diff options
23 files changed, 1041 insertions, 303 deletions
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java index d82947e3f..887363fdd 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -77,11 +77,11 @@ public interface Constants { /** Local location of the MOA configuration XML schema definition. */ public static final String MOA_CONFIG_SCHEMA_LOCATION = - SCHEMA_ROOT + "MOA-SPSS-config-1.3.xsd"; + SCHEMA_ROOT + "MOA-SPSS-config-1.4.3.xsd"; /** Local location of the MOA ID configuration XML schema definition. */ public static final String MOA_ID_CONFIG_SCHEMA_LOCATION = - SCHEMA_ROOT + "MOA-ID-Configuration-1.4.3.xsd"; + SCHEMA_ROOT + "MOA-ID-Configuration-1.3.xsd"; /** URI of the Security Layer 1.0 namespace. */ public static final String SL10_NS_URI = diff --git a/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd new file mode 100644 index 000000000..2b2f1d689 --- /dev/null +++ b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd @@ -0,0 +1,312 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ MOA SP/SS 1.4.3 Configuration Schema
+-->
+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+ <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xs:element name="MOAConfiguration">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Common" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Name" type="xs:string"/>
+ <xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+ <xs:element name="UserPIN" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SignatureCreation" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="KeyModules">
+ <xs:complexType>
+ <xs:choice maxOccurs="unbounded">
+ <xs:element name="HardwareKeyModule">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="Name" type="xs:string"/>
+ <xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+ <xs:element name="UserPIN" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SoftwareKeyModule">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="FileName" type="xs:string"/>
+ <xs:element name="Password" type="xs:string" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="KeyGroup" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="Key">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="KeyModuleId" type="xs:token"/>
+ <xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="KeyGroupMapping" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>
+ <xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="XMLDSig">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>
+ <xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SignatureVerification" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CertificateValidation">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="PathConstruction">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="AutoAddCertificates" type="xs:boolean" />
+ <xs:element
+ name="UseAuthorityInformationAccess"
+ type="xs:boolean" />
+ <xs:element
+ name="CertificateStore">
+ <xs:complexType>
+ <xs:choice>
+ <xs:element
+ name="DirectoryStore">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Location" type="xs:token" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="PathValidation">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="ChainingMode">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="DefaultMode"
+ type="config:ChainingModeType" />
+ <xs:element
+ name="TrustAnchor" minOccurs="0"
+ maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Identification"
+ type="dsig:X509IssuerSerialType" />
+ <xs:element
+ name="Mode" type="config:ChainingModeType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="TrustProfile"
+ maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Id" type="xs:token" />
+ <xs:element
+ name="TrustAnchorsLocation" type="xs:anyURI" />
+ <xs:element
+ name="SignerCertsLocation" type="xs:anyURI"
+ minOccurs="0" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="RevocationChecking">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="EnableChecking" type="xs:boolean" />
+ <xs:element
+ name="MaxRevocationAge" type="xs:integer" />
+ <xs:element name="ServiceOrder"
+ minOccurs="0">
+ <xs:complexType>
+ <xs:sequence
+ minOccurs="2" maxOccurs="2">
+ <xs:element
+ name="Service">
+ <xs:simpleType>
+ <xs:restriction
+ base="xs:token">
+ <xs:enumeration
+ value="OCSP" />
+ <xs:enumeration
+ value="CRL" />
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="Archiving">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="EnableArchiving" type="xs:boolean" />
+ <xs:element
+ name="ArchiveDuration"
+ type="xs:nonNegativeInteger" minOccurs="0" />
+ <xs:element
+ name="Archive" minOccurs="0">
+ <xs:complexType>
+ <xs:choice>
+ <xs:element
+ name="DatabaseArchive">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="JDBCURL" type="xs:anyURI" />
+ <xs:element
+ name="JDBCDriverClassName" type="xs:token" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element
+ name="DistributionPoint" minOccurs="0"
+ maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="CAIssuerDN" type="xs:token" />
+ <xs:choice
+ maxOccurs="unbounded">
+ <xs:element
+ name="CRLDP">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Location" type="xs:anyURI" />
+ <xs:element
+ name="ReasonCode" minOccurs="0"
+ maxOccurs="unbounded">
+ <xs:simpleType>
+ <xs:restriction
+ base="xs:token">
+ <xs:enumeration
+ value="unused" />
+ <xs:enumeration
+ value="keyCompromise" />
+ <xs:enumeration
+ value="cACompromise" />
+ <xs:enumeration
+ value="affiliationChanged" />
+ <xs:enumeration
+ value="superseded" />
+ <xs:enumeration
+ value="cessationOfOperation" />
+ <xs:enumeration
+ value="certificateHold" />
+ <xs:enumeration
+ value="privilegeWithdrawn" />
+ <xs:enumeration
+ value="aACompromise" />
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element
+ name="OCSPDP">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Location" type="xs:anyURI" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="VerifyTransformsInfoProfile"
+ type="config:ProfileType" minOccurs="0"
+ maxOccurs="unbounded" />
+ <xs:element name="SupplementProfile"
+ type="config:ProfileType" minOccurs="0"
+ maxOccurs="unbounded" />
+ <xs:element name="PermitFileURIs" type="xs:boolean" minOccurs="0" maxOccurs="1" default="false"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:simpleType name="ChainingModeType">
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="chaining"/>
+ <xs:enumeration value="pkix"/>
+ </xs:restriction>
+ </xs:simpleType>
+ <xs:complexType name="ProfileType">
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="Location" type="xs:anyURI"/>
+ </xs:sequence>
+ </xs:complexType>
