diff options
Diffstat (limited to 'spss/server')
19 files changed, 740 insertions, 219 deletions
diff --git a/spss/server/history.txt b/spss/server/history.txt index 02419a3fa..651524419 100644 --- a/spss/server/history.txt +++ b/spss/server/history.txt @@ -1,16 +1,18 @@ ############## -1.5.2 +2.0.0 ############## - Signaturerstellung: - Unterstuetzung von XAdES Version 1.4.2 - Unterstuetzung von CMS/CAdES Signaturen Version 2.2.1 -- TSL Unterstuetzung +- Signaturpruefung: + - Trust-service Status List (TSL) Unterstuetzung +- Update der Standard Trustprofile und Standard Konfigurationen - Sicherheitsupdates - Angabe einer Whitelist um das Aufloesen externer Referenzen von den angegebenen Quellen zu aktivieren. - Libraries aktualisiert bzw. hinzugefuegt: iaik-moa: Version 1.5 - iaik-tsl Version 1.0.0 + iaik-tsl Version 1.0 ############## 1.5.1 @@ -18,7 +20,7 @@ - Sicherheitsupdates - Defaultmaessiges Deaktiveren des Aufloesens von externen Referenzen - - Angabe einer Blacklist in der Konfiguration um den Intranetbereich zu sch�tzen, so das Aufloesen externer Referenzen aktiviert wird + - Angabe einer Blacklist in der Konfiguration um den Intranetbereich zu schützen, so das Aufloesen externer Referenzen aktiviert wird - Update der Standard Trustprofile und Standard Konfigurationen - Standard Trustprofil "OfficialSignature" fuer Amtssignaturen hinzugefuegt - Libraries aktualisiert: diff --git a/spss/server/moa-spss.iml b/spss/server/moa-spss.iml new file mode 100644 index 000000000..6e02e5944 --- /dev/null +++ b/spss/server/moa-spss.iml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4"> + <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_5" inherit-compiler-output="false"> + <output url="file://$MODULE_DIR$/target/classes" /> + <output-test url="file://$MODULE_DIR$/target/test-classes" /> + <content url="file://$MODULE_DIR$"> + <excludeFolder url="file://$MODULE_DIR$/target" /> + </content> + <orderEntry type="inheritedJdk" /> + <orderEntry type="sourceFolder" forTests="false" /> + <orderEntry type="library" name="Maven: commons-io:commons-io:1.3.2" level="project" /> + </component> +</module> + diff --git a/spss/server/readme.update.txt b/spss/server/readme.update.txt index 28796ddcb..07d100272 100644 --- a/spss/server/readme.update.txt +++ b/spss/server/readme.update.txt @@ -1,11 +1,11 @@ ====================================================================== - Update einer bestehenden MOA-SPSS-Installation auf Version 1.5.2 + Update einer bestehenden MOA-SPSS-Installation auf Version 2.0.0 ====================================================================== Es gibt zwei Moeglichkeiten (im Folgenden als "Update Variante A" und "Update Variante B" bezeichnet), das Update von MOA-SPSS auf Version -1.5.2 durchzufuehren. Update Variante A geht dabei den Weg ueber eine +2.0.0 durchzufuehren. Update Variante A geht dabei den Weg ueber eine vorangestellte Neuinstallation, waehrend Variante B direkt eine bestehende Installation aktualisiert. @@ -16,7 +16,7 @@ JAVA_HOME bezeichnet das Wurzelverzeichnis der JDK-Installation CATALINA_HOME bezeichnet das Wurzelverzeichnis der Tomcat-Installation MOA_SPSS_INST bezeichnet das Verzeichnis, in das Sie die Datei -moa-spss-1.5.2.zip entpackt haben. +moa-spss-2.0.0.zip entpackt haben. ================= Update Variante A @@ -26,9 +26,9 @@ Update Variante A Ihrer MOA-SPSS-Installation. 2.) Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis - JAVA_HOME\jre\lib\ext, und l�schen Sie diese Dateien danach. + JAVA_HOME\jre\lib\ext, und loeschen Sie diese Dateien danach. -3.) F�hren Sie eine Neuinstallation gemaess Handbuch durch. +3.) Fuehren Sie eine Neuinstallation gemaess Handbuch durch. 4.) Kopieren Sie etwaige Konfigurationsdateien, Trust-Profile und Key-Stores, die Sie aus Ihrer alten Installation beibehalten moechten, aus Ihrer @@ -53,7 +53,7 @@ Update Variante B 1.) Erstellen Sie eine Sicherungskopie des kompletten Tomcat-Verzeichnisses Ihrer MOA-SPSS-Installation. -2.) Entpacken Sie die Datei "moa-spss-1.5.2.zip" in das Verzeichnis MOA_SPSS_INST. +2.) Entpacken Sie die Datei "moa-spss-2.0.0.zip" in das Verzeichnis MOA_SPSS_INST. 3.) Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. @@ -110,7 +110,7 @@ Update Variante B 10.) Update des Cert-Stores. a) Kopieren Sie den Inhalt des Verzeichnisses MOA_SPSS_INST\conf\moa-spss\certstore in das Verzeichnis CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie - vorhandene Dateien oder Unterverzeichnisse �berschreiben sollen, dann bejahen Sie das. + vorhandene Dateien oder Unterverzeichnisse ueberschreiben sollen, dann bejahen Sie das. b) Falls vorhanden, loeschen Sie die Datei "890A4C8282E95EBB398685D9501486EF213941B5" aus dem Verzeichnis CATALINA_HOME\conf\moa-spss\certstore\10F17BDACD8DEAA1E8F23FBEAE7B3EC3D9773D1D. @@ -123,7 +123,7 @@ Update Variante B CATALINA_HOME\conf\moa-spss\certstore\10F17BDACD8DEAA1E8F23FBEAE7B3EC3D9773D1D. 11.) Nur wenn alte Installation aelter als Version 1.3.0: - Mit dem Wechsel auf Version 1.3.0 verwendet MOA SP ein neues Format f�r die + Mit dem Wechsel auf Version 1.3.0 verwendet MOA SP ein neues Format fuer die XML-Konfigurationsdatei. Sie muessen die Konfigurationsdatei fuer MOA-SP aus Ihrer alten Installation auf das neue Format konvertieren. Details dazu finden Sie im MOA-SPSS-Installationshandbuch.
\ No newline at end of file diff --git a/spss/server/serverlib/moa-spss-lib.iml b/spss/server/serverlib/moa-spss-lib.iml new file mode 100644 index 000000000..d1832bd65 --- /dev/null +++ b/spss/server/serverlib/moa-spss-lib.iml @@ -0,0 +1,114 @@ +<?xml version="1.0" encoding="UTF-8"?> +<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4"> + <component name="FacetManager"> + <facet type="web" name="Web"> + <configuration> + <descriptors> + <deploymentDescriptor name="web.xml" url="file://$MODULE_DIR$/src/main/java/at/gv/egovernment/moa/spss/api/Configurator.java" /> + </descriptors> + <webroots> + <root url="file://$MODULE_DIR$/src/main/java/at/gv/egovernment/moa/spss/api" relative="/WEB-INF" /> + </webroots> + <sourceRoots> + <root url="file://$MODULE_DIR$/src/main/java" /> + <root url="file://$MODULE_DIR$/src/main/resources" /> + </sourceRoots> + </configuration> + </facet> + <facet type="web" name="Web2"> + <configuration> + <descriptors> + <deploymentDescriptor name="web.xml" url="file://$MODULE_DIR$/src/test/java/test/at/gv/egovernment/moa/spss/server/iaik/config" /> + </descriptors> + <webroots> + <root url="file://$MODULE_DIR$/src/test/java/test/at/gv/egovernment/moa/spss/server/iaik" relative="/WEB-INF" /> + </webroots> + <sourceRoots> + <root url="file://$MODULE_DIR$/src/main/java" /> + <root url="file://$MODULE_DIR$/src/main/resources" /> + </sourceRoots> + </configuration> + </facet> + <facet type="web" name="Web3"> + <configuration> + <descriptors> + <deploymentDescriptor name="web.xml" url="file://$MODULE_DIR$/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java" /> + </descriptors> + <webroots> + <root url="file://$MODULE_DIR$/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind" relative="/WEB-INF" /> + </webroots> + <sourceRoots> + <root url="file://$MODULE_DIR$/src/main/java" /> + <root url="file://$MODULE_DIR$/src/main/resources" /> + </sourceRoots> + </configuration> + </facet> + </component> + <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_5" inherit-compiler-output="false"> + <output url="file://$MODULE_DIR$/target/classes" /> + <output-test url="file://$MODULE_DIR$/target/test-classes" /> + <content url="file://$MODULE_DIR$"> + <sourceFolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" /> + <sourceFolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" /> + <sourceFolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" /> + <excludeFolder url="file://$MODULE_DIR$/target" /> + </content> + <orderEntry type="inheritedJdk" /> + <orderEntry type="sourceFolder" forTests="false" /> + <orderEntry type="library" name="Maven: axis:axis:1.0_IAIK" level="project" /> + <orderEntry type="library" name="Maven: org.apache.axis:axis-jaxrpc:1.4" level="project" /> + <orderEntry type="library" name="Maven: org.apache.axis:axis-saaj:1.4" level="project" /> + <orderEntry type="library" name="Maven: axis:axis-wsdl4j:1.5.1" level="project" /> + <orderEntry type="library" name="Maven: commons-discovery:commons-discovery:0.2" level="project" /> + <orderEntry type="library" name="Maven: commons-logging:commons-logging:1.0.4" level="project" /> + <orderEntry type="library" name="Maven: javax.activation:activation:1.1" level="project" /> + <orderEntry type="library" name="Maven: javax.mail:mail:1.4" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: junit:junit:3.8.1" level="project" /> + <orderEntry type="library" name="Maven: log4j:log4j:1.2.14" level="project" /> + <orderEntry