aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--spss.slinterface/build.xml24
-rw-r--r--spss.slinterface/handbook/system/system.html25
-rw-r--r--spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/Constants.java19
-rw-r--r--spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/transformers/SL2MOA.java250
-rw-r--r--spss.slinterface/test/moa-wartung-la17/dokument.xml1
-rw-r--r--spss.slinterface/test/moa-wartung-la17/signatur.xml23
-rw-r--r--spss.slinterface/test/moa-wartung-la17/stylesheet.xsl17
-rw-r--r--spss.slinterface/test/moa-wartung-la17/verify.jsp80
-rw-r--r--spss.slinterface/test/moa-wartung-la17/verifyRequest.xml40
9 files changed, 450 insertions, 29 deletions
diff --git a/spss.slinterface/build.xml b/spss.slinterface/build.xml
index 08c17b9c9..4133c1e77 100644
--- a/spss.slinterface/build.xml
+++ b/spss.slinterface/build.xml
@@ -1,16 +1,19 @@
<!--
- Ant Buildfile for MOA SP/SS Server
+ Ant Buildfile for MOA SL
- Authors: Patrick Peck, Gregor Karlinger
+ Authors: Gregor Karlinger
$Id$
-->
<project name="moa-sl" default="dist-ws" basedir=".">
<property environment="env"/>
- <property name="script-suffix" value="${env.SCRIPT_SUFFIX}"/>
- <property name="version" value="1.1.0"/>
+
+ <!-- Remove comments if targets should be run in test mode, i.e. include test files -->
+ <!--<property name="isTest" value="dummy"/>-->
+
+ <property name="version" value="1.1.1"/>
<property name="lib" value="lib"/>
<property name="src" value="src"/>
@@ -76,7 +79,7 @@
debug="on">
</javac>
</target>
-
+
<target name="package-ws" depends="compile, manifest">
<description>package the server war file</description>
<war warfile="${dist.ws}/moa-sl.war" webxml="${web-inf}/web.xml" manifest="${tmp}/MANIFEST.MF">
@@ -91,9 +94,10 @@
<classes dir="${res}" excludes="test/**"/>
<classes file="${conf}/log4j/log4j.properties"/>
<zipfileset dir="${pages}" excludes="" prefix="pages"/>
- <zipfileset dir="${test}" excludes="echtdaten*/** .cvsignore" prefix="test"/>
+ <zipfileset dir="${test}" excludes=".cvsignore" prefix="test">
+ <exclude unless="isTest" name="*/**"/>
+ </zipfileset>
<zipfileset dir="${tempdir}" prefix="workdir/temp"/>
- <!--<webinf dir="${handbook}" includes="conf/**"/>-->
</war>
</target>
@@ -127,12 +131,6 @@
<fileset dir="${lib.xalan}"/>
<fileset dir="${lib.xerces}"/>
</copy>
- <!--<copy toDir="${dist.ws}/licenses">
- <fileset dir="${licenses}"/>
- </copy>-->
- <!--<copy toDir="${dist.ws}">
- <fileset dir="." includes="readme.inst.txt, readme.update.txt, history.txt"/>
- </copy>-->
<fixcrlf srcdir="${dist.ws}" includes="**/*.sh" eol="lf" eof="remove"/>
</target>
diff --git a/spss.slinterface/handbook/system/system.html b/spss.slinterface/handbook/system/system.html
index b911d84c8..7831b7eb6 100644
--- a/spss.slinterface/handbook/system/system.html
+++ b/spss.slinterface/handbook/system/system.html
@@ -178,7 +178,7 @@ Der Filter <code>SL2MOAFilter</code></h2>
ist ein
<code><abbr title="javax.servlet.Filter">Filter</abbr></code>,
der einerseits
-den <code><abbr title="javax.servlet.http.httpservletrequest=">HttpServletRequest</abbr>
+den <code><abbr title="javax.servlet.http.httpservletrequest=">HttpServletRequest</abbr></code>
ver&auml;ndert, bevor er an das Servlet <code><abbr title="at.gv.egovernment.moa.spss.slinterface.servlets.MOAServlet">MOAServlet</abbr></code>
weitergeleitet wird, und andererseits den <code><abbr title="javax.servlet.http.HttpServletResponse">HttpServletResponse</abbr></code>
ver&auml;ndert, nachdem er vom Servlet <code><abbr title="at.gv.egovernment.moa.spss.slinterface.servlets.MOAServlet">MOAServlet</abbr></code>
@@ -195,11 +195,28 @@ entsprechend der Webservice-Schnittstelle f&uuml;r das Basismodul
MOA SP (MOA-Request). Aufgabe des <code><abbr title="at.gv.egovernment.moa.spss.slinterface.filters.SL2MOAFilter">SL2MOAFilter</abbr></code>s
ist es daher, vor der Ausf&uuml;hrung des <code><abbr title="at.gv.egovernment.moa.spss.slinterface.servlets.MOAServlet">MOAServlet</abbr></code>s
f&uuml;r eine passende Umsetzung des SL-Requests in den
-entsprechenden MOA-Request zu sorgen. Zur Erf&uuml;llung dieser
+entsprechenden MOA-Request zu sorgen. </p>
+
+<p>Zur Erf&uuml;llung dieser
Aufgabe bedient sich der <code><abbr title="at.gv.egovernment.moa.spss.slinterface.filters.SL2MOAFilter">SL2MOAFilter</abbr></code>
der Klasse <code><abbr title="at.gv.egovernment.moa.spss.slinterface.transformers.SL2MOA">SL2MOA</abbr></code>,
-in der die
-Request-Transformation gekapselt ist.</p>
+in der die Request-Transformation gekapselt ist. Zun�chst wird eine einfache Transformation des SL-Requests in den MOA-Request durchgef&uuml;hrt,
+indem die Namen der XML-Elemente entsprechend angepasst werden. Danach werden am dadurch entstandenen MOA-Request noch folgende Modifikationen
+durchgef&uuml;hrt:
+<ul>