+</xs:schema>
diff --git a/spss/handbook/clients/webservice/conf/http.properties b/spss/handbook/clients/webservice/conf/http.properties index 22f2d2cda..a75f0dfa9 100644 --- a/spss/handbook/clients/webservice/conf/http.properties +++ b/spss/handbook/clients/webservice/conf/http.properties @@ -10,13 +10,12 @@ signServiceQName = SignatureCreation # Zugangspunkt des Webservices -signServiceEndPoint = http://localhost:8080/moa-spss/services/SignatureCreation -#signServiceEndPoint = https://localhost:8443/moa-spss/services/SignatureCreation +signServiceEndPoint = https://localhost:8443/moa-spss/services/SignatureCreation # Name des zu sendenden Signaturerstellungsrequests (entweder absolute # oder relative Pfadangabe; eine relative Pfadangabe wird relativ zum # Arbeitsverzeichnis der Java VM interpretiert) -signRequest = resources/requests/CreateXMLSignatureRequest.Simple.xml +#signRequest = resources/requests/CreateXMLSignatureRequest.Simple.xml #signRequest=resources/requests/CreateXMLSignatureRequest.Refs.xml #signRequest=resources/requests/CreateXMLSignatureRequest.Transforms.xml #signRequest=resources/requests/CreateXMLSignatureRequest.Supplements.xml @@ -30,8 +29,8 @@ signRequest = resources/requests/CreateXMLSignatureRequest.Simple.xml verifyServiceQName = SignatureVerification # Zugangspunkt des Webservices -verifyServiceEndPoint = http://localhost:8080/moa-spss/services/SignatureVerification -#verifyServiceEndPoint = https://localhost:8443/moa-spss/services/SignatureVerification + +verifyServiceEndPoint = https://localhost:8443/moa-spss/services/SignatureVerification # Name des zu sendenden Signaturprüfrequests (entweder absolute # oder relative Pfadangabe; eine relative Pfadangabe wird relativ zum @@ -43,6 +42,10 @@ verifyRequest=resources/requests/VerifyCMSSignatureRequest.Simple.xml #verifyRequest=resources/requests/VerifyXMLSignatureRequest.Supplements.xml #verifyRequest=resources/requests/VerifyXMLSignatureRequest.SigManifest.xml #verifyRequest=resources/requests/VerifyXMLSignatureRequest.XMLDSigManifest.xml +#verifyRequest=resources/requests/VerifyXMLSignatureRequest.FileURIs.xml +#verifyRequest=resources/requests/VerifyXMLSignatureRequest.FileURIs.DataObject.xml +#verifyRequest=resources/requests/VerifyXMLSignatureRequest.FileURIs.Supplements.xml +#verifyRequest=resources/requests/VerifyXMLSignatureRequest.FileURIs.ServerSupplements.xml # # JSSE-Konfiguration diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.DataObject.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.DataObject.xml new file mode 100644 index 000000000..5b4b61938 --- /dev/null +++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.DataObject.xml @@ -0,0 +1,82 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<VerifyXMLSignatureRequest
+ xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#"
+ xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/20020822# file:D:/_java/moa-idspss/trunk/common/src/main/resources/resources/schemas/MOA-SPSS-1.3.xsd
+ http://www.w3.org/2000/09/xmldsig# http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd">
+ <VerifySignatureInfo>
+ <VerifySignatureEnvironment>
+ <XMLContent>
+ <dsig:Signature Id="signature-1-1"
+ xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod
+ Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <dsig:SignatureMethod
+ Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" />
+ <dsig:Reference
+ Type="http://www.w3.org/2000/09/xmldsig#Manifest"
+ URI="#dsig-manifest-1-1">
+ <dsig:DigestMethod
+ Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue>
+ XRuYnuRTOAInpu8TzwDWn9Er4/Y=
+ </dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>
+ O3/U4zcVG6BOdc2C/m09xe+vxGhp6TKz7lEukgjINsc1o1Bvdelo77T8cEG/muYd
+ </dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:X509Data>
+ <dsig:X509Certificate>
+ MIIELjCCAxagAwIBAgIBEzANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJBVDEQ
+ MA4GA1UEChMHVFUgR3JhejENMAsGA1UECxMERUdJWjEUMBIGA1UEAxMLTU9BIFRl
+ c3QgQ0EwHhcNMDcwODIzMTM1ODU0WhcNMTIwODIzMTM1ODU0WjBpMQswCQYDVQQG
+ EwJBVDEQMA4GA1UEChMHVFUgR1JBWjENMAsGA1UECxMERUdJWjE5MDcGA1UEAxMw
+ VGVzdCBTaWduYXR1cmRpZW5zdCBhbGxlciBLdW5kZW46IEVDRFNBIChQMTkydjEp
+ MIHzMIG8BgcqhkjOPQIBMIGwAgEBMCQGByqGSM49AQECGQD/////////////////
+ ///+//////////8wNAQY/////////////////////v/////////8BBhkIQUZ5ZyA
+ 5w+n6atyJDBJ/rje7MFGubEEMQQYjagOsDCQ9ny/IOtDoYgA9P8K/YL/EBIHGSuV
+ /8jaeGMQEe1rJM3Vc/l3oR55SBECGQD///////////////+Z3vg2FGvJsbTSKDEC
+ AQEDMgAExf78b6N6BUhK+FHmunDUCQefSxpQmC6m4yq/+pqdDMJalTWATFhQwZqE
+ qSMXJ2Tqo4IBNDCCATAwDgYDVR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYD
+ VR0OBBYEFBrwapQSMwabwPPOijtgOu3iNlt3MHAGA1UdIARpMGcwZQYMKwYBBAGV
+ EgECewEBMFUwUwYIKwYBBQUHAgIwRxpFVGhpcyBjZXJ0aWZpY2F0ZSBvbmx5IG1h
+ eSBiZSB1c2VkIGZvciBkZW1vbnN0cmF0aW9uIGFuZCB0ZXN0IHB1cnBvc2VzMEYG
+ A1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9tb2EtaWRzcHNzLmVnb3ZsYWJzLmd2LmF0
+ L2NybHMvbW9hLXRlc3QtY2EuY3JsMBYGByooAAoBAQEECxMJRUdJWi1UZXN0MB8G
+ A1UdIwQYMBaAFFKXvB3Ugd6H51ClcBGdjhYJNiRSMA0GCSqGSIb3DQEBBQUAA4IB
+ AQB60RLi9zIwF/Rmy/Wo0yf1/ZktElIt91vfBsXlpgLJ4Q6ol/4hTjMJ4FIa8GOl
+ 0b9dIkEe+WGq77JFJVgltsRoJfQBSvnK9jdLfB5YJD0ETDnMdckBV+RsxkEtl5Lr
+ IrT6vExyJUAWz15XJiHgkYZncJCBTy1oh8f3V8cR1VZYwO4QBRDwRdVdZsaL5PME
+ vvLrcAMJhF5fS4AiqMex2Eh2kav5t6/I5bmB4CKEe+0+dPO8DGl7areEfzQEPd8p
+ jkkX5PnxriQvZfgVzwrdXGDqMTnBNaRtCGMiQU/0kp21a6BVtT4am27yr9p3ddhl
+ z7sJ4Z6ys1bwB0on/O65tdn7
+ </dsig:X509Certificate>
+ </dsig:X509Data>
+ </dsig:KeyInfo>
+ <dsig:Object>
+ <dsig:Manifest Id="dsig-manifest-1-1">
+ <dsig:Reference Id="reference-1-1"
+ URI="file:referencedData/Text.txt">
+ <dsig:DigestMethod
+ Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue>
+ TrE7WPVlNnBf1dh9PRiZdwpTaxs=
+ </dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:Manifest>
+ </dsig:Object>
+ </dsig:Signature>
+ </XMLContent>
+ </VerifySignatureEnvironment>
+ <VerifySignatureLocation
+ xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ /dsig:Signature
+ </VerifySignatureLocation>
+ </VerifySignatureInfo>
+ <TrustProfileID>Test-Signaturdienste</TrustProfileID>
+</VerifyXMLSignatureRequest>
+
diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.ServerSupplements.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.ServerSupplements.xml new file mode 100644 index 000000000..4b9fa43fe --- /dev/null +++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.ServerSupplements.xml @@ -0,0 +1,66 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<VerifyXMLSignatureRequest
+ xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#"
+ xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/20020822# file:D:/_java/moa-idspss/trunk/common/src/main/resources/resources/schemas/MOA-SPSS-1.3.xsd
