4 files changed, 27 insertions, 18 deletions

diff --git a/common/res/resources/schemas/MOA-SPSS-Configuration-1.0.xsd b/common/res/resources/schemas/MOA-SPSS-Configuration-1.0.xsd
index 978733394..5a9f966ea 100644
--- a/common/res/resources/schemas/MOA-SPSS-Configuration-1.0.xsd
+++ b/common/res/resources/schemas/MOA-SPSS-Configuration-1.0.xsd
@@ -193,6 +193,7 @@
           <xs:complexType>

             <xs:attribute name="id" type="xs:token" use="required"/>

             <xs:attribute name="uri" type="xs:anyURI" use="required"/>

+            <xs:attribute name="signerCertsUri" type="xs:anyURI" use="optional"/>

           </xs:complexType>

         </xs:element>

       </xs:sequence>

diff --git a/spss.server/res/resources/properties/spss_messages_de.properties b/spss.server/res/resources/properties/spss_messages_de.properties
index ead8d3295..a4ae8e563 100644
--- a/spss.server/res/resources/properties/spss_messages_de.properties
+++ b/spss.server/res/resources/properties/spss_messages_de.properties
@@ -120,7 +120,7 @@ config.16=Fehler beim Erstellen von X509IssuerSerial (IssuerName={0}, SerialNumb
 config.17=DigestAlgorithmName unbekannt (AlgorithmName={0})
 config.18=Lade Keystore: {0}
 config.19=Key ID={0}
-config.20=Fehler beim Aktualisieren der MOA SP/SS Konfiguration. Die bestehende Konfiguration wird beibehalten. 
+config.20=Fehler beim Aktualisieren der MOA SP/SS Konfiguration. Die bestehende Konfiguration wird beibehalten 
 config.21=Lade Konfiguration von {0}
 config.22=Lade {0} mit id={1} von Datei {2}
 config.23=Fehler in der Konfiguration: {0} nicht konfiguriert oder ungültig, verwende den Default-Wert: {1}
@@ -143,3 +143,4 @@ handler.05=Fehler beim Abarbeiten der Anfrage
 invoker.00=Das Signature Environment konnte nicht validierend geparst werden
 invoker.01=Keine passende Transformationskette gefunden (Index={0})
 invoker.02=Der Hashwert der Transformation stimmt nicht überein (Index={0})
+invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1})
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 33e9daca1..96a90980d 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -829,8 +829,6 @@ public class ConfigurationPartsBuilder {
       String uriStr = profileElem.getAttribute("uri");
       String signerCertsUriStr = profileElem.getAttribute("signerCertsUri");
 
-      boolean createTrustProfile = true;
-      
       URI uri = null;
       try
       {
@@ -841,23 +839,23 @@ public class ConfigurationPartsBuilder {
       }
       catch (URIException e) {
         warn("config.14", new Object[] { "uri", id, uriStr }, e);
-        createTrustProfile = false;
+        continue;
       }
       catch (MalformedURLException e)
       {
         warn("config.15", new Object[] {id}, e);
-        createTrustProfile = false;
+        continue;
       }
 
       File profileDir = new File(uri.getPath());
       if (!profileDir.exists() || !profileDir.isDirectory()) {
         warn("config.27", new Object[] { "uri", id });
-        createTrustProfile = false;
+        continue;
       }
 
       if (trustProfiles.containsKey(id)) {
         warn("config.04", new Object[] { "TrustProfile", id });
-        createTrustProfile = false;
+        continue;
       } 
       
       URI signerCertsUri = null;
@@ -866,28 +864,27 @@ public class ConfigurationPartsBuilder {
         try
         {
           signerCertsUri = new URI(signerCertsUriStr);
-          if (!signerCertsUri.isAbsolute()) uri = new URI(configRoot.toURL() + signerCertsUriStr);
+          if (!signerCertsUri.isAbsolute()) signerCertsUri = new URI(configRoot.toURL() + signerCertsUriStr);
           
           File signerCertsDir = new File(signerCertsUri.getPath());
           if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) {
             warn("config.27", new Object[] { "signerCertsUri", id });
-            createTrustProfile = false;
+            continue;
           }
         }
         catch (URIException e) {
           warn("config.14", new Object[] { "signerCertsUri", id, uriStr }, e);
-          createTrustProfile = false;
+          continue;
         }
         catch (MalformedURLException e) {
           warn("config.15", new Object[] {id}, e);
-          createTrustProfile = false;
+          continue;
         }
       }
       
-      if (createTrustProfile) {
-        TrustProfile profile = new TrustProfile(id, uri.toString(), signerCertsUri.toString());
-        trustProfiles.put(id, profile);
-      }
+      signerCertsUriStr = (signerCertsUri != null) ? signerCertsUri.toString() : null;
+      TrustProfile profile = new TrustProfile(id, uri.toString(), signerCertsUriStr);
+      trustProfiles.put(id, profile);
     }
 
     return trustProfiles;
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index e8b2a5e10..1f9d45ed1 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -20,6 +20,7 @@ import iaik.x509.X509Certificate;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Date;
@@ -241,6 +242,8 @@ public class XMLSignatureVerificationInvoker {
   private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, TrustProfile trustProfile)
     throws MOAException
   {
+    MessageProvider msg = MessageProvider.getInstance();
+    
     int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue();
     if (resultCode == 0 && trustProfile.getSignerCertsUri() != null)
     {
@@ -275,14 +278,21 @@ public class XMLSignatureVerificationInvoker {
           try
           {
             X509Certificate currentCert = new X509Certificate(currentFIS);
+            currentFIS.close();
             if (currentCert.equals(signerCertificate)) break;
           }
           catch (Exception e)
           {
             // Simply ignore file if it cannot be interpreted as certificate
-            Logger.warn("Signatorzertifiat aus Trustprofile mit id=" + 
-              trustProfile.getId() + " kann nicht geparst werden: " +
-              e.getMessage());
+            String logMsg = msg.getMessage("invoker.03", new Object[]{trustProfile.getId(), files[i].getName()});
+            Logger.warn(logMsg);
+            try
+            {
+              currentFIS.close();
+            }
+            catch (IOException e1) {
+              // If clean-up fails, do nothing
+            }
           }
         }
       }