+ <li>Einf&uuml;gen eines <code>DateTime</code> Elements in den MOA-Request, wenn bisher kein solches existiert, und wenn in der im MOA-Request
+ enthaltenen XML Signatur kein Signaturattribut <code>etsi:SigningTime</code> existiert und wenn aus dem E-Recht XML Dokument, das von der
+ XML-Signatur signiert wird, die Metainformation (Attribut <code>h-created</code> im Wurzelelement <code>erechtdok</code>) des
+ Erzeugungszeitpunkts des E-Recht XML Dokuments erfolgreich extrahiert werden konnte.</li>
+
+ <li>Hinzuf&uuml;gen des Elements <code>ReturnHashInputData</code>, das MOA SP anweist, die Hashinputdaten f�r jede <code>dsig:Reference</code>
+ der zu pr&uuml;fenden XML Signatur als Teil der MOA-Response zu retournieren.</li>
+
+ <li>Hinzuf&uuml;gen des verpflichtend anzugebenden Elements <code>TrustProfileID</code>, das MOA SP den Hinweis gibt, welches Vertrauensprofil
+ f&uuml;r die Evaluierung der Vertrauensw&uuml;rdigkeit des f�r die Erstellung der XML Signatur verwendeten Signaturzertifikats verwendet
+ werden soll.</li>
+</ul>
+</p>
<p>Das&nbsp;<code><abbr title="at.gv.egovernment.moa.spss.slinterface.servlets.MOAServlet">MOAServlet</abbr></code>
w&uuml;rde dann die Antwort des Basismoduls MOA SP in einem Format
diff --git a/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/Constants.java b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/Constants.java
index 419f1fb9b..6373f37fe 100644
--- a/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/Constants.java
+++ b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/Constants.java
@@ -6,19 +6,16 @@
package at.gv.egovernment.moa.spss.slinterface;
/**
- * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at)
+ * @author Gregor Karlinger (mailto:gregor.karlinger@siemens.com)
*/
public class Constants
{
// System properties
- public static final String SP_INIT_PROPS_LOC_ =
- "at.gv.egovernment.moa.spss.slinterface.PropertiesLocation";
+
+ public static final String SP_INIT_PROPS_LOC_ = "at.gv.egovernment.moa.spss.slinterface.PropertiesLocation";
// Init properties
- // TODO Revisit if constants can be removed
- // public static final String IP_SL2MOA_STYLESHEET_ = "location.stylesheet.sl2moa";
- // public static final String IP_MOA2SL_STYLESHEET_ = "location.stylesheet.moa2sl";
public static final String IP_SL_SCHEMA_ = "location.schema.sl";
public static final String IP_MOA_SCHEMA_ = "location.schema.moa";
public static final String IP_SLXHTML_SCHEMA_ = "location.schema.slxhtml";
@@ -44,15 +41,13 @@ public class Constants
public static final String LH_FILTERS_ = LH_BASE_ + ".filters";
public static final String LH_SERVLETS_ = LH_BASE_ + ".servlets";
public static final String LH_BEANS_ = LH_BASE_ + ".beans";
+ public static final String LH_TRANSFORMERS_ = LH_BASE_ + ".transformers";
public static final String LH_TEST_ = LH_BASE_ + ".test";
// Web service context parameters
public static final String WSCP_INIT_PROPS_ = "initProperties";
public static final String WSCP_INITPROPS_BEAN_ = "initPropertiesBean";
- // TODO Revisit if constants can be removed
- // public static final String WSCP_SL2MOA_TRANSFORMER_ = "sl2MoaTransformer";
- // public static final String WSCP_MOA2SL_TRANSFORMER_ = "moa2SlTransformer";
public static final String WSCP_XMLPARSER_ = "xmlParser";
public static final String WSCP_URL_REWRITER_ = "urlRewriter";
@@ -68,13 +63,17 @@ public class Constants
public static final String NSURI_SL_10_ = "http://www.buergerkarte.at/namespaces/securitylayer/20020225#";
public static final String NSURI_SL_11_ = "http://www.buergerkarte.at/namespaces/securitylayer/20020831#";
+
// TODO Change Namespace to final SL 1.2
public static final String NSURI_SL_12_ = "http://www.buergerkarte.at/namespaces/securitylayer/20031231#";
+
public static final String NSURI_MOA_12_ = "http://reference.e-government.gv.at/namespace/moa/20020822#";
public static final String NSURI_NAMESPACES_ = "http://www.w3.org/2000/xmlns/";
public static final String NSURI_XML_ = "http://www.w3.org/XML/1998/namespace";
public static final String NSURI_DSIG_ = "http://www.w3.org/2000/09/xmldsig#";
public static final String NSURI_XHTML_ = "http://www.w3.org/1999/xhtml";
+ public static final String NSURI_ETSI_ = "http://uri.etsi.org/01903/v1.2.2#";
+ public static final String NSURI_XMLBGBL_ = "http://www.bka.gv.at";
// Namespace prefixes
public static final String NSPRE_SL_10_ = "sl10";
@@ -83,6 +82,8 @@ public class Constants
public static final String NSPRE_MOA_12_ = "moa";
public static final String NSPRE_DSIG_ = "dsig";
public static final String NSPRE_XHTML_ = "xhtml";
+ public static final String NSPRE_ETSI_ = "etsi";
+ public static final String NSPRE_XMLBGBL_ = "bka";
// MOA invoker constants