+ http://www.w3.org/2000/09/xmldsig# http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd">
+ <VerifySignatureInfo>
+ <VerifySignatureEnvironment>
+ <XMLContent>
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="signature-1208432475-242867937-18096">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
+ <dsig:Reference Id="signed-data-reference-0-1208432475-242867937-22960" URI="urn:Document">
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>te0YD8LFaK3JLQV8cL69DPnFRLc=</dsig:DigestValue>
+ </dsig:Reference>
+ <dsig:Reference Id="etsi-data-reference-0-1208432475-242867937-11431" Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-data-object-0-1208432475-242867937-12332')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)">
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>2M9g7DopnXtz86dkz+7yk5SHSHo=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>Ti3ckR8eq4D0mUhb+ylUFhIYn7mfUHTc2AjTys4oaq4gFkXvQlQI41Iggp40c916</dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:X509Data>
+ <dsig:X509Certificate>MIIDlzCCAf+gAwIBAgIRMrFTcaHacn5T5kRFML4Ck6swDQYJKoZIhvcNAQEFBQAwTTESMBAGA1UEAwwJVlNpZyBDQSAyMSowKAYDVQQKDCFIYXVwdHZlcmJhbmQgw7ZzdGVyci4gU296aWFsdmVycy4xCzAJBgNVBAYTAkFUMB4XDTA2MDEyMDA1MTExMVoXDTExMDEyMDA1MTExMVowXzEVMBMGA1UEAwwMRGF2aWQgRmVyYmFzMSowKAYDVQQKDCFIYXVwdHZlcmJhbmQgw7ZzdGVyci4gU296aWFsdmVycy4xDTALBgNVBAsMBFZTaWcxCzAJBgNVBAYTAkFUMEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEc7ESyZ4IdIM9UDtze29i0IqfCbwWSODfCF8bTiXxdJZLWZOE0eqwL2ybWVTEmCXDo4G6MIG3MBMGA1UdIwQMMAqACEhpdVw8ryMqMBEGA1UdDgQKBAhP473ttlxOBjAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0gBA8wDTALBgkqKAAKAQQBZgAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5lY2FyZC5zb3ppYWx2ZXJzaWNoZXJ1bmcuYXQwIAYDVR0RBBkwF4EVZGF2aWQuZmVyYmFzQGlub2RlLmF0MA0GCSqGSIb3DQEBBQUAA4IBgQAu74FsENLTC9kqN4UVEX+pJz4ckOjAI8NbzCEvHgDqfpXmjZKA+8354fE6hsCd8uCJWCJ36ig2cMcOjGJrW+4YExYFRpiq1U2u9N1eKEj7j1oQzNZw4lotDxMFHnzd5WBjXjWekgy3uWkFhqE+NvQtauNtRiR3kg2jMt4MmcjZpck3WoTibrV9sMOzyM8L4y3HdDix97aWTefqxJ28IF9Anuk/uNGu74KcuJjYuIZx7q1ULsuXEs/HJMxU2/9lcT6lRhsp5VE0Z0/zOWdenQYUBscdbNrEDg3gmGU9T7SuxNQfHRLQ1OGzjolJL7kvhsRiK/l7pBtGAt2oPO6OKbLgWhW/6DEYJqnUrScQCli34EVDFC8W9yOBq3BHHZCQOzGgYtxtpI2QzCHLMGEwaxdFAYQp9pVBnX7HGbPqhq2r5osDlcyJDLO9uYW+63CTCVIeJ9018OxvOxNNvb6JzunW/oQAVMj+vTiR4GE74A0qVbuYd0fvEvc47J1q6++QlKc=</dsig:X509Certificate>
+ </dsig:X509Data>
+ </dsig:KeyInfo>
+ <dsig:Object Id="etsi-data-object-0-1208432475-242867937-12332">
+ <etsi:QualifyingProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" Target="#signature-1208432475-242867937-18096">
+ <etsi:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#">
+ <etsi:SignedSignatureProperties>
+ <etsi:SigningTime>2008-04-17T11:41:15Z</etsi:SigningTime>
+ <etsi:SigningCertificate>
+ <etsi:Cert>
+ <etsi:CertDigest>
+ <etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <etsi:DigestValue>RREWB1U7AWw/Xy+QkwfAiityVDs=</etsi:DigestValue>
+ </etsi:CertDigest>
+ <etsi:IssuerSerial>
+ <dsig:X509IssuerName>C=AT,O=Hauptverband österr. Sozialvers.,CN=VSig CA 2</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>17249824966675737197051526866457224975275</dsig:X509SerialNumber>
+ </etsi:IssuerSerial>
+ </etsi:Cert>
+ </etsi:SigningCertificate>
+ <etsi:SignaturePolicyIdentifier>
+ <etsi:SignaturePolicyImplied/>
+ </etsi:SignaturePolicyIdentifier>
+ </etsi:SignedSignatureProperties>
+ <etsi:SignedDataObjectProperties>
+ <etsi:DataObjectFormat ObjectReference="#signed-data-reference-0-1208432475-242867937-22960">
+ <etsi:MimeType>text/plain</etsi:MimeType>
+ </etsi:DataObjectFormat>
+ </etsi:SignedDataObjectProperties>
+ </etsi:SignedProperties>
+ </etsi:QualifyingProperties>
+ </dsig:Object>
+ </dsig:Signature>
+ </XMLContent>
+ </VerifySignatureEnvironment>
+ <VerifySignatureLocation xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">/dsig:Signature</VerifySignatureLocation>
+ </VerifySignatureInfo>
+ <SupplementProfileID>testID</SupplementProfileID>
+ <TrustProfileID>certifiedSignature+Test</TrustProfileID>
+</VerifyXMLSignatureRequest>
diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.Supplements.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.Supplements.xml new file mode 100644 index 000000000..27929cefd --- /dev/null +++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.Supplements.xml @@ -0,0 +1,70 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<VerifyXMLSignatureRequest
+ xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#"
+ xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/20020822# file:D:/_java/moa-idspss/trunk/common/src/main/resources/resources/schemas/MOA-SPSS-1.3.xsd
+ http://www.w3.org/2000/09/xmldsig# http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd">
+ <VerifySignatureInfo>
+ <VerifySignatureEnvironment>
+ <XMLContent>
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="signature-1208432475-242867937-18096">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
+ <dsig:Reference Id="signed-data-reference-0-1208432475-242867937-22960" URI="urn:Document">
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>te0YD8LFaK3JLQV8cL69DPnFRLc=</dsig:DigestValue>
+ </dsig:Reference>
+ <dsig:Reference Id="etsi-data-reference-0-1208432475-242867937-11431" Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-data-object-0-1208432475-242867937-12332')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)">
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>2M9g7DopnXtz86dkz+7yk5SHSHo=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>Ti3ckR8eq4D0mUhb+ylUFhIYn7mfUHTc2AjTys4oaq4gFkXvQlQI41Iggp40c916</dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:X509Data>
+ <dsig:X509Certificate>MIIDlzCCAf+gAwIBAgIRMrFTcaHacn5T5kRFML4Ck6swDQYJKoZIhvcNAQEFBQAwTTESMBAGA1UEAwwJVlNpZyBDQSAyMSowKAYDVQQKDCFIYXVwdHZlcmJhbmQgw7ZzdGVyci4gU296aWFsdmVycy4xCzAJBgNVBAYTAkFUMB4XDTA2MDEyMDA1MTExMVoXDTExMDEyMDA1MTExMVowXzEVMBMGA1UEAwwMRGF2aWQgRmVyYmFzMSowKAYDVQQKDCFIYXVwdHZlcmJhbmQgw7ZzdGVyci4gU296aWFsdmVycy4xDTALBgNVBAsMBFZTaWcxCzAJBgNVBAYTAkFUMEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEc7ESyZ4IdIM9UDtze29i0IqfCbwWSODfCF8bTiXxdJZLWZOE0eqwL2ybWVTEmCXDo4G6MIG3MBMGA1UdIwQMMAqACEhpdVw8ryMqMBEGA1UdDgQKBAhP473ttlxOBjAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0gBA8wDTALBgkqKAAKAQQBZgAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5lY2FyZC5zb3ppYWx2ZXJzaWNoZXJ1bmcuYXQwIAYDVR0RBBkwF4EVZGF2aWQuZmVyYmFzQGlub2RlLmF0MA0GCSqGSIb3DQEBBQUAA4IBgQAu74FsENLTC9kqN4UVEX+pJz4ckOjAI8NbzCEvHgDqfpXmjZKA+8354fE6hsCd8uCJWCJ36ig2cMcOjGJrW+4YExYFRpiq1U2u9N1eKEj7j1oQzNZw4lotDxMFHnzd5WBjXjWekgy3uWkFhqE+NvQtauNtRiR3kg2jMt4MmcjZpck3WoTibrV9sMOzyM8L4y3HdDix97aWTefqxJ28IF9Anuk/uNGu74KcuJjYuIZx7q1ULsuXEs/HJMxU2/9lcT6lRhsp5VE0Z0/zOWdenQYUBscdbNrEDg3gmGU9T7SuxNQfHRLQ1OGzjolJL7kvhsRiK/l7pBtGAt2oPO6OKbLgWhW/6DEYJqnUrScQCli34EVDFC8W9yOBq3BHHZCQOzGgYtxtpI2QzCHLMGEwaxdFAYQp9pVBnX7HGbPqhq2r5osDlcyJDLO9uYW+63CTCVIeJ9018OxvOxNNvb6JzunW/oQAVMj+vTiR4GE74A0qVbuYd0fvEvc47J1q6++QlKc=</dsig:X509Certificate>
