diff options
Diffstat (limited to 'spss/server')
10 files changed, 247 insertions, 177 deletions
diff --git a/spss/server/history.txt b/spss/server/history.txt index d2ea71698..651524419 100644 --- a/spss/server/history.txt +++ b/spss/server/history.txt @@ -1,5 +1,5 @@ ############## -1.5.2 +2.0.0 ############## - Signaturerstellung: @@ -12,7 +12,7 @@ - Angabe einer Whitelist um das Aufloesen externer Referenzen von den angegebenen Quellen zu aktivieren. - Libraries aktualisiert bzw. hinzugefuegt: iaik-moa: Version 1.5 - iaik-tsl Version 1.0.0 + iaik-tsl Version 1.0 ############## 1.5.1 @@ -20,7 +20,7 @@ - Sicherheitsupdates - Defaultmaessiges Deaktiveren des Aufloesens von externen Referenzen - - Angabe einer Blacklist in der Konfiguration um den Intranetbereich zu sch�tzen, so das Aufloesen externer Referenzen aktiviert wird + - Angabe einer Blacklist in der Konfiguration um den Intranetbereich zu schützen, so das Aufloesen externer Referenzen aktiviert wird - Update der Standard Trustprofile und Standard Konfigurationen - Standard Trustprofil "OfficialSignature" fuer Amtssignaturen hinzugefuegt - Libraries aktualisiert: diff --git a/spss/server/pom.xml b/spss/server/pom.xml index a78496017..b5e1b32c1 100644 --- a/spss/server/pom.xml +++ b/spss/server/pom.xml @@ -3,14 +3,14 @@ <parent>
<groupId>MOA</groupId>
<artifactId>spss</artifactId>
- <version>1.5.x</version>
+ <version>2.0.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.spss</groupId>
<artifactId>moa-spss</artifactId>
<packaging>pom</packaging>
- <version>1.5.x</version>
+ <version>2.0.x</version>
<name>MOA SP/SS Server</name>
<modules>
diff --git a/spss/server/readme.update.txt b/spss/server/readme.update.txt index 4f40604bb..07d100272 100644 --- a/spss/server/readme.update.txt +++ b/spss/server/readme.update.txt @@ -1,11 +1,11 @@ ====================================================================== - Update einer bestehenden MOA-SPSS-Installation auf Version 1.5.2 + Update einer bestehenden MOA-SPSS-Installation auf Version 2.0.0 ====================================================================== Es gibt zwei Moeglichkeiten (im Folgenden als "Update Variante A" und "Update Variante B" bezeichnet), das Update von MOA-SPSS auf Version -1.5.2 durchzufuehren. Update Variante A geht dabei den Weg ueber eine +2.0.0 durchzufuehren. Update Variante A geht dabei den Weg ueber eine vorangestellte Neuinstallation, waehrend Variante B direkt eine bestehende Installation aktualisiert. @@ -16,7 +16,7 @@ JAVA_HOME bezeichnet das Wurzelverzeichnis der JDK-Installation CATALINA_HOME bezeichnet das Wurzelverzeichnis der Tomcat-Installation MOA_SPSS_INST bezeichnet das Verzeichnis, in das Sie die Datei -moa-spss-1.5.2.zip entpackt haben. +moa-spss-2.0.0.zip entpackt haben. ================= Update Variante A @@ -53,7 +53,7 @@ Update Variante B 1.) Erstellen Sie eine Sicherungskopie des kompletten Tomcat-Verzeichnisses Ihrer MOA-SPSS-Installation. -2.) Entpacken Sie die Datei "moa-spss-1.5.2.zip" in das Verzeichnis MOA_SPSS_INST. +2.) Entpacken Sie die Datei "moa-spss-2.0.0.zip" in das Verzeichnis MOA_SPSS_INST. 3.) Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index 5a2f001d4..88d3fb90d 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -2,14 +2,14 @@ <parent>
<groupId>MOA.spss</groupId>
<artifactId>moa-spss</artifactId>
- <version>1.5.x</version>
+ <version>2.0.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.spss.server</groupId>
<artifactId>moa-spss-lib</artifactId>
<packaging>jar</packaging>
- <version>1.5.2</version>
+ <version>2.0.0</version>
<name>MOA SP/SS API</name>
<properties>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java index 07da0a998..3a004a81d 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.spss.tsl.connector;
import iaik.asn1.ObjectID;
+
import iaik.util._;
import iaik.util.logging._l;
import iaik.utils.RFC2253NameParser;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java index 5456701c0..e06abe44d 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java @@ -46,7 +46,9 @@ public class TSLUpdaterTimerTask extends TimerTask { public void run() {
try {
+ Logger.info("Start TSL Update");
update();
+ Logger.info("Finished TSL Update");
} catch (TSLEngineDiedException e) {
MessageProvider msg = MessageProvider.getInstance();
Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
@@ -172,33 +174,33 @@ public class TSLUpdaterTimerTask extends TimerTask { // convert ArrayList<File> to X509Certificate[]
if (tsl_certs == null) {
- Logger.error("No certificates from TSL imported.");
- throw new TSLSearchException("No certificates from TSL imported.");
+ Logger.warn("No certificates from TSL imported.");
+ //throw new TSLSearchException("No certificates from TSL imported.");
}
+ else {
- X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];
- Iterator itcert = tsl_certs.iterator();
- i = 0;
- File f = null;
- while(itcert.hasNext()) {
- f = (File)itcert.next();
- FileInputStream fis = new FileInputStream(f);
- X509Certificate cert = new X509Certificate(fis);
- addCertificatesTSL[i] = cert;
+ X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];
+ Iterator itcert = tsl_certs.iterator();
+ i = 0;
+ File f = null;
+ while(itcert.hasNext()) {
+ f = (File)itcert.next();
+ FileInputStream fis = new FileInputStream(f);
+ X509Certificate cert = new X509Certificate(fis);
+ addCertificatesTSL[i] = cert;
- i++;
- fis.close();
- }
+ i++;
+ fis.close();
+ }
- Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates."));
- storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);
- storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);
+ Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates."));
+ storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);
+ storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);
- Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
- storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
- storeUpdater.addCertificatesToCertStores(addCertificates, tid);
-
-
+ Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
+ storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+ storeUpdater.addCertificatesToCertStores(addCertificates, tid);
+ }
}
}
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java index f0dbd779e..492d10eda 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.spss.tsl.utils;
import iaik.util.logging._l;
+
import iaik.util.logging.Log.MultiThreadLoggingGroup;
import iaik.utils.RFC2253NameParserException;
import iaik.utils.Util;
@@ -15,6 +16,7 @@ import iaik.xml.crypto.tsl.TSLOpenURIException; import iaik.xml.crypto.tsl.TSLThreadContext;
import iaik.xml.crypto.tsl.ValidationFixupFilter;
import iaik.xml.crypto.tsl.ValidationFixupFilter.AttributeValueFixup;
+import iaik.xml.crypto.tsl.ValidationFixupFilter.DeleteAttrFixup;
import iaik.xml.crypto.tsl.ValidationFixupFilter.ElementStringValueFixup;
import iaik.xml.crypto.tsl.ValidationFixupFilter.FixedSaxLevelValidationExcption;
import iaik.xml.crypto.tsl.ValidationFixupFilter.Fixup;
@@ -97,44 +99,34 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF trustAnchorsWrongOnEuTsl_;
public TSLImportFromFileContext(
- Countries expectedTerritory,
- URL url,
- Number otherTslPointerId,
- String workingdirectory,
- boolean sqlMultithreaded,
- boolean throwExceptions,
- boolean logExceptions,
- boolean throwWarnings,
- boolean logWarnings,
- boolean nullRedundancies,
- String baseuri,
- Map <Countries, ListIterator<X509Certificate>> trustAnchorsWrongOnEuTsl,
- TSLThreadContext parentContext) {
- super(
- expectedTerritory,
- url,
- otherTslPointerId,
- workingdirectory,
- sqlMultithreaded,
- throwExceptions,
- logExceptions,
- throwWarnings,
- logWarnings,
- nullRedundancies,
- parentContext);
- baseuri_ = baseuri;
- trustAnchorsWrongOnEuTsl_ = trustAnchorsWrongOnEuTsl;
- }
-
- public List<ThrowableAndLocatorAndMitigation> getErrorsAndWarnings() {
- List<ThrowableAndLocatorAndMitigation> errorsAndWarnings = new ArrayList<ThrowableAndLocatorAndMitigation>();
- errorsAndWarnings.addAll(this.fatals_);
- errorsAndWarnings.addAll(this.faildTransactions_);
- errorsAndWarnings.addAll(this.warnings_);
-
- return errorsAndWarnings;
- }
-
+ Countries expectedTerritory,
+ URL url,
+ Number otherTslPointerId,
+ String workingdirectory,
+ boolean sqlMultithreaded,
+ boolean throwExceptions,
+ boolean logExceptions,
+ boolean throwWarnings,
+ boolean logWarnings,
+ boolean nullRedundancies,
+ String baseuri,
+ Map <Countries, ListIterator<X509Certificate>> trustAnchorsWrongOnEuTsl,
+ TSLThreadContext parentContext) {
+ super(