type="library" scope="RUNTIME" name="Maven: postgresql:postgresql:7.2" level="project" /> + <orderEntry type="library" name="Maven: javax.servlet:servlet-api:2.4" level="project" /> + <orderEntry type="library" name="Maven: xalan-bin-dist:xalan:2.7.1" level="project" /> + <orderEntry type="library" name="Maven: xalan:serializer:2.7.1" level="project" /> + <orderEntry type="library" name="Maven: xml-apis:xml-apis:1.3.04" level="project" /> + <orderEntry type="library" name="Maven: xerces:xercesImpl:2.9.0" level="project" /> + <orderEntry type="library" scope="RUNTIME" name="Maven: xalan-bin-dist:xml-apis:2.7.1" level="project" /> + <orderEntry type="library" scope="RUNTIME" name="Maven: xalan-bin-dist:serializer:2.7.1" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_moa:1.5" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_ixsil:1.2.2.5" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_jce_full:5.101" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_ecc:2.19" level="project" /> + <orderEntry type="library" scope="RUNTIME" name="Maven: iaik.prod:iaik_cms:4.1_MOA" level="project" /> + <orderEntry type="library" scope="RUNTIME" name="Maven: iaik.prod:iaik_Pkcs11Provider:1.2.4" level="project" /> + <orderEntry type="library" scope="RUNTIME" name="Maven: iaik.prod:iaik_Pkcs11Wrapper:1.2.17" level="project" /> + <orderEntry type="module" module-name="moa-common" /> + <orderEntry type="library" name="Maven: jaxen:jaxen:1.0-FCS" level="project" /> + <orderEntry type="library" name="Maven: saxpath:saxpath:1.0-FCS" level="project" /> + <orderEntry type="library" name="Maven: joda-time:joda-time:1.6.2" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:slf4j-api:1.7.5" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:slf4j-simple:1.7.5" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:jcl-over-slf4j:1.7.5" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:log4j-over-slf4j:1.7.5" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.5" level="project" /> + <orderEntry type="library" name="Maven: commons-io:commons-io:1.3.2" level="project" /> + <orderEntry type="module" module-name="moa-common" scope="TEST" production-on-test="" /> + <orderEntry type="module" module-name="moa-spss-tools" scope="TEST" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_tsl:1.0" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_xsect_eval:1.1709142" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_ecc_signed:2.19" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_jce_eval_signed:3.181" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_pki_module:1.0" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_javax_crypto:1.0" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_util:0.23" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_jsse:4.4" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_ssl:4.4" level="project" /> + <orderEntry type="library" name="Maven: iaik:w3c_http:1.0" level="project" /> + <orderEntry type="library" name="Maven: org.xerial:sqlite-jdbc:3.7.8-SNAPSHOT" level="project" /> + <orderEntry type="library" name="Maven: stax:stax-api:1.0.1" level="project" /> + <orderEntry type="library" name="Maven: javax.xml.bind:jaxb-api:2.2.6" level="project" /> + <orderEntry type="library" name="Maven: com.sun.xml.bind:jaxb-impl:2.2.5" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_util:0.23" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_xsect:1.1709142" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_jsse:4.4" level="project" /> + </component> +</module> + diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index 1c756d4d4..4eb2a2218 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -143,16 +143,16 @@ </dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_tsl</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_util</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_xsect</artifactId>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_xsect_eval</artifactId>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
@@ -167,7 +167,7 @@ <artifactId>sqlite-jdbc</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_jsse</artifactId>
</dependency>
@@ -197,7 +197,7 @@ <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>2.2</version>
+ <version>2.9.1</version>
<configuration>
<quiet>true</quiet>
<author>false</author>
@@ -260,7 +260,7 @@ <link>http://java.sun.com/j2se/1.5.0/docs/api/</link>