+ </dsig:X509Data>
+ </dsig:KeyInfo>
+ <dsig:Object Id="etsi-data-object-0-1208432475-242867937-12332">
+ <etsi:QualifyingProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" Target="#signature-1208432475-242867937-18096">
+ <etsi:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#">
+ <etsi:SignedSignatureProperties>
+ <etsi:SigningTime>2008-04-17T11:41:15Z</etsi:SigningTime>
+ <etsi:SigningCertificate>
+ <etsi:Cert>
+ <etsi:CertDigest>
+ <etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <etsi:DigestValue>RREWB1U7AWw/Xy+QkwfAiityVDs=</etsi:DigestValue>
+ </etsi:CertDigest>
+ <etsi:IssuerSerial>
+ <dsig:X509IssuerName>C=AT,O=Hauptverband österr. Sozialvers.,CN=VSig CA 2</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>17249824966675737197051526866457224975275</dsig:X509SerialNumber>
+ </etsi:IssuerSerial>
+ </etsi:Cert>
+ </etsi:SigningCertificate>
+ <etsi:SignaturePolicyIdentifier>
+ <etsi:SignaturePolicyImplied/>
+ </etsi:SignaturePolicyIdentifier>
+ </etsi:SignedSignatureProperties>
+ <etsi:SignedDataObjectProperties>
+ <etsi:DataObjectFormat ObjectReference="#signed-data-reference-0-1208432475-242867937-22960">
+ <etsi:MimeType>text/plain</etsi:MimeType>
+ </etsi:DataObjectFormat>
+ </etsi:SignedDataObjectProperties>
+ </etsi:SignedProperties>
+ </etsi:QualifyingProperties>
+ </dsig:Object>
+ </dsig:Signature>
+ </XMLContent>
+ </VerifySignatureEnvironment>
+ <VerifySignatureLocation xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">/dsig:Signature</VerifySignatureLocation>
+ </VerifySignatureInfo>
+ <SupplementProfile>
+ <Content Reference="urn:Document">
+ <LocRefContent>file:D:/Programme/apache-tomcat-5.5.26/webapps/referencedData/enno-sp.pdf_bku_sign_out.pdf</LocRefContent>
+ </Content>
+ </SupplementProfile>
+ <TrustProfileID>certifiedSignature+Test</TrustProfileID>
+</VerifyXMLSignatureRequest>
diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.xml new file mode 100644 index 000000000..fc67859ba --- /dev/null +++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.xml @@ -0,0 +1,58 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<VerifyXMLSignatureRequest
+ xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <VerifySignatureInfo>
+ <VerifySignatureEnvironment>
+ <XMLContent>
+ <dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" />
+ <dsig:Reference Id="reference-1-1" URI="file:../conf/server.xml">
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue>tLODyeiWFbAkQKwhrR23jtcgu4k=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>
+ VEjXB6+geUL16oTPDVx5lcQliGl/oyVobug3BVxVwhu8CU7WK65moTcTuo/CL2hQ
+ </dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:X509Data>
+ <dsig:X509Certificate>
+ MIID+DCCA2WgAwIBAgIBCTAJBgUrDgMCHQUAMH8xCzAJBgNVBAYTAkFUMSwwKgYD
+ VQQKEyNTdGFic3RlbGxlIElLVC1TdHJhdGVnaWUgZGVzIEJ1bmRlczEeMBwGA1UE
+ CxMVVGVjaG5payB1bmQgU3RhbmRhcmRzMSIwIAYDVQQDExlUZXN0IENBIC0gU2ln
+ bmF0dXJkaWVuc3RlMB4XDTA0MDgwNDA4MjM0OFoXDTA3MDgwNDA4MjM0OFowgZgx
+ CzAJBgNVBAYTAkFUMS0wKwYDVQQKEyRTdGFic3N0ZWxsZSBJS1QtU3RyYXRlZ2ll
+ IGRlcyBCdW5kZXMxHjAcBgNVBAsTFVRlY2huaWsgdW5kIFN0YW5kYXJkczE6MDgG
+ A1UEAxMxVGVzdDogU2lnbmF0dXJkaWVuc3QgYWxsZXIgS3VuZGVuOiBFQ0RTQSAo
+ UDE5MnYxKTCB8zCBvAYHKoZIzj0CATCBsAIBATAkBgcqhkjOPQEBAhkA////////
+ /////////////v//////////MDQEGP////////////////////7//////////AQY
+ ZCEFGeWcgOcPp+mrciQwSf643uzBRrmxBDEEGI2oDrAwkPZ8vyDrQ6GIAPT/Cv2C
+ /xASBxkrlf/I2nhjEBHtayTN1XP5d6EeeUgRAhkA////////////////md74NhRr
+ ybG00igxAgEBAzIABNHWY9lQOE1zgmpcpjTg2WIg6qgEsGhpXELPinJoMPDVheTv
+ 2BZPG42YJsNfvWgC06OCARwwggEYMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8E
+ AjAAMB0GA1UdDgQWBBRHH5EXnrWosCmIa+JyEM5seMxFVzBdBgNVHSAEVjBUMFIG
+ DCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0
+ IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2VlaWduZXQuMEMGA1UdHwQ8MDowOKA2
+ oDSGMmh0dHA6Ly9sYWJzLmNpby5ndi5hdC90ZW1wL2NybHMvc2lnbmF0dXJkaWVu
+ c3QuY3JsMBQGByooAAoBAQEECQwHQktBLUlLVDAfBgNVHSMEGDAWgBRAl0P5fWaw
+ vf59+uxGcYY9wffZPTAJBgUrDgMCHQUAA4GBAIMKUsnajgfBtpHeDdMdQMLA8fdt
+ lluezDOM78WYYSFURP04QZk5iHkShzptgZCF5Y/T4an3dC3SnytL67LJvEoKUyja
+ iTMLo7650xRTvAjTaMJ+nly/wTRYJKplOLXKWj3WwfObMHXdsDE8NJmpJSRE7Sw7
+ +tj+UiTiNNSaXirq
+ </dsig:X509Certificate>
+ </dsig:X509Data>
+ </dsig:KeyInfo>
+ </dsig:Signature>
+ </XMLContent>
+ </VerifySignatureEnvironment>
+ <VerifySignatureLocation xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">/dsig:Signature</VerifySignatureLocation>
+ </VerifySignatureInfo>
+ <SignatureManifestCheckParams ReturnReferenceInputData="true">
+ <ReferenceInfo>
+ <VerifyTransformsInfoProfile />
+ </ReferenceInfo>
+ </SignatureManifestCheckParams>
+ <TrustProfileID>Test-Signaturdienste</TrustProfileID>
+</VerifyXMLSignatureRequest>
\ No newline at end of file diff --git a/spss/handbook/conf/moa-spss/spss.config.xml b/spss/handbook/conf/moa-spss/spss.config.xml index 8e167af57..9f79c5a19 100644 --- a/spss/handbook/conf/moa-spss/spss.config.xml +++ b/spss/handbook/conf/moa-spss/spss.config.xml @@ -145,5 +145,6 @@ </cfg:Archiving> </cfg:RevocationChecking> </cfg:CertificateValidation> + <cfg:PermitFileURIs>false</cfg:PermitFileURIs> </cfg:SignatureVerification> </cfg:MOAConfiguration> diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.3.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-1.3.xsd deleted file mode 100644 index 1521b4f1b..000000000 --- a/spss/handbook/handbook/config/MOA-SPSS-config-1.3.xsd +++ /dev/null @@ -1,254 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?>
-<!--
- MOA SP/SS 1.3 Configuration Schema
--->
-<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">
- <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
- <xs:element name="MOAConfiguration">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Common" minOccurs="0">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Name" type="xs:string"/>
- <xs:element name="SlotId" type="xs:string" minOccurs="0"/>
- <xs:element name="UserPIN" type="xs:string"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="SignatureCreation" minOccurs="0">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="KeyModules">
- <xs:complexType>
- <xs:choice maxOccurs="unbounded">
- <xs:element name="HardwareKeyModule">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Id" type="xs:token"/>
- <xs:element name="Name" type="xs:string"/>