diff --git a/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/transformers/SL2MOA.java b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/transformers/SL2MOA.java
index 6c476e9ce..eec295bab 100644
--- a/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/transformers/SL2MOA.java
+++ b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/transformers/SL2MOA.java
@@ -5,20 +5,49 @@
*/
package at.gv.egovernment.moa.spss.slinterface.transformers;
+import java.io.InputStream;
+import java.net.URL;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.GregorianCalendar;
import java.util.HashMap;
+import java.util.StringTokenizer;
+import javax.servlet.ServletException;
+
+import org.apache.log4j.Logger;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
import at.gv.egovernment.moa.spss.slinterface.Constants;
+import at.gv.egovernment.moa.spss.slinterface.DOMUtils;
+import at.gv.egovernment.moa.spss.slinterface.XPathUtils;
/**
- * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at)
+ * @author Gregor Karlinger (mailto:gregor.karlinger@siemens.com)
*/
public class SL2MOA
{
+ private static Logger logger_ = Logger.getLogger(Constants.LH_TRANSFORMERS_);
+
/**
- * Transforms an SL VerifyXMLSignatureRequest into a MOA VerifyXMLSignatureRequest.
+ * Transforms an SL <code>VerifyXMLSignatureRequest</code> into a MOA <code>VerifyXMLSignatureRequest
+ * </code> and makes the following additions to the resulting <code>VerifyXMLSignatureRequest</code>:
+ * <ul>
+ * <li>Insertion of a <code>DateTime</code> element to MOA <code>VerifyXMLSignatureRequest</code>, if no
+ * one exists and if no <code>etsi:SigningTime</code> element exists in the xml signature of the MOA
+ * VerifyXMLSinatureRequest</li> and if the creation time meta information could be extracted
+ * successfully from the E-Recht XML document signed by the XML signature contained in the
+ * MOA <code>VerifyXMLSignatureRequest</code> (see @link #extractXMLDocCreationTime(Element)).<li>
+ *
+ * <li>Addition of the <code>ReturnHashInputData</code> element indicating that MOA SP should return
+ * the hash input data for each <code>dsig:Reference</code> of the XML signature.</li>
+ *
+ * <li>Addition of the obligatory <code>TrustProfileID</code> element indicating the trust profile
+ * MOA ID should use for evaluating wheter the signer certificate used for creating the XML signature
+ * contained in the MOA <code>VerifyXMLSignatureRequest</code> is trusted.</li>
+ * </ul>
*
* @param slVerifyXMLSignatureRequest The SL VerifyXMLSignatureRequest to be transformed.
*
@@ -26,9 +55,11 @@ public class SL2MOA
* that <code>slVerifyXMLSignatureRequest</code> is modified into the moa request.
*
* @pre slVerifyXMLSignatureRequest is a valid instance of the SL Schema (version 1.2 or 1.1).
+ *
+ * @throws ServletException if transforming the request fails for any reason.
*/
public static Document toMoaVerifyXMLSignatureRequest(Document slVerifyXMLSignatureRequest,
- String trustProfileID)
+ String trustProfileID) throws ServletException
{
// Namespace to namespace prefix mapping
HashMap prefixMap = new HashMap(4);
@@ -77,6 +108,29 @@ public class SL2MOA
// Convert SL request into MOA request
verifyRequestElem = Utils.transformDeep(verifyRequestElem, prefixMap, nsTransforms, nameTransforms);
+ // Add DateTime element to MOA VerifyXMLSignature request, if
+ // - no one exists and
+ // - no etsi:SigningTime element exists in the xml signature of the MOA VerifyXMLSinatureRequest
+ if (!dateTimeExists(verifyRequestElem) && !signingTimeExists(verifyRequestElem))
+ {
+ // Extract creation date meta information from E-Recht XML document for use in MOA VerifyXMLSignature request
+ String dateTimeStr = extractXMLDocCreationTime(verifyRequestElem);
+
+ if (dateTimeStr != null)
+ {
+ // Creation date meta information could be extracted successfully from E-Recht XML document
+ Element dateTimeElem = slVerifyXMLSignatureRequest.createElementNS(
+ Constants.NSURI_MOA_12_, Constants.NSPRE_MOA_12_ + ":DateTime");
+ dateTimeElem.appendChild(slVerifyXMLSignatureRequest.createTextNode(dateTimeStr));
+ Element verifySignatureInfoElem = DOMUtils.getChildElem(verifyRequestElem, Constants.NSURI_MOA_12_, "VerifySignatureInfo");
+ verifyRequestElem.insertBefore(dateTimeElem, verifySignatureInfoElem);
+ }
+ else
+ {
+ logger_.warn("Could not extract creation date meta information from E-Recht XML document.");
+ }
+ }
+
// Add ReturnHashInputData element
Element returnHashInputDataElem = slVerifyXMLSignatureRequest.createElementNS(
Constants.NSURI_MOA_12_, Constants.NSPRE_MOA_12_ + ":ReturnHashInputData");
@@ -90,4 +144,194 @@ public class SL2MOA
return slVerifyXMLSignatureRequest;
}
+
+ /**
+ * Extracts the creation time meta information from the E-Recht XML document that is referenced by
+ * the XML signature contained in the specified MOA <code>VerifyXMLSignatureRequest</code>.
