <table class="fixedWidth" border="1" cellpadding="2">
+ <tr>
+ <td>Name</td>
+ <td><code>cfg:SignatureVerification/cfg:PermitFileURIs</code></td>
+
+ </tr>
+ <tr>
+ <td>Gebrauch</td>
+ <td>Null mal oder einmal</td>
+ </tr>
+ <tr>
+ <td>Erl&auml;uterung</td>
+
+ <td><p>Der Inhalt dieses Elements vom Typ <code>xs:boolean</code> gibt an, ob file-URIs innerhalb von MOA-SP zugelassen werden sollen. In MOA-SS werden file-URIs strikt verboten.</p>
+ <p class="remark">Bitte beachten Sie: Das Erlauben von file-URIs birgt Sicherheitsrisikien. Eine Deaktivierung sollte nur in begr&uuml;ndeten Ausnahmef&auml;llen in Erw&auml;gung gezogen werden. </p>
+ <p class="remark">Bitte beachten Sie: Es werden keine file-URIs in Erg&auml;nzungsobjekten unterstützt.</p>
+ <p>Zul&auml;ssige Werte f&uuml;r diesen Parameter sind <code>true</code> oder <code>false</code>. Wird dieses Element nicht angegeben, so nimmt MOA den Wert <code>false</code> an.</p>
+ </td>
+ </tr>
+ </table>
<h1><a name="beispielkonfigurationen"></a>3 Beispielkonfigurationen</h1>
<h2><a name="beispielkonfigurationen_minss" id="beispielkonfigurationen_minss"></a>3.1 Minimale Konfiguration f&uuml;r MOA SS</h2>
<p>Nachfolgend finden Sie eine zentrale Konfigurationsdatei mit den minimal notwendigen Eintr&auml;gen f&uuml;r
diff --git a/spss/handbook/handbook/faq/faq.html b/spss/handbook/handbook/faq/faq.html
index 99072cb78..36484a2d0 100644
--- a/spss/handbook/handbook/faq/faq.html
+++ b/spss/handbook/handbook/faq/faq.html
@@ -15,7 +15,7 @@
</tr>
</table>
<hr/>
- <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4</a></p>
+ <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.3</a></p>
<p class="subtitle">FAQ</p>
<hr/>
<h1>Inhalt</h1>
diff --git a/spss/handbook/handbook/index.html b/spss/handbook/handbook/index.html
index 683f66501..11db2c816 100644
--- a/spss/handbook/handbook/index.html
+++ b/spss/handbook/handbook/index.html
@@ -16,7 +16,7 @@
</table>
<hr/>
<p class="title">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP) </p>
- <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 1.4 </p>
+ <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 1.4.3 </p>
<hr/>
<dl>
<dt><a href="./intro/intro.html">Einf&uuml;hrung</a></dt>
diff --git a/spss/handbook/handbook/install/install.html b/spss/handbook/handbook/install/install.html
index 82765751f..60589f733 100644
--- a/spss/handbook/handbook/install/install.html
+++ b/spss/handbook/handbook/install/install.html
@@ -15,7 +15,7 @@
</tr>
</table>
<hr/>
- <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4</a></p>
+ <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.3</a></p>
<p class="subtitle">Installation</p>
<hr/>
<h1>Inhalt</h1>
@@ -127,7 +127,7 @@
<dt>Installation von Apache Tomcat 4.1</dt>
<dd> Installieren Sie <a href="#referenziertesoftware">Apache Tomcat 4.1.18</a> oder h&ouml;her in ein Verzeichnis, das keine Leerzeichen im Pfadnamen enth&auml;lt. Wir empfehlen die Installation von <a href="#referenziertesoftware">Apache Tomcat 4.1.31</a>. Verwenden Sie bitte die zu Ihrem J2SE SDK passende Distribution von Tomcat. Das Wurzelverzeichnis der Tomcat-Installation wird im weiteren Verlauf als <code>$CATALINA_HOME</code> bezeichnet.</dd>
<dt>Entpacken der MOA SP/SS Webservice Distribution</dt>
- <dd> Entpacken Sie die Datei <code>moa-spss-1.4.0.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_SPSS_INST</code> bezeichnet. </dd>
+ <dd> Entpacken Sie die Datei <code>moa-spss-1.4.3.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_SPSS_INST</code> bezeichnet. </dd>
<dt>Installation der Krypographiebibliotheken von SIC/IAIK</dt>
<dd>
<p>Die Installation der Kryptographiebibliotheken von <a href="http://jce.iaik.tugraz.at/" target="_blank">SIC/IAIK</a>:</p>
@@ -380,7 +380,7 @@ INFO | 01 21:25:26,540 | Thread-3 | TID=1049225059594-100 NID=&lt;null&gt;
<dt>Installation von J2SE SDK</dt>
<dd>Installieren Sie<a href="#referenziertesoftware"> J2SE 1.4.x SDK</a> oder <a href="#referenziertesoftware">J2SE 5.0 SDK</a> in ein beliebiges Verzeichnis. Wir empfehlen die Installation von <a href="#referenziertesoftware">J2SE 5.0 SDK</a>. Das Wurzelverzeichnis der J2SE SDK Installation wird im weiteren Verlauf als <code>$JAVA_HOME</code> bezeichnet. </dd>
<dt>Entpacken der MOA SP/SS Klassenbibliotheks-Distribution</dt>
- <dd> Entpacken Sie die Datei <code>moa-spss-1.4.0-lib.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_SPSS_INST</code> bezeichnet. </dd>
+ <dd> Entpacken Sie die Datei <code>moa-spss-1.4.3-lib.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_SPSS_INST</code> bezeichnet. </dd>
<dt>Installation der Krypographiebibliotheken von SIC/IAIK</dt>