- <xs:element name="SlotId" type="xs:string" minOccurs="0"/>
- <xs:element name="UserPIN" type="xs:string"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="SoftwareKeyModule">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Id" type="xs:token"/>
- <xs:element name="FileName" type="xs:string"/>
- <xs:element name="Password" type="xs:string" minOccurs="0"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:choice>
- </xs:complexType>
- </xs:element>
- <xs:element name="KeyGroup" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Id" type="xs:token"/>
- <xs:sequence maxOccurs="unbounded">
- <xs:element name="Key">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="KeyModuleId" type="xs:token"/>
- <xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="KeyGroupMapping" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>
- <xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="XMLDSig">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>
- <xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="SignatureVerification" minOccurs="0">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="CertificateValidation">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="PathConstruction">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="AutoAddCertificates" type="xs:boolean"/>
- <xs:element name="UseAuthorityInformationAccess" type="xs:boolean"/>
- <xs:element name="CertificateStore">
- <xs:complexType>
- <xs:choice>
- <xs:element name="DirectoryStore">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Location" type="xs:token"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:choice>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="PathValidation">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="ChainingMode">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="DefaultMode" type="config:ChainingModeType"/>
- <xs:element name="TrustAnchor" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Identification" type="dsig:X509IssuerSerialType"/>
- <xs:element name="Mode" type="config:ChainingModeType"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="TrustProfile" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Id" type="xs:token"/>
- <xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>
- <xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="RevocationChecking">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="EnableChecking" type="xs:boolean"/>
- <xs:element name="MaxRevocationAge" type="xs:integer"/>
- <xs:element name="ServiceOrder" minOccurs="0">
- <xs:complexType>
- <xs:sequence minOccurs="2" maxOccurs="2">
- <xs:element name="Service">
- <xs:simpleType>
- <xs:restriction base="xs:token">
- <xs:enumeration value="OCSP"/>
- <xs:enumeration value="CRL"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="Archiving">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="EnableArchiving" type="xs:boolean"/>
- <xs:element name="ArchiveDuration" type="xs:nonNegativeInteger" minOccurs="0"/>
- <xs:element name="Archive" minOccurs="0">
- <xs:complexType>
- <xs:choice>
- <xs:element name="DatabaseArchive">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="JDBCURL" type="xs:anyURI"/>
- <xs:element name="JDBCDriverClassName" type="xs:token"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:choice>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="DistributionPoint" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="CAIssuerDN" type="xs:token"/>
- <xs:choice maxOccurs="unbounded">
- <xs:element name="CRLDP">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="IndirectCRLIssuer" type="xs:string" minOccurs="0" maxOccurs="1"/>
- <xs:element name="Location" type="xs:anyURI"/>
- <xs:element name="ReasonCode" minOccurs="0" maxOccurs="unbounded">
- <xs:simpleType>
- <xs:restriction base="xs:token">
- <xs:enumeration value="unused"/>
- <xs:enumeration value="keyCompromise"/>
- <xs:enumeration value="cACompromise"/>
- <xs:enumeration value="affiliationChanged"/>
- <xs:enumeration value="superseded"/>
- <xs:enumeration value="cessationOfOperation"/>
- <xs:enumeration value="certificateHold"/>
- <xs:enumeration value="privilegeWithdrawn"/>
- <xs:enumeration value="aACompromise"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="OCSPDP">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Location" type="xs:anyURI"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:choice>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="VerifyTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element name="SupplementProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:simpleType name="ChainingModeType">
- <xs:restriction base="xs:string">
- <xs:enumeration value="chaining"/>
- <xs:enumeration value="pkix"/>
- </xs:restriction>
- </xs:simpleType>
- <xs:complexType name="ProfileType">
- <xs:sequence>
- <xs:element name="Id" type="xs:token"/>
- <xs:element name="Location" type="xs:anyURI"/>
- </xs:sequence>
- </xs:complexType>
-</xs:schema>
diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.4.3.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-1.4.3.xsd new file mode 100644 index 000000000..2b2f1d689 --- /dev/null +++ b/spss/handbook/handbook/config/MOA-SPSS-config-1.4.3.xsd @@ -0,0 +1,312 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ MOA SP/SS 1.4.3 Configuration Schema
+-->
+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+ <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xs:element name="MOAConfiguration">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Common" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Name" type="xs:string"/>
+ <xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+ <xs:element name="UserPIN" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SignatureCreation" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="KeyModules">
+ <xs:complexType>
+ <xs:choice maxOccurs="unbounded">
+ <xs:element name="HardwareKeyModule">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="Name" type="xs:string"/>
+ <xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+ <xs:element name="UserPIN" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SoftwareKeyModule">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="FileName" type="xs:string"/>
+ <xs:element name="Password" type="xs:string" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="KeyGroup" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="Key">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="KeyModuleId" type="xs:token"/>
+ <xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="KeyGroupMapping" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>