+ *
+ * @param verifyRequestElem The MOA <code>VerifyXMLSignatureRequest</code>. It is assumed that the
+ * request contains an XML signature which signs a E-Recht XML document
+ * (referring to the E-Recht XML document and transforming it to a corresponding
+ * XHTML representation respectively). The E-Recht XML document is assumed to
+ * have a root element with the name <code>erechtdok</code> in the namespace
+ * <code>http://www.bka.gv.at</code>. The creation time meta information is
+ * assumed to be contained in the attribute <code>h-created</code> of the root
+ * element. The value of the attribute <code>h-created</code> is assumed to have
+ * the format <code>dd. MMMMM yyyy, hh:mm:ss</code> where MMMMM denotes the month
+ * in German prose (see @link #convertMonth(String)).
+ *
+ * @return the extracted creation time meta information, or <code>null</code>, if the extraction fails for
+ * any reason.
+ */
+ private static String extractXMLDocCreationTime(Element verifyRequestElem)
+ {
+
+ // Get E-Recht XML document using location information in MOA VerifyXMLSignature request
+ String nSPrefixes = Constants.NSPRE_MOA_12_ + " " + Constants.NSURI_MOA_12_;
+ String xPathXMLDocumentLocContent =
+ "//" + Constants.NSPRE_MOA_12_ + ":SupplementProfile" +
+ "/" + Constants.NSPRE_MOA_12_ + ":Content[@Reference=\"dokument.xml\"]" +
+ "/" + Constants.NSPRE_MOA_12_ + ":LocRefContent";
+ Document xmlDocument = null;
+ try
+ {
+ XPathUtils utils = new XPathUtils();
+ utils.setupContext(xPathXMLDocumentLocContent, verifyRequestElem, nSPrefixes);
+ NodeList resultNL = utils.selectNodeSet(verifyRequestElem);
+
+ if (resultNL == null || resultNL.getLength() < 1)
+ {
+ logger_.warn("LocRefContent element for E-Recht XML document not found in MOA VerifyXMLSignatureRequest.");
+ return null;
+ }
+
+ URL locRefURL = new URL(DOMUtils.getText((Element) resultNL.item(0)));
+ InputStream locRefURLIS = locRefURL.openStream();
+ xmlDocument = DOMUtils.parseWellFormed(locRefURLIS);
+ }
+ catch (Exception e)
+ {
+ String message = "An error occurred while trying to load E-Recht XML document:";
+ logger_.warn(message, e);
+ return null;
+ }
+
+ // Extract attribute "h-created" from E-Recht XML document root element
+ String hCreated = xmlDocument.getDocumentElement().getAttributeNS(null, "h-created");
+ if (hCreated == null || "".equals(hCreated))
+ {
+ logger_.warn("Attribute \"h-created\" not found in E-Recht XML document root element.");
+ return null;
+ }
+
+ // Convert attribute "h-created" into a java date ("h-created" has formats like "10. M�rz 2006, 11:15:09")
+ try
+ {
+ String dateStr = hCreated.substring(0, hCreated.indexOf(',')).trim();
+ String timeStr = hCreated.substring(hCreated.indexOf(',') + 1).trim();
+
+ StringTokenizer tokenizer = new StringTokenizer(dateStr, " ");
+ String dateDayStr = tokenizer.nextToken();
+ int dateDay = Integer.parseInt(dateDayStr.substring(0, dateDayStr.indexOf('.')));
+ String dateMonthAlphaStr = tokenizer.nextToken();
+ int dateMonthNum = convertMonth(dateMonthAlphaStr);
+ int dateYear = Integer.parseInt(tokenizer.nextToken());
+
+ tokenizer = new StringTokenizer(timeStr, ":");
+ int timeHours = Integer.parseInt(tokenizer.nextToken());
+ int timeMins = Integer.parseInt(tokenizer.nextToken());
+ int timeSecs = Integer.parseInt(tokenizer.nextToken());
+
+ GregorianCalendar calendar = new GregorianCalendar(dateYear, dateMonthNum, dateDay, timeHours, timeMins, timeSecs);
+ SimpleDateFormat dF = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
+ return dF.format(calendar.getTime());
+ }
+ catch (Throwable t)
+ {
+ logger_.warn("Attribute \"h-created\" in E-Recht XML document root element has unexpected format: " + hCreated);
+ return null;
+ }
+ }
+
+ /**
+ * Converts the specified month name into a numeric representation as specified in @link Calendar, e.g.
+ * @link Calendar#JANUARY.