<dd>
<p>Die Installation der Kryptographiebibliotheken von <a href="http://jce.iaik.tugraz.at/" target="_blank">SIC/IAIK</a>:</p>
@@ -399,7 +399,7 @@ INFO | 01 21:25:26,540 | Thread-3 | TID=1049225059594-100 NID=&lt;null&gt;
</tr><tr>
<td>MOA SP/SS</td>
-<td>1.4.0&nbsp; </td>
+<td>1.4.3&nbsp; </td>
<td><code>moa-spss.jar</code>, <code>moa-common.jar</code></td>
</tr><tr>
<td>MOA IAIK</td>
diff --git a/spss/handbook/handbook/intro/intro.html b/spss/handbook/handbook/intro/intro.html
index c907a2e05..bc887e958 100644
--- a/spss/handbook/handbook/intro/intro.html
+++ b/spss/handbook/handbook/intro/intro.html
@@ -15,7 +15,7 @@
</tr>
</table>
<hr/>
- <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4</a></p>
+ <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.3</a></p>
<p class="subtitle">Einf&uuml;hrung</p>
<hr/>
<h1>Inhalt</h1>
diff --git a/spss/handbook/handbook/usage/usage.html b/spss/handbook/handbook/usage/usage.html
index ea7302fcb..95d3e49a0 100644
--- a/spss/handbook/handbook/usage/usage.html
+++ b/spss/handbook/handbook/usage/usage.html
@@ -15,7 +15,7 @@
</tr>
</table>
<hr/>
- <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4</a></p>
+ <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.3</a></p>
<p class="subtitle">Anwendung</p>
<hr/>
<h1>Inhalt</h1>
diff --git a/spss/server/history.txt b/spss/server/history.txt
index 18647a12b..9a0952355 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -2,11 +2,49 @@
1.4.3
##############
+- Unnötige Abhängigkeit zu JSSE-Implementierung von Sun wurden entfernt, welcher den Einsatz von MOA SP/SS in
+ Java-Laufzeitumgebungen anderer Hersteller als Sun (z.B. IBM) erschwert.
+
+- Ein Konfigurationsparameter für MOA SP wurde eingeführt (cfg:SignatureVerification/cfg:PermitFileURIs) welcher
+ file-URIs erlauben oder verbieten soll.
+
- Das Herauslösen des Verarbeitungsrequests aus dem SOAP-Request endete in einer
ClassCastException, wenn zwischen dem Body-Element des SOAP-Envelopes und dem
Request white spaces vorhanden sind bzw. dieses Element nicht unmittelbar nach
dem Body-Element steht. Das Herauslösen ist nun gegen white spaces robust.
+- Bei der Signaturverifikation (zusätzlich zu den bisherigen) folgende Algorithmen unterstützt:
+ 1. Added the following signature algorithms for XML signatures:
+ o http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
+ o http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
+ o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224
+ o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256
+ o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384
+ o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512
+ o http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160
+ 2. Added the following hash algorithms for XML signatures:
+ o http://www.w3.org/2001/04/xmldsig-more#sha224
+ o http://www.w3.org/2001/04/xmldsig-more#sha384
+ o http://www.w3.org/2001/04/xmlenc#sha512
+ 3. Added the following signature algorithms for verifying CMS signatures:
+ o SHA224withRSA
+ o SHA384withRSA
+ o SHA512withRSA
+ o SHA224withECDSA
+ o SHA256withECDSA
+ o SHA384withECDSA
+ o SHA512withECDSA
+ o RIPEMD160withECDSAPlain
+ 4. Added the following hash algorithms for CMS signatures:
+ o SHA-224
+ o SHA-384
+ o SHA-512
+
+- IAIK Libraries aktualisiert:
+ iaik-cms: Version 4.01_MOA
+ iaik-moa: Version 1.23
+ iaik-ecc: Version 2.16
+
##############
1.4.2
##############
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 14ceb71cd..327b66f54 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -190,7 +190,9 @@ public class ConfigurationPartsBuilder {
private static final String SUPPLEMENT_PROFILE_XPATH =
ROOT + CONF + "SignatureVerification/"
+ CONF + "SupplementProfile";
-
+ private static final String PERMIT_FILE_URIS_XPATH =
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "PermitFileURIs";
//
// default values for configuration parameters
//
@@ -1235,5 +1237,15 @@ public class ConfigurationPartsBuilder {
String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null);
return Boolean.valueOf(autoAdd).booleanValue();
}
-
+
+ /**
+ * Returns whether file URIs are permitted
+ * @return whether file URIs are permitted
+ */
+ public boolean getPermitFileURIs()
+ {
+ String permitFileURIs = getElementValue(getConfigElem(), PERMIT_FILE_URIS_XPATH, "false");
+ return Boolean.valueOf(permitFileURIs).booleanValue();
+ }
+
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 57f06326a..16bf153c9 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -206,7 +206,11 @@ public class ConfigurationProvider
* be used during certificate path construction.