+ expectedTerritory,
+ url,
+ otherTslPointerId,
+ workingdirectory,
+ sqlMultithreaded,
+ throwExceptions,
+ logExceptions,
+ throwWarnings,
+ logWarnings,
+ nullRedundancies,
+ parentContext);
+ baseuri_ = baseuri;
+ trustAnchorsWrongOnEuTsl_ = trustAnchorsWrongOnEuTsl;
+ }
/* (non-Javadoc)
* @see iaik.xml.crypto.tsl.TSLImportFromFileContext#getbaseURI()
*/
@@ -142,67 +134,80 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF public String getbaseURI() {
return this.baseuri_;
}
-
+
+
+
+
//@Override
- protected RuntimeException wrapException(Throwable t, Locator l, Mitigation m) {
- return super.wrapException(t, l, m);
- }
+ protected RuntimeException wrapException(Throwable t, Locator l, Mitigation m) {
+ return super.wrapException(t, l, m);
+ }
@Override
- public synchronized void throwException(Throwable e) {
+ public
+ synchronized void throwException(Throwable e) {
if (e instanceof TSLValidationException) {
// we do not throw dom validation errors for testing
// and just collect them
wrapException(e);
-
} else if (e instanceof TSLVerificationException) {
+
+ boolean corrected = false;
// we do not throw verification errors for testing
// and just collect them
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NO_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NO_TSL_SIGNATURE) {
-
- //TSL with no signature are ignored!!!!
- l.warn("TSL IS NOT SIGNED! "
- + this.expectedTerritory_.name() + " TSL ignored.");
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
+// // NEVER DO THIS! unless you want to import TSLs without signatures.
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NO_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NO_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+// }
+//
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+// }
- wrapException(e);
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+//
+// corrected = true;
+// }
+//
+//
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+//
+// corrected = true;
+// }
+//
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+//
+// corrected = true;
+// }
+//
+// if (corrected)
+// wrapException(e);
+// else
+// super.throwException(e);
+
+ super.throwException(e);
} else if (e instanceof FileNotFoundException) {
// we do not stop and continue processing
wrapException(e);
-
} else if (e instanceof IllegalArgumentException) {
// we do not stop and continue processing
wrapException(e);
-
} else {
// all other errors are treated as per default
super.throwException(e);
@@ -221,9 +226,6 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF if(
e instanceof FixedSaxLevelValidationExcption &&
enclosingMethod.getDeclaringClass().equals(ValidationFixupFilter.class)){
-
-
-
wrapException(e,
((LocatorAspect) e).getLocator(),
new FixedValidationMitigation("Performed SAX Level Fixup."));
@@ -247,7 +249,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF if (parameters[0] instanceof DOMError) {
DOMError domError = (DOMError) parameters[0];
- l.info(""+domError.getRelatedData());
+ _l.warn(""+domError.getRelatedData());
// domError.getRelatedData().getClass().getField("")
@@ -308,6 +310,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF }
});
return mitigatedResult;
+
}
}
@@ -378,11 +381,43 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF }
}
- l.error("Ignoring download error using old: " + parameters[0], null);
+ _l.err("Ignoring download error using old: " + parameters[0], null);
wrapException(e);
return parameters[1];
}
+// if (
+// expectedTerritory_ == Countries.PL &&(
+// (e.getCause() instanceof java.io.EOFException ||
+// e.getCause() instanceof iaik.security.ssl.SSLException) &&
+// parameters[0] instanceof URL &&
+// ((URL)parameters[0]).getProtocol().equalsIgnoreCase("https")
+// )){
+// File f = null;
+// System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
+// TLS.register("TLSv1");
+// try {
+// f = (File) enclosingMethod.invoke(thisObject, parameters);
+// } catch (IllegalAccessException e1) {
+// wrapException(e1);
+// } catch (InvocationTargetException e1) {
+// wrapException(e1);
+// }
+//
+// // System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", null);
+// TLS.register();
+//
+// if (f != null){
+// wrapException(e, null, new Mitigation() {
+// @Override
+// public String getReport() {