+ *
+ * @param dateMonthAlphaStr The specified month name; must be one of <code>J�nner</code>, <code>Januar</code>,
+ * <code>Februar</code>, <code>Feber</code>, <code>M�rz</code>, <code>April</code>,
+ * <code>Mai</code>, <code>Juni</code>, <code>Juli</code>, <code>August</code>,
+ * <code>September</code>, <code>Oktober</code>, <code>November</code>, or
+ * <code>Dezember</code>.
+ *
+ * @return the numeric representation of the specified month.
+ *
+ * @throws Exception if <code>dateMonthAlphaStr</code> contains an invalid month name.
+ */
+ private static int convertMonth(String dateMonthAlphaStr) throws Exception
+ {
+ if ("J�nner".equalsIgnoreCase(dateMonthAlphaStr) || "Januar".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.JANUARY;
+ if ("Februar".equalsIgnoreCase(dateMonthAlphaStr) || "Feber".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.FEBRUARY;
+ if ("M�rz".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.MARCH;
+ if ("April".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.APRIL;
+ if ("Mai".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.MAY;
+ if ("Juni".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.JUNE;
+ if ("Juli".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.JULY;
+ if ("August".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.AUGUST;
+ if ("September".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.SEPTEMBER;
+ if ("Oktober".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.OCTOBER;
+ if ("November".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.NOVEMBER;
+ if ("Dezember".equalsIgnoreCase(dateMonthAlphaStr)) return Calendar.DECEMBER;
+
+ String message = "Invalid month identifier found in attribute \"h-created\":" + dateMonthAlphaStr;
+ logger_.warn(message);
+ throw new Exception(message);
+ }
+
+ /**
+ * Checks wheter a <code>DateTime</code> element exists in the specified MOA <code>
+ * VerifyXMLSignatureRequest</code>.
+ *
+ * @param moaVerifyXMLSignatureRequest The MOA <code>VerifyXMLSingatureRequest</code>.
+ *
+ * @return <code>true</code> if the element exists, <code>false</code> otherwhise.
+ *
+ * @throws ServletException if the check fails for any reason.
+ */
+ private static boolean dateTimeExists(Element moaVerifyXMLSignatureRequest) throws ServletException
+ {
+ String nSPrefixes = Constants.NSPRE_MOA_12_ + " " + Constants.NSURI_MOA_12_;
+ String xPathDateTime = "//" + Constants.NSPRE_MOA_12_ + ":DateTime";
+
+ NodeList resultNL;
+ try
+ {
+ XPathUtils utils = new XPathUtils();
+ utils.setupContext(xPathDateTime, moaVerifyXMLSignatureRequest, nSPrefixes);
+ resultNL = utils.selectNodeSet(moaVerifyXMLSignatureRequest);
+ }
+ catch (Exception e)
+ {
+ String message = "An error occurred while checking for DateTime element in MOA VerifyXMLSignatureRequest:";
+ logger_.error(message, e);
+ throw new ServletException(message, e);
+ }
+
+ if (resultNL == null) return false;
+ if (resultNL.getLength() < 1) return false;
+ return true;
+ }
+
+ /**
+ * Checks whether an <code>etsi:SigningTime</code> signed attribute exists as part of the XML signature
+ * contained in the specified MOA <code>VerifyXMLSingatureRequest</code>.
+ *
+ * @param moaVerifyXMLSignatureRequest The MOA <code>VerifyXMLSingatureRequest</code>.
+ *
+ * @return <code>true</code>, if the attribute exists, <code>false</code> otherwhise.
+ *
+ * @throws ServletException if the check fails for any reason.
+ */
+ private static boolean signingTimeExists(Element moaVerifyXMLSignatureRequest) throws ServletException
+ {
+ String nSPrefixes = Constants.NSPRE_ETSI_ + " " + Constants.NSURI_ETSI_;
+ String xPathDateTime = "//" + Constants.NSPRE_ETSI_ + ":SigningTime";
+
+ NodeList resultNL;
+ try
+ {
+ XPathUtils utils = new XPathUtils();
+ utils.setupContext(xPathDateTime, moaVerifyXMLSignatureRequest, nSPrefixes);