*/
private boolean useAuthorityInfoAccess_;
-
+ /**
+ * Indicates whether file URIs are allowed or not
+ */
+ private boolean permitFileURIs;
+
/**
* Return the single instance of configuration data.
*
@@ -319,6 +323,7 @@ public class ConfigurationProvider
verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles();
supplementProfiles = builder.buildSupplementProfiles();
warnings = new ArrayList(builder.getWarnings());
+ permitFileURIs = builder.getPermitFileURIs();
} catch (Throwable t) {
throw new ConfigurationException("config.11", null, t);
} finally {
@@ -685,5 +690,13 @@ public class ConfigurationProvider
{
return useAuthorityInfoAccess_;
}
-
+
+ /**
+ * Returns whether the file URIs are permitted or not
+ * @return whether the file URIs are permitted or not
+ */
+ public boolean getPermitFileURIs()
+ {
+ return permitFileURIs;
+ }
} \ No newline at end of file
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
index fb3ff4931..2a35e5892 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -275,5 +275,12 @@ public class XMLSignatureCreationProfileImpl
public String getSignedPropertiesID() {
return propertyIDGenerator.uniqueId();
}
+
+ /**
+ * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getPermitFileURIs()
+ */
+ public boolean getPermitFileURIs() {
+ return false;
+ }
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
index 216596dc3..ab302388d 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
@@ -26,7 +26,8 @@ public class XMLSignatureVerificationProfileImpl
private boolean includeHashInputData;
/** Whether to include reference input data in the response. */
private boolean includeReferenceInputData;
-
+ /** Whether the file URIs are permitted */
+ private boolean permitFileURIs;
/**
* @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#checkSecurityLayerManifest()
*/
@@ -127,5 +128,21 @@ public class XMLSignatureVerificationProfileImpl
public void setIncludeReferenceInputData(boolean includeReferenceInputData) {
this.includeReferenceInputData = includeReferenceInputData;
}
-
+
+ /**
+ * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getPermitFileURIs()
+ */
+ public boolean getPermitFileURIs() {
+ return permitFileURIs;
+ }
+
+ /**
+ * Set whether the file URIs are permitted or not
+ *
+ * @param permitFileURIs whether the file URIs are permitted or not
+ */
+ public void setPermitFileURIs(boolean permitFileURIs)
+ {
+ this.permitFileURIs = permitFileURIs;
+ }
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index 4871ac4fe..42b1c7c3c 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -1,11 +1,6 @@
package at.gv.egovernment.moa.spss.server.init;
import java.io.IOException;
-import java.security.Security;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import org.apache.axis.AxisProperties;
import iaik.ixsil.init.IXSILInit;
@@ -42,7 +37,7 @@ public class SystemInitializer {
*/
public static void init() {
MessageProvider msg = MessageProvider.getInstance();
- ClassLoader cl = SystemInitializer.class.getClassLoader();
+
Thread archiveCleaner;
// set up the MOA SPSS logging hierarchy
@@ -51,25 +46,7 @@ public class SystemInitializer {
// set up a logging context for logging the startup
LoggingContextManager.getInstance().setLoggingContext(
new LoggingContext("startup"));
-
- // load some jsse classes so that the integrity of the jars can be verified
- // before the iaik jce is installed as the security provider
- // this workaround is only needed when sun jsse is used in conjunction with
- // iaik-jce (on jdk1.3)
- try {
- cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
- } catch (ClassNotFoundException e) {
- Logger.warn(msg.getMessage("init.03", null), e);
- }
-
- // set up SUN JSSE SSL
- Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
- System.setProperty(
- "java.protocol.handler.pkgs",
- "com.sun.net.ssl.internal.www.protocol");
- SSLSocketFactory.getDefault();
-
-
+
// AxisProperties.setProperty("enableNamespacePrefixOptimization","false");
// AxisProperties.setProperty("disablePrettyXML", "true");
// AxisProperties.setProperty("axis.doAutoTypes", "true");
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
index 5df13a337..1a8c72779 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
@@ -86,7 +86,9 @@ public class XMLSignatureVerificationProfileFactory {
} else {
profile.setTransformationSupplements(Collections.EMPTY_LIST);
}
-
+
+ profile.setPermitFileURIs(config.getPermitFileURIs());
+
return profile;
}