+// return "Trying TLSv1 and sun.security.ssl.allowUnsafeRenegotiation=true";
+// }
+// });
+// return f;
+// }
+// }
+
if (
e instanceof TSLSecurityException &&
enclosingMethod.getDeclaringClass().equals(TSLContext.class) &&
@@ -406,14 +441,14 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF wrapException(e1);
}
wrapException(e, getLocator(),
- new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation(){
- @Override
- public String getReport() {
- return "make an exception for " + expectedTerritory_ + " who have the wrong certificate in " +
- "the EU TSL and allow the certificate " +
- parameters[1];
- }
- });
+ new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation(){
+ @Override
+ public String getReport() {
+ return "make an exception for " + expectedTerritory_ + " who have the wrong certificate in " +
+ "the EU TSL and allow the certificate " +
+ parameters[1];
+ }
+ });
return null;
}
X509Certificate crt = (X509Certificate)parameters[1];
@@ -530,47 +565,45 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF }
}
-// //TODO: CONSIDER, IF WE REALLY WANT THIS PART OF CODE!
-// //ugly hack to accept a certificate which uses a crazy X509SubjectName!!
-// if ( expectedTerritory_ == Countries.DK &&
-// e instanceof KeySelectorException &&
-// parameters[0] instanceof X509DataImpl){
-// if (e.getMessage().equals("KeyInfo X509SubjectName (CN=Adam Arndt Digst,serialNumber=CVR:34051178-RID:25902029,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) does not match SubjectDN (serialNumber=CVR:34051178-RID:25902029+CN=Adam Arndt Digst,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) of KeyInfo X509Certificate.\n"+
-// "Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear MUST refer to the certificate or certificates containing the validation key.")) {
-//
-// X509DataImpl x509DataImpl = (X509DataImpl) parameters[0];
-//
-// Node child = x509DataImpl.getNode().getFirstChild().getNextSibling();
-// Node child1 = x509DataImpl.getNode().getFirstChild();
-//
-// x509DataImpl.getNode().removeChild(child);
-// x509DataImpl.getNode().removeChild(child1);
-//
-//
-// parameters[0] = (X509Data) x509DataImpl
-//
-// Object mitigatedResult = null;
-// try {
-//
-// mitigatedResult = enclosingMethod.invoke(thisObject, parameters);
-// } catch (IllegalAccessException e1) {
-// wrapException(e1);
-// } catch (InvocationTargetException e1) {
-// wrapException(e1);
-// }
-//
-// if (mitigatedResult != null){
-// wrapException(e, null, new Mitigation(null) {
-// @Override
-// public String getReport() {
-// return "Deleted wrong X509SubjectName from XMLDSIG Signature.";
-// }
-// });
-// return mitigatedResult;
-// }
-// }
-// }
-
+ if ( expectedTerritory_ == Countries.DK &&
+ e instanceof KeySelectorException &&
+ parameters[0] instanceof X509DataImpl){
+ if (e.getMessage().equals("KeyInfo X509SubjectName (CN=Adam Arndt Digst,serialNumber=CVR:34051178-RID:25902029,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) does not match SubjectDN (serialNumber=CVR:34051178-RID:25902029+CN=Adam Arndt Digst,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) of KeyInfo X509Certificate.\n"+
+ "Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear MUST refer to the certificate or certificates containing the validation key.")) {
+
+ X509DataImpl x509DataImpl = (X509DataImpl) parameters[0];
+
+ ListIterator li = x509DataImpl.getContent().listIterator();
+ li.next();
+ String sn = (String) li.next();
+
+ _l.err(sn, null);
+
+ System.exit(1);
+
+ Object mitigatedResult = null;
+ try {
+
+ mitigatedResult = enclosingMethod.invoke(thisObject, parameters);
+ } catch (IllegalAccessException e1) {
+ wrapException(e1);
+ } catch (InvocationTargetException e1) {
+ wrapException(e1);
+ }
+
+ if (mitigatedResult != null){
+ wrapException(e, null, new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation() {
+ @Override
+ public String getReport() {
+ return "Deleted wrong X509SubjectName from XMLDSIG Signature.";
+ }
+ });
+ return mitigatedResult;
+
+ }
+ }
+ }
+
} else {
if (e instanceof MitigatedTSLSecurityException){
@@ -578,7 +611,6 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF // and collect them
wrapException(e);
return null;
-
} else if (e instanceof FixedSaxLevelValidationExcption) {