+ resultNL = utils.selectNodeSet(moaVerifyXMLSignatureRequest);
+ }
+ catch (Exception e)
+ {
+ String message = "An error occurred while checking for " + Constants.NSPRE_ETSI_ + ":SigningTime element in XML signature in MOA VerifyXMLSignatureRequest:";
+ logger_.error(message, e);
+ throw new ServletException(message, e);
+ }
+
+ if (resultNL == null) return false;
+ if (resultNL.getLength() < 1) return false;
+ return true;
+ }
}
diff --git a/spss.slinterface/test/moa-wartung-la17/dokument.xml b/spss.slinterface/test/moa-wartung-la17/dokument.xml
new file mode 100644
index 000000000..0154db7a2
--- /dev/null
+++ b/spss.slinterface/test/moa-wartung-la17/dokument.xml
@@ -0,0 +1 @@
+<erechtdok stylesheet="eRechtXML2XHTML11_1.9.0.xsl" h-version="2.8.1_20.02.2006" h-creator="RTF2XML.Converter_10. März 2006_11:15:06(3036)" h-created="10. März 2006, 11:15:09" xmlns="http://www.bka.gv.at">Test</erechtdok> \ No newline at end of file
diff --git a/spss.slinterface/test/moa-wartung-la17/signatur.xml b/spss.slinterface/test/moa-wartung-la17/signatur.xml
new file mode 100644
index 000000000..9ba54eee7
--- /dev/null
+++ b/spss.slinterface/test/moa-wartung-la17/signatur.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/><dsig:Reference Id="reference-1-1" URI="dokument.xml"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"><xsl:include href="stylesheet.xsl"/></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>W8W5rmqsVfSPwZ3bLF/dZPCAdXQ=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>R/flqO2oXfd/bdqWADtuA571WCV4x+yO1rKW4tpU0+MJYv3e+xnJwFyv51ipp7cx</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIID+DCCA2WgAwIBAgIBCTAJBgUrDgMCHQUAMH8xCzAJBgNVBAYTAkFUMSwwKgYD
+VQQKEyNTdGFic3RlbGxlIElLVC1TdHJhdGVnaWUgZGVzIEJ1bmRlczEeMBwGA1UE
+CxMVVGVjaG5payB1bmQgU3RhbmRhcmRzMSIwIAYDVQQDExlUZXN0IENBIC0gU2ln
+bmF0dXJkaWVuc3RlMB4XDTA0MDgwNDA4MjM0OFoXDTA3MDgwNDA4MjM0OFowgZgx
+CzAJBgNVBAYTAkFUMS0wKwYDVQQKEyRTdGFic3N0ZWxsZSBJS1QtU3RyYXRlZ2ll
+IGRlcyBCdW5kZXMxHjAcBgNVBAsTFVRlY2huaWsgdW5kIFN0YW5kYXJkczE6MDgG
+A1UEAxMxVGVzdDogU2lnbmF0dXJkaWVuc3QgYWxsZXIgS3VuZGVuOiBFQ0RTQSAo
+UDE5MnYxKTCB8zCBvAYHKoZIzj0CATCBsAIBATAkBgcqhkjOPQEBAhkA////////
+/////////////v//////////MDQEGP////////////////////7//////////AQY
+ZCEFGeWcgOcPp+mrciQwSf643uzBRrmxBDEEGI2oDrAwkPZ8vyDrQ6GIAPT/Cv2C
+/xASBxkrlf/I2nhjEBHtayTN1XP5d6EeeUgRAhkA////////////////md74NhRr
+ybG00igxAgEBAzIABNHWY9lQOE1zgmpcpjTg2WIg6qgEsGhpXELPinJoMPDVheTv
+2BZPG42YJsNfvWgC06OCARwwggEYMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8E
+AjAAMB0GA1UdDgQWBBRHH5EXnrWosCmIa+JyEM5seMxFVzBdBgNVHSAEVjBUMFIG
+DCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0
+IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2VlaWduZXQuMEMGA1UdHwQ8MDowOKA2
+oDSGMmh0dHA6Ly9sYWJzLmNpby5ndi5hdC90ZW1wL2NybHMvc2lnbmF0dXJkaWVu
+c3QuY3JsMBQGByooAAoBAQEECQwHQktBLUlLVDAfBgNVHSMEGDAWgBRAl0P5fWaw
+vf59+uxGcYY9wffZPTAJBgUrDgMCHQUAA4GBAIMKUsnajgfBtpHeDdMdQMLA8fdt
+lluezDOM78WYYSFURP04QZk5iHkShzptgZCF5Y/T4an3dC3SnytL67LJvEoKUyja
+iTMLo7650xRTvAjTaMJ+nly/wTRYJKplOLXKWj3WwfObMHXdsDE8NJmpJSRE7Sw7
++tj+UiTiNNSaXirq</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo></dsig:Signature> \ No newline at end of file
diff --git a/spss.slinterface/test/moa-wartung-la17/stylesheet.xsl b/spss.slinterface/test/moa-wartung-la17/stylesheet.xsl
new file mode 100644
index 000000000..2adcf2a45
--- /dev/null
+++ b/spss.slinterface/test/moa-wartung-la17/stylesheet.xsl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:er="http://www.bka.gv.at" xmlns="http://www.w3.org/1999/xhtml">
+ <xsl:output encoding="UTF-8" method="xml" indent="yes"/>
+ <xsl:template match="/">
+ <html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <title>HTML-Dokument</title>
+ </head>
+ <body>
+ <xsl:apply-templates/>
+ </body>
+ </html>
+ </xsl:template>
+ <xsl:template match="er:erechtdok">
+ <p><xsl:value-of select="."/></p>
+ </xsl:template>