+ <xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="XMLDSig">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>
+ <xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SignatureVerification" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CertificateValidation">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="PathConstruction">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="AutoAddCertificates" type="xs:boolean" />
+ <xs:element
+ name="UseAuthorityInformationAccess"
+ type="xs:boolean" />
+ <xs:element
+ name="CertificateStore">
+ <xs:complexType>
+ <xs:choice>
+ <xs:element
+ name="DirectoryStore">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Location" type="xs:token" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="PathValidation">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="ChainingMode">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="DefaultMode"
+ type="config:ChainingModeType" />
+ <xs:element
+ name="TrustAnchor" minOccurs="0"
+ maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Identification"
+ type="dsig:X509IssuerSerialType" />
+ <xs:element
+ name="Mode" type="config:ChainingModeType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="TrustProfile"
+ maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Id" type="xs:token" />
+ <xs:element
+ name="TrustAnchorsLocation" type="xs:anyURI" />
+ <xs:element
+ name="SignerCertsLocation" type="xs:anyURI"
+ minOccurs="0" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="RevocationChecking">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="EnableChecking" type="xs:boolean" />
+ <xs:element
+ name="MaxRevocationAge" type="xs:integer" />
+ <xs:element name="ServiceOrder"
+ minOccurs="0">
+ <xs:complexType>
+ <xs:sequence
+ minOccurs="2" maxOccurs="2">
+ <xs:element
+ name="Service">
+ <xs:simpleType>
+ <xs:restriction
+ base="xs:token">
+ <xs:enumeration
+ value="OCSP" />
+ <xs:enumeration
+ value="CRL" />
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="Archiving">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="EnableArchiving" type="xs:boolean" />
+ <xs:element
+ name="ArchiveDuration"
+ type="xs:nonNegativeInteger" minOccurs="0" />
+ <xs:element
+ name="Archive" minOccurs="0">
+ <xs:complexType>
+ <xs:choice>
+ <xs:element
+ name="DatabaseArchive">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="JDBCURL" type="xs:anyURI" />
+ <xs:element
+ name="JDBCDriverClassName" type="xs:token" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element
+ name="DistributionPoint" minOccurs="0"
+ maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="CAIssuerDN" type="xs:token" />
+ <xs:choice
+ maxOccurs="unbounded">
+ <xs:element
+ name="CRLDP">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Location" type="xs:anyURI" />
+ <xs:element
+ name="ReasonCode" minOccurs="0"
+ maxOccurs="unbounded">
+ <xs:simpleType>
+ <xs:restriction
+ base="xs:token">
+ <xs:enumeration
+ value="unused" />
+ <xs:enumeration
+ value="keyCompromise" />
+ <xs:enumeration
+ value="cACompromise" />
+ <xs:enumeration
+ value="affiliationChanged" />
+ <xs:enumeration
+ value="superseded" />
+ <xs:enumeration
+ value="cessationOfOperation" />
+ <xs:enumeration
+ value="certificateHold" />
+ <xs:enumeration
+ value="privilegeWithdrawn" />
+ <xs:enumeration
+ value="aACompromise" />
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element
+ name="OCSPDP">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element
+ name="Location" type="xs:anyURI" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="VerifyTransformsInfoProfile"
+ type="config:ProfileType" minOccurs="0"
+ maxOccurs="unbounded" />
+ <xs:element name="SupplementProfile"
+ type="config:ProfileType" minOccurs="0"
+ maxOccurs="unbounded" />
+ <xs:element name="PermitFileURIs" type="xs:boolean" minOccurs="0" maxOccurs="1" default="false"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:simpleType name="ChainingModeType">
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="chaining"/>
+ <xs:enumeration value="pkix"/>
+ </xs:restriction>
+ </xs:simpleType>
+ <xs:complexType name="ProfileType">
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="Location" type="xs:anyURI"/>
+ </xs:sequence>
+ </xs:complexType>
+</xs:schema>
diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html index 1bd968e96..a77a82b12 100644 --- a/spss/handbook/handbook/config/config.html +++ b/spss/handbook/handbook/config/config.html @@ -15,7 +15,7 @@ </tr> </table> <hr/> - <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4</a></p> + <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.3</a></p> <p class="subtitle">Konfiguration</p> <hr/> <h1>Inhalt</h1> @@ -92,6 +92,7 @@ </li> <li><a href="#konfigurationsparameter_sp_verifytransformsinfoprofile">Profil für Transformationen</a></li> <li><a href="#konfigurationsparameter_sp_supplementprofile">Profil für Ergänzungsobjekte</a></li> + <li><a href="#konfigurationsparameter_sp_permitfileuris">file-URIs</a></li> </ol> </li> </ol> @@ -134,7 +135,7 @@ </tr> </table> <h2><a name="übersicht_zentraledatei" id="übersicht_zentraledatei"></a>1.2 Zentrale Konfigurationsdatei</h2> - <p>Die Konfiguration von MOA SP/SS erfolgt zentral über eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema <a href="./MOA-SPSS-config-1.3.xsd">MOA-SPSS-config-1.3.xsd</a> entsprechen. <a href="#konfigurationsparameter">Abschnitt 2</a> erläutert die Konfigurationsmöglichkeiten im Einzelnen.</p> + <p>Die Konfiguration von MOA SP/SS erfolgt zentral über eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema <a href="./MOA-SPSS-config-1.4.3.xsd">MOA-SPSS-config-1.4.3.xsd</a> entsprechen. <a href="#konfigurationsparameter">Abschnitt 2</a> erläutert die Konfigurationsmöglichkeiten im Einzelnen.</p> <h3><a name="übersicht_zentraledatei_aktualisierung" id="übersicht_zentraledatei_aktualisierung"></a>1.2.1 Aktualisierung auf das Format von MOA SP/SS 1.3</h3> <p>Mit dem Wechsel auf Version 1.3 verwendet MOA SP/SS ein neues, übersichtlicheres Format für die @@ -984,6 +985,27 @@ als relativ zum Pfad jenes Verzeichnisses interpretiert werden, in dem die zentr </ul></td> </tr> </table> + <h3><a name="konfigurationsparameter_sp_permitfileuris" id="konfigurationsparameter_sp_permitfileuris"></a>2.3.4 file-URIs</h3> + <table class="fixedWidth" border="1" cellpadding="2"> + <tr> + <td>Name</td> + <td><code>cfg:SignatureVerification/cfg:PermitFileURIs</code></td> + + </tr> + <tr> + <td>Gebrauch</td> + <td>Null mal oder einmal</td> + </tr> + <tr> + <td>Erläuterung</td> + + <td><p>Der Inhalt dieses Elements vom Typ <code>xs:boolean</code> gibt an, ob file-URIs innerhalb von MOA-SP zugelassen werden sollen. In MOA-SS werden file-URIs strikt verboten.