// we allow to mitigate Sax Level Fixup for testing
// and collect them
@@ -607,7 +639,11 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF if(expectedTerritory_ == Countries.EL){
//fix the whitespace in Greece TSL
status = status.trim();
- }
+ }
+ if (status != null && status.startsWith("http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/")) {
+ status = status.substring("http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/".length());
+ }
+
return super.compressStatus(status);
}
@@ -625,6 +661,37 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF @Override
public iaik.xml.crypto.tsl.ValidationFixupFilter.Fixup getSaxLevelValidationFixup(SAXParseException e) {
+ if (expectedTerritory_ == Countries.AT){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.CZ){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.FR){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.NO){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.SK){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+
if (expectedTerritory_ == Countries.ES && getDownloadLocation().toString().contains(".es/")){
if (e.getMessage().equals("cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'tslx:CertSubjectDNAttributeType'.")){
return new LocalNameFixup("CertSubjectDNAttributeType","CertSubjectDNAttribute",e, this);
@@ -734,7 +801,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF String msg = e.getMessage();
- l.info(msg);
+ _l.info(msg);
return(
msg.startsWith("["+SQLiteErrorCode.SQLITE_CONSTRAINT.name()+"]") &&
msg.contains("column " + DbTables.TSLDownload.C.rawHash + " is not unique")
@@ -748,7 +815,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF @Override
protected long howLongWaitForThreads() {
// TODO Auto-generated method stub
- return 10000;
+ return 100000;
}
@Override
@@ -768,7 +835,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF synchronized (log) {
parentContext_.print("<" + ncName + " state=\"" + currentThread.getState()
+ "\" " + " id=\"" + currentThread.getId() + "\">\n" + log.toString() + "</"
- + ncName + ">\n");
+ + ncName + ">" + _.LB);
parentContext_.flushLog();
log.setLength(0);
}
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.component b/spss/server/serverws/.settings/org.eclipse.wst.common.component index 5efe131f3..ffe4d38a0 100644 --- a/spss/server/serverws/.settings/org.eclipse.wst.common.component +++ b/spss/server/serverws/.settings/org.eclipse.wst.common.component @@ -2,10 +2,10 @@ <wb-module deploy-name="moa-spss-ws">
<wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
<wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
- <dependent-module archiveName="moa-spss-lib-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+ <dependent-module archiveName="moa-spss-lib-2.0.0.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
<dependency-type>uses</dependency-type>
</dependent-module>
- <dependent-module archiveName="moa-common-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+ <dependent-module archiveName="moa-common-2.0.0.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
<dependency-type>uses</dependency-type>
</dependent-module>
<property name="java-output-path" value="/target/classes"/>
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml index a99a573c1..2a7467146 100644 --- a/spss/server/serverws/pom.xml +++ b/spss/server/serverws/pom.xml @@ -3,14 +3,14 @@ <parent> <groupId>MOA.spss</groupId> <artifactId>moa-spss</artifactId> - <version>1.5.x</version> + <version>2.0.x</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA.spss.server</groupId> <artifactId>moa-spss-ws</artifactId> <packaging>war</packaging> - <version>1.5.2</version> + <version>2.0.0</version> <name>MOA SP/SS WebService</name> <properties> diff --git a/spss/server/tools/pom.xml b/spss/server/tools/pom.xml index 19d72a380..48e0a998c 100644 --- a/spss/server/tools/pom.xml +++ b/spss/server/tools/pom.xml @@ -2,14 +2,14 @@ <parent> <groupId>MOA.spss</groupId> <artifactId>moa-spss</artifactId> - <version>1.5.x</version> + <version>2.0.x</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA.spss.server</groupId> <artifactId>moa-spss-tools</artifactId> <packaging>jar</packaging> - <version>1.5.2</version> + <version>2.0.0</version> <name>MOA SP/SS Tools</name> <properties> |