+</xsl:stylesheet> \ No newline at end of file
diff --git a/spss.slinterface/test/moa-wartung-la17/verify.jsp b/spss.slinterface/test/moa-wartung-la17/verify.jsp
new file mode 100644
index 000000000..1ceb3c665
--- /dev/null
+++ b/spss.slinterface/test/moa-wartung-la17/verify.jsp
@@ -0,0 +1,80 @@
+<%@ page contentType="text/html; charset=UTF-8" %>
+
+<jsp:useBean
+ id="initPropertiesBean"
+ class="at.gv.egovernment.moa.spss.slinterface.beans.InitPropertiesBean" scope="application">
+</jsp:useBean>
+
+<html>
+<head>
+ <title>Testanwendung für SL</title>
+</head>
+ <body>
+<form action="<% out.write(initPropertiesBean.getMOASLWebAppURL() + request.getContextPath()); %>/http-security-layer-request" method="post">
+<table width="800px" align="center">
+<tr>
+<td>
+<h1 align="center">Testanwendung für SL</h1>
+<p align="center">Das signierte Dokument ist ein Security-Layer XHTML Dokument.</p>
+<table bgcolor="#eeeeee" width="790px" border="1" cellpadding="3">
+<tr>
+<td>Signaturprüfrequest</td>
+<td>
+<textarea name="XMLRequest" cols=80 rows=20>
+&lt;VerifyXMLSignatureRequest xmlns="http://www.buergerkarte.at/namespaces/securitylayer/20031231#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ &lt;SignatureInfo>
+ &lt;SignatureEnvironment>
+ &lt;XMLContent>&lt;dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">&lt;dsig:SignedInfo>&lt;dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>&lt;dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>&lt;dsig:Reference Id="reference-1-1" URI="dokument.xml">&lt;dsig:Transforms>&lt;dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">&lt;xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">&lt;xsl:include href="stylesheet.xsl"/>&lt;/xsl:stylesheet>&lt;/dsig:Transform>&lt;dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>&lt;/dsig:Transforms>&lt;dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>&lt;dsig:DigestValue>W8W5rmqsVfSPwZ3bLF/dZPCAdXQ=&lt;/dsig:DigestValue>&lt;/dsig:Reference>&lt;/dsig:SignedInfo>&lt;dsig:SignatureValue>R/flqO2oXfd/bdqWADtuA571WCV4x+yO1rKW4tpU0+MJYv3e+xnJwFyv51ipp7cx&lt;/dsig:SignatureValue>&lt;dsig:KeyInfo>&lt;dsig:X509Data>&lt;dsig:X509Certificate>MIID+DCCA2WgAwIBAgIBCTAJBgUrDgMCHQUAMH8xCzAJBgNVBAYTAkFUMSwwKgYD
+VQQKEyNTdGFic3RlbGxlIElLVC1TdHJhdGVnaWUgZGVzIEJ1bmRlczEeMBwGA1UE
+CxMVVGVjaG5payB1bmQgU3RhbmRhcmRzMSIwIAYDVQQDExlUZXN0IENBIC0gU2ln
+bmF0dXJkaWVuc3RlMB4XDTA0MDgwNDA4MjM0OFoXDTA3MDgwNDA4MjM0OFowgZgx
+CzAJBgNVBAYTAkFUMS0wKwYDVQQKEyRTdGFic3N0ZWxsZSBJS1QtU3RyYXRlZ2ll
+IGRlcyBCdW5kZXMxHjAcBgNVBAsTFVRlY2huaWsgdW5kIFN0YW5kYXJkczE6MDgG
+A1UEAxMxVGVzdDogU2lnbmF0dXJkaWVuc3QgYWxsZXIgS3VuZGVuOiBFQ0RTQSAo
+UDE5MnYxKTCB8zCBvAYHKoZIzj0CATCBsAIBATAkBgcqhkjOPQEBAhkA////////
+/////////////v//////////MDQEGP////////////////////7//////////AQY
+ZCEFGeWcgOcPp+mrciQwSf643uzBRrmxBDEEGI2oDrAwkPZ8vyDrQ6GIAPT/Cv2C
+/xASBxkrlf/I2nhjEBHtayTN1XP5d6EeeUgRAhkA////////////////md74NhRr
+ybG00igxAgEBAzIABNHWY9lQOE1zgmpcpjTg2WIg6qgEsGhpXELPinJoMPDVheTv
+2BZPG42YJsNfvWgC06OCARwwggEYMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8E
+AjAAMB0GA1UdDgQWBBRHH5EXnrWosCmIa+JyEM5seMxFVzBdBgNVHSAEVjBUMFIG
+DCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0
+IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2VlaWduZXQuMEMGA1UdHwQ8MDowOKA2
+oDSGMmh0dHA6Ly9sYWJzLmNpby5ndi5hdC90ZW1wL2NybHMvc2lnbmF0dXJkaWVu
+c3QuY3JsMBQGByooAAoBAQEECQwHQktBLUlLVDAfBgNVHSMEGDAWgBRAl0P5fWaw
+vf59+uxGcYY9wffZPTAJBgUrDgMCHQUAA4GBAIMKUsnajgfBtpHeDdMdQMLA8fdt
+lluezDOM78WYYSFURP04QZk5iHkShzptgZCF5Y/T4an3dC3SnytL67LJvEoKUyja
+iTMLo7650xRTvAjTaMJ+nly/wTRYJKplOLXKWj3WwfObMHXdsDE8NJmpJSRE7Sw7
++tj+UiTiNNSaXirq&lt;/dsig:X509Certificate>&lt;/dsig:X509Data>&lt;/dsig:KeyInfo>&lt;/dsig:Signature>&lt;/XMLContent>
+ &lt;/SignatureEnvironment>
+ &lt;SignatureLocation>/dsig:Signature&lt;/SignatureLocation>
+ &lt;/SignatureInfo>
+ &lt;Supplement>
+ &lt;Content Reference="stylesheet.xsl">