</p> + <p class="remark">Bitte beachten Sie: Das Erlauben von file-URIs birgt Sicherheitsrisikien. Eine Deaktivierung sollte nur in begründeten Ausnahmefällen in Erwägung gezogen werden. </p> + <p class="remark">Bitte beachten Sie: Es werden keine file-URIs in Ergänzungsobjekten unterstützt.</p> + <p>Zulässige Werte für diesen Parameter sind <code>true</code> oder <code>false</code>. Wird dieses Element nicht angegeben, so nimmt MOA den Wert <code>false</code> an.</p> + </td> + </tr> + </table> <h1><a name="beispielkonfigurationen"></a>3 Beispielkonfigurationen</h1> <h2><a name="beispielkonfigurationen_minss" id="beispielkonfigurationen_minss"></a>3.1 Minimale Konfiguration für MOA SS</h2> <p>Nachfolgend finden Sie eine zentrale Konfigurationsdatei mit den minimal notwendigen Einträgen für diff --git a/spss/handbook/handbook/faq/faq.html b/spss/handbook/handbook/faq/faq.html index 99072cb78..36484a2d0 100644 --- a/spss/handbook/handbook/faq/faq.html +++ b/spss/handbook/handbook/faq/faq.html @@ -15,7 +15,7 @@ </tr> </table> <hr/> - <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4</a></p> + <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.3</a></p> <p class="subtitle">FAQ</p> <hr/> <h1>Inhalt</h1> diff --git a/spss/handbook/handbook/index.html b/spss/handbook/handbook/index.html index 683f66501..11db2c816 100644 --- a/spss/handbook/handbook/index.html +++ b/spss/handbook/handbook/index.html @@ -16,7 +16,7 @@ </table> <hr/> <p class="title">MOA: Serversignatur (SS) und Signaturprüfung (SP) </p> - <p class="subtitle">Übersicht zur Dokumentation der Version 1.4 </p> + <p class="subtitle">Übersicht zur Dokumentation der Version 1.4.3 </p> <hr/> <dl> <dt><a href="./intro/intro.html">Einführung</a></dt> diff --git a/spss/handbook/handbook/install/install.html b/spss/handbook/handbook/install/install.html index 82765751f..60589f733 100644 --- a/spss/handbook/handbook/install/install.html +++ b/spss/handbook/handbook/install/install.html @@ -15,7 +15,7 @@ </tr> </table> <hr/> - <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4</a></p> + <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.3</a></p> <p class="subtitle">Installation</p> <hr/> <h1>Inhalt</h1> @@ -127,7 +127,7 @@ <dt>Installation von Apache Tomcat 4.1</dt> <dd> Installieren Sie <a href="#referenziertesoftware">Apache Tomcat 4.1.18</a> oder höher in ein Verzeichnis, das keine Leerzeichen im Pfadnamen enthält. Wir empfehlen die Installation von <a href="#referenziertesoftware">Apache Tomcat 4.1.31</a>. Verwenden Sie bitte die zu Ihrem J2SE SDK passende Distribution von Tomcat. Das Wurzelverzeichnis der Tomcat-Installation wird im weiteren Verlauf als <code>$CATALINA_HOME</code> bezeichnet.</dd> <dt>Entpacken der MOA SP/SS Webservice Distribution</dt> - <dd> Entpacken Sie die Datei <code>moa-spss-1.4.0.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_SPSS_INST</code> bezeichnet. </dd> + <dd> Entpacken Sie die Datei <code>moa-spss-1.4.3.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_SPSS_INST</code> bezeichnet. </dd> <dt>Installation der Krypographiebibliotheken von SIC/IAIK</dt> <dd> <p>Die Installation der Kryptographiebibliotheken von <a href="http://jce.iaik.tugraz.at/" target="_blank">SIC/IAIK</a>:</p> @@ -380,7 +380,7 @@ INFO | 01 21:25:26,540 | Thread-3 | TID=1049225059594-100 NID=<null> <dt>Installation von J2SE SDK</dt> <dd>Installieren Sie<a href="#referenziertesoftware"> J2SE 1.4.x SDK</a> oder <a href="#referenziertesoftware">J2SE 5.0 SDK</a> in ein beliebiges Verzeichnis. Wir empfehlen die Installation von <a href="#referenziertesoftware">J2SE 5.0 SDK</a>. Das Wurzelverzeichnis der J2SE SDK Installation wird im weiteren Verlauf als <code>$JAVA_HOME</code> bezeichnet. </dd> <dt>Entpacken der MOA SP/SS Klassenbibliotheks-Distribution</dt> - <dd> Entpacken Sie die Datei <code>moa-spss-1.4.0-lib.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_SPSS_INST</code> bezeichnet. </dd> + <dd> Entpacken Sie die Datei <code>moa-spss-1.4.3-lib.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_SPSS_INST</code> bezeichnet. </dd> <dt>Installation der Krypographiebibliotheken von SIC/IAIK</dt> <dd> <p>Die Installation der Kryptographiebibliotheken von <a href="http://jce.iaik.tugraz.at/" target="_blank">SIC/IAIK</a>:</p> @@ -399,7 +399,7 @@ INFO | 01 21:25:26,540 | Thread-3 | TID=1049225059594-100 NID=<null> </tr><tr> <td>MOA SP/SS</td> -<td>1.4.0 </td> +<td>1.4.3 </td> <td><code>moa-spss.jar</code>, <code>moa-common.jar</code></td> </tr><tr> <td>MOA IAIK</td> diff --git a/spss/handbook/handbook/intro/intro.html b/spss/handbook/handbook/intro/intro.html index c907a2e05..bc887e958 100644 --- a/spss/handbook/handbook/intro/intro.html +++ b/spss/handbook/handbook/intro/intro.html @@ -15,7 +15,7 @@ </tr> </table> <hr/> - <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4</a></p> + <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.3</a></p> <p class="subtitle">Einführung</p> <hr/> <h1>Inhalt</h1> diff --git a/spss/handbook/handbook/usage/usage.html b/spss/handbook/handbook/usage/usage.html index ea7302fcb..95d3e49a0 100644 --- a/spss/handbook/handbook/usage/usage.html +++ b/spss/handbook/handbook/usage/usage.html @@ -15,7 +15,7 @@ </tr> </table> <hr/> - <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4</a></p> + <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.3</a></p> <p class="subtitle">Anwendung</p> <hr/> <h1>Inhalt</h1> diff --git a/spss/server/history.txt b/spss/server/history.txt index 18647a12b..9a0952355 100644 --- a/spss/server/history.txt +++ b/spss/server/history.txt @@ -2,11 +2,49 @@ 1.4.3 ############## +- Unnötige Abhängigkeit zu JSSE-Implementierung von Sun wurden entfernt, welcher den Einsatz von MOA SP/SS in + Java-Laufzeitumgebungen anderer Hersteller als Sun (z.B. IBM) erschwert. + +- Ein Konfigurationsparameter für MOA SP wurde eingeführt (cfg:SignatureVerification/cfg:PermitFileURIs) welcher + file-URIs erlauben oder verbieten soll. + - Das Herauslösen des Verarbeitungsrequests aus dem SOAP-Request endete in einer ClassCastException, wenn zwischen dem Body-Element des SOAP-Envelopes und dem Request white spaces vorhanden sind bzw. dieses Element nicht unmittelbar nach dem Body-Element steht. Das Herauslösen ist nun gegen white spaces robust. +- Bei der Signaturverifikation (zusätzlich zu den bisherigen) folgende Algorithmen unterstützt: + 1. Added the following signature algorithms for XML signatures: + o http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 + o http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 + o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224 + o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 + o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 + o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 + o http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160 + 2. Added the following hash algorithms for XML signatures: + o http://www.w3.org/2001/04/xmldsig-more#sha224 + o http://www.w3.org/2001/04/xmldsig-more#sha384 + o http://www.w3.org/2001/04/xmlenc#sha512 + 3. Added the following signature algorithms for verifying CMS signatures: + o SHA224withRSA + o SHA384withRSA + o SHA512withRSA + o SHA224withECDSA + o SHA256withECDSA + o SHA384withECDSA + o SHA512withECDSA + o RIPEMD160withECDSAPlain + 4. Added the following hash algorithms for CMS signatures: + o SHA-224 + o SHA-384 + o SHA-512 + +- IAIK Libraries aktualisiert: + iaik-cms: Version 4.01_MOA + iaik-moa: Version 1.23 + iaik-ecc: Version 2.16 + ############## 1.4.2 ############## diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 14ceb71cd..327b66f54 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -190,7 +190,9 @@ public class ConfigurationPartsBuilder { private static final String SUPPLEMENT_PROFILE_XPATH = ROOT + CONF + "SignatureVerification/" + CONF + "SupplementProfile"; - + private static final String PERMIT_FILE_URIS_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "PermitFileURIs"; // // default values for configuration parameters // @@ -1235,5 +1237,15 @@ public class ConfigurationPartsBuilder { String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null); return Boolean.valueOf(autoAdd).booleanValue(); } - + + /** + * Returns whether file URIs are permitted + * @return whether file URIs are permitted + */ + public boolean getPermitFileURIs() + { + String permitFileURIs = getElementValue(getConfigElem(), PERMIT_FILE_URIS_XPATH, "false"); + return Boolean.valueOf(permitFileURIs).booleanValue(); + } + } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 57f06326a..16bf153c9 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -206,7 +206,11 @@ public class ConfigurationProvider * be used during certificate path construction. */ private boolean useAuthorityInfoAccess_; - + /** + * Indicates whether file URIs are allowed or not + */ + private boolean permitFileURIs; + /** * Return the single instance of configuration data. * @@ -319,6 +323,7 @@ public class ConfigurationProvider verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles(); supplementProfiles = builder.buildSupplementProfiles(); warnings = new ArrayList(builder.getWarnings()); + permitFileURIs = builder.getPermitFileURIs(); } catch (Throwable t) { throw new ConfigurationException("config.11", null, t); } finally { @@ -685,5 +690,13 @@ public class ConfigurationProvider { return useAuthorityInfoAccess_; } - + + /** + * Returns whether the file URIs are permitted or not + * @return whether the file URIs are permitted or not + */ + public boolean getPermitFileURIs() + { + return permitFileURIs; + } }
\ No newline at end of file diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java index fb3ff4931..2a35e5892 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java @@ -275,5 +275,12 @@ public class XMLSignatureCreationProfileImpl public String getSignedPropertiesID() { return propertyIDGenerator.uniqueId(); } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getPermitFileURIs() + */ + public boolean getPermitFileURIs() { + return false; + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java index 216596dc3..ab302388d 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java @@ -26,7 +26,8 @@ public class XMLSignatureVerificationProfileImpl private boolean includeHashInputData; /** Whether to include reference input data in the response. */ private boolean includeReferenceInputData; - + /** Whether the file URIs are permitted */ + private boolean permitFileURIs; /** * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#checkSecurityLayerManifest() */ @@ -127,5 +128,21 @@ public class XMLSignatureVerificationProfileImpl public void setIncludeReferenceInputData(boolean includeReferenceInputData) { this.includeReferenceInputData = includeReferenceInputData; } - + + /** + * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getPermitFileURIs() + */ + public boolean getPermitFileURIs() { + return permitFileURIs; + } + + /** + * Set whether the file URIs are permitted or not + * + * @param permitFileURIs whether the file URIs are permitted or not + */ + public void setPermitFileURIs(boolean permitFileURIs) + { + this.permitFileURIs = permitFileURIs; + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index 4871ac4fe..42b1c7c3c 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -1,11 +1,6 @@ package at.gv.egovernment.moa.spss.server.init; import java.io.IOException; -import java.security.Security; - -import javax.net.ssl.SSLSocketFactory; - -import org.apache.axis.AxisProperties; import iaik.ixsil.init.IXSILInit; @@ -42,7 +37,7 @@ public class SystemInitializer { */ public static void init() { MessageProvider msg = MessageProvider.getInstance(); - ClassLoader cl = SystemInitializer.class.getClassLoader(); + Thread archiveCleaner; // set up the MOA SPSS logging hierarchy @@ -51,25 +46,7 @@ public class SystemInitializer { // set up a logging context for logging the startup LoggingContextManager.getInstance().setLoggingContext( new LoggingContext("startup")); - - // load some jsse classes so that the integrity of the jars can be verified - // before the iaik jce is installed as the security provider - // this workaround is only needed when sun jsse is used in conjunction with - // iaik-jce (on jdk1.3) - try { - cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar - } catch (ClassNotFoundException e) { - Logger.warn(msg.getMessage("init.03", null), e); - } - - // set up SUN JSSE SSL - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - System.setProperty( - "java.protocol.handler.pkgs", - "com.sun.net.ssl.internal.www.protocol"); - SSLSocketFactory.getDefault(); - - + // AxisProperties.setProperty("enableNamespacePrefixOptimization","false"); // AxisProperties.setProperty("disablePrettyXML", "true"); // AxisProperties.setProperty("axis.doAutoTypes", "true"); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java index 5df13a337..1a8c72779 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java @@ -86,7 +86,9 @@ public class XMLSignatureVerificationProfileFactory { } else { profile.setTransformationSupplements(Collections.EMPTY_LIST); } - + + profile.setPermitFileURIs(config.getPermitFileURIs()); + return profile; } |