+ &lt;LocRefContent><% out.write(initPropertiesBean.getMOASLWebAppURL() + request.getContextPath()); %>/test/moa-wartung-la17/stylesheet.xsl&lt;/LocRefContent>
+ &lt;/Content>
+ &lt;/Supplement>
+ &lt;Supplement>
+ &lt;Content Reference="dokument.xml">
+ &lt;LocRefContent><% out.write(initPropertiesBean.getMOASLWebAppURL() + request.getContextPath()); %>/test/moa-wartung-la17/dokument.xml&lt;/LocRefContent>
+ &lt;/Content>
+ &lt;/Supplement>
+&lt;/VerifyXMLSignatureRequest>
+</textarea>
+</td>
+</tr>
+<tr>
+<td>DataURL</td>
+<td><input name="DataURL" value="<% out.write(initPropertiesBean.getMOASLWebAppURL() + request.getContextPath()); %>/dataurl" size=70/>
+</td>
+</tr>
+</table>
+<p align="center">
+<input type="submit">
+</p>
+</td>
+</tr>
+</table>
+</form>
+</body>
+</html>
diff --git a/spss.slinterface/test/moa-wartung-la17/verifyRequest.xml b/spss.slinterface/test/moa-wartung-la17/verifyRequest.xml
new file mode 100644
index 000000000..d66d6ecc6
--- /dev/null
+++ b/spss.slinterface/test/moa-wartung-la17/verifyRequest.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyXMLSignatureRequest xmlns="http://www.buergerkarte.at/namespaces/securitylayer/20031231#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <SignatureInfo>
+ <SignatureEnvironment>
+ <XMLContent><dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/><dsig:Reference Id="reference-1-1" URI="dokument.xml"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"><xsl:include href="stylesheet.xsl"/></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>W8W5rmqsVfSPwZ3bLF/dZPCAdXQ=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>R/flqO2oXfd/bdqWADtuA571WCV4x+yO1rKW4tpU0+MJYv3e+xnJwFyv51ipp7cx</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIID+DCCA2WgAwIBAgIBCTAJBgUrDgMCHQUAMH8xCzAJBgNVBAYTAkFUMSwwKgYD
+VQQKEyNTdGFic3RlbGxlIElLVC1TdHJhdGVnaWUgZGVzIEJ1bmRlczEeMBwGA1UE
+CxMVVGVjaG5payB1bmQgU3RhbmRhcmRzMSIwIAYDVQQDExlUZXN0IENBIC0gU2ln
+bmF0dXJkaWVuc3RlMB4XDTA0MDgwNDA4MjM0OFoXDTA3MDgwNDA4MjM0OFowgZgx
+CzAJBgNVBAYTAkFUMS0wKwYDVQQKEyRTdGFic3N0ZWxsZSBJS1QtU3RyYXRlZ2ll
+IGRlcyBCdW5kZXMxHjAcBgNVBAsTFVRlY2huaWsgdW5kIFN0YW5kYXJkczE6MDgG
+A1UEAxMxVGVzdDogU2lnbmF0dXJkaWVuc3QgYWxsZXIgS3VuZGVuOiBFQ0RTQSAo
+UDE5MnYxKTCB8zCBvAYHKoZIzj0CATCBsAIBATAkBgcqhkjOPQEBAhkA////////
+/////////////v//////////MDQEGP////////////////////7//////////AQY
+ZCEFGeWcgOcPp+mrciQwSf643uzBRrmxBDEEGI2oDrAwkPZ8vyDrQ6GIAPT/Cv2C
+/xASBxkrlf/I2nhjEBHtayTN1XP5d6EeeUgRAhkA////////////////md74NhRr
+ybG00igxAgEBAzIABNHWY9lQOE1zgmpcpjTg2WIg6qgEsGhpXELPinJoMPDVheTv
+2BZPG42YJsNfvWgC06OCARwwggEYMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8E
+AjAAMB0GA1UdDgQWBBRHH5EXnrWosCmIa+JyEM5seMxFVzBdBgNVHSAEVjBUMFIG
+DCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0
+IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2VlaWduZXQuMEMGA1UdHwQ8MDowOKA2
+oDSGMmh0dHA6Ly9sYWJzLmNpby5ndi5hdC90ZW1wL2NybHMvc2lnbmF0dXJkaWVu
+c3QuY3JsMBQGByooAAoBAQEECQwHQktBLUlLVDAfBgNVHSMEGDAWgBRAl0P5fWaw
+vf59+uxGcYY9wffZPTAJBgUrDgMCHQUAA4GBAIMKUsnajgfBtpHeDdMdQMLA8fdt
+lluezDOM78WYYSFURP04QZk5iHkShzptgZCF5Y/T4an3dC3SnytL67LJvEoKUyja
+iTMLo7650xRTvAjTaMJ+nly/wTRYJKplOLXKWj3WwfObMHXdsDE8NJmpJSRE7Sw7
++tj+UiTiNNSaXirq</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo></dsig:Signature></XMLContent>
+ </SignatureEnvironment>
+ <SignatureLocation>/dsig:Signature</SignatureLocation>
+ </SignatureInfo>
+ <Supplement>
+ <Content Reference="stylesheet.xsl">
+ <LocRefContent><% out.write(initPropertiesBean.getMOASLWebAppURL() + request.getContextPath()); %>/test/moa-wartung-la17/stylesheet.xsl</LocRefContent>
+ </Content>
+ </Supplement>
+ <Supplement>
+ <Content Reference="dokument.xml">
+ <LocRefContent><% out.write(initPropertiesBean.getMOASLWebAppURL() + request.getContextPath()); %>/test/moa-wartung-la17/dokument.xml</LocRefContent>
+ </Content>
+ </Supplement>
+</VerifyXMLSignatureRequest>