<link>http://logging.apache.org/log4j/docs/api/</link>
</links>
- <target>1.4</target>
+ <target>1.5</target>
</configuration>
<executions>
<execution>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java index 30eed7001..6cf46c50a 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java @@ -36,6 +36,7 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.util.Constants; + import at.gv.egovernment.moa.spss.util.MessageProvider; /** diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java index 6209d8ef9..6b3f4301f 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java @@ -175,7 +175,7 @@ public class VerifyCMSSignatureRequestParser { excludeByteRangeFrom = new BigDecimal(excludeByteRangeFromStr); if (excludeByteRangeToStr != null) excludeByteRangeTo = new BigDecimal(excludeByteRangeToStr); - + return factory.createCMSDataObject(metaInfo, content, excludeByteRangeFrom, excludeByteRangeTo); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 0908d88c9..3d2da8384 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -1268,6 +1268,111 @@ public class ConfigurationPartsBuilder { } /** + * Build the trust profile mapping. + * + * @return The profile ID to profile mapping. + */ + public Map buildTrustProfiles() + { + Map trustProfiles = new HashMap(); + NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); + Element profileElem; + + while ((profileElem = (Element) profileIter.nextNode()) != null) + { + String id = getElementValue(profileElem, CONF + "Id", null); + String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); + String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); + + URI trustAnchorsLocURI = null; + try + { + trustAnchorsLocURI = new URI(trustAnchorsLocStr); + if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file + trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr); + } + } + catch (URIException e) { + warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e); + continue; + } + catch (MalformedURLException e) + { + warn("config.15", new Object[] {id}, e); + continue; + } + + File profileDir = new File(trustAnchorsLocURI.getPath()); + if (!profileDir.exists() || !profileDir.isDirectory()) { + warn("config.27", new Object[] { "uri", id }); + continue; + } + + + + if (trustProfiles.containsKey(id)) { + warn("config.04", new Object[] { "TrustProfile", id }); + continue; + } + + URI signerCertsLocURI = null; + if (signerCertsLocStr != null && !"".equals(signerCertsLocStr)) + { + try + { + signerCertsLocURI = new URI(signerCertsLocStr); + if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr); + + File signerCertsDir = new File(signerCertsLocURI.getPath()); + if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) { + warn("config.27", new Object[] { "signerCertsUri", id }); + continue; + } + } + catch (URIException e) { + warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e); + continue; + } + catch (MalformedURLException e) { + warn("config.15", new Object[] {id}, e); + continue; + } + } + + signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null; + + TrustProfile profile = null; + + profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, false, null); + + trustProfiles.put(id, profile); + + } + + return trustProfiles; + } + + /** + * checks if a trustprofile with TSL support is enabled + * + * @return true if TSL support is enabled in at least one trustprofile, else false + */ + public boolean checkTrustProfilesTSLenabled() + { + NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); + Element profileElem; + + boolean tslSupportEnabled = false; + while ((profileElem = (Element) profileIter.nextNode()) != null) { + Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL"); + if (eutslElem != null) //EUTSL element found --> TSL enabled + tslSupportEnabled = true; + } + + return tslSupportEnabled; + } + + /** * Returns the location of the certificate store. * * @return the location of the certificate store. @@ -1385,6 +1490,22 @@ public class ConfigurationPartsBuilder { Logger.warn(new LogMsg(txt)); warnings.add(txt); } + + /** + * Log a warning. + * + * @param messageId The message ID. + * @param args Additional parameters for the message. + * @see at.gv.egovernment.moa.spss.server.util.MessageProvider + */ + private void debug(String messageId, Object[] args) { + MessageProvider msg = MessageProvider.getInstance(); + String txt = msg.getMessage(messageId, args); + + Logger.debug(new LogMsg(txt)); + + } + /** * Log a debug message. @@ -1577,31 +1698,31 @@ public class ConfigurationPartsBuilder { public TSLConfiguration getTSLConfiguration() { TSLConfigurationImpl tslconfiguration = new TSLConfigurationImpl(); - + String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null); if (StringUtils.isEmpty(euTSLUrl)) { euTSLUrl = TSLConfiguration.DEFAULT_EU_TSL_URL; - warn("config.39", new Object[] { "EUTSL", euTSLUrl }); + debug("config.39", new Object[] { "EUTSL", euTSLUrl }); } String updateSchedulePeriod = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "Period" , null); if (StringUtils.isEmpty(updateSchedulePeriod)) { updateSchedulePeriod = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_PERIOD; - warn("config.39", new Object[] { "UpdateSchedule/Period", updateSchedulePeriod }); + debug("config.39", new Object[] { "UpdateSchedule/Period", updateSchedulePeriod }); } String updateScheduleStartTime = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "StartTime", null); if (StringUtils.isEmpty(updateScheduleStartTime)) { updateScheduleStartTime = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_STARTTIME; - warn("config.39", new Object[] { "UpdateSchedule/StartTime", updateScheduleStartTime }); + debug("config.39", new Object[] { "UpdateSchedule/StartTime", updateScheduleStartTime }); } String workingDirectoryStr = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "WorkingDirectory", null); if (StringUtils.isEmpty(workingDirectoryStr)) { workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR; - warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); + debug("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); } // convert update schedule starting time to Date object @@ -1638,24 +1759,12 @@ public class ConfigurationPartsBuilder { return null; } - File hashcache = new File(tslWorkingDir, "hashcache"); - if (!hashcache.exists()) { - hashcache.mkdir(); - } - if (!hashcache.isDirectory()) { - error("config.38", new Object[] { hashcache.getAbsolutePath() }); - return null; - } - - System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath()); -// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR"); -// System.out.println("Hashcache: " + hashcachedir); - + debug("TSL Konfiguration - EUTSLUrl: " + euTSLUrl); debug("TSL Konfiguration - UpdateSchedule/Period: " + updateSchedulePeriod); debug("TSL Konfiguration - UpdateSchedule/StartTime: " + updateScheduleStartTime); debug("TSL Konfiguration - TSLWorkingDirectory: " + tslWorkingDir.getAbsolutePath()); - debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath()); + // set TSL configuration tslconfiguration.setEuTSLUrl(euTSLUrl); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 2cad35763..d67cbf1b4 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -347,6 +347,16 @@ public class ConfigurationProvider try { builder = new ConfigurationPartsBuilder(configElem, configRoot); + if (builder.checkTrustProfilesTSLenabled()) { + debug("TSL support enabled for at least one trustprofile."); + tslconfiguration_ = builder.getTSLConfiguration(); + trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory()); + } + else { + tslconfiguration_ = null; + trustProfiles = builder.buildTrustProfiles(); + } + digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName(); canonicalizationAlgorithmName = builder.getCanonicalizationAlgorithmName(); @@ -361,14 +371,14 @@ public class ConfigurationProvider keyGroupMappings = builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL); - tslconfiguration_ = builder.getTSLConfiguration(); - xadesVersion = builder.getXAdESVersion(); defaultChainingMode = builder.getDefaultChainingMode(); chainingModes = builder.buildChainingModes(); useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess(); autoAddCertificates_ = builder.getAutoAddCertificates(); - trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory()); + //trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory()); + + distributionPoints = builder.buildDistributionPoints(); enableRevocationChecking_ = builder.getEnableRevocationChecking(); maxRevocationAge_ = builder.getMaxRevocationAge(); @@ -379,6 +389,7 @@ public class ConfigurationProvider revocationArchiveJDBCDriverClass_ = builder.getRevocationArchiveJDBCDriverClass(); + //check TSL configuration checkTSLConfiguration(); @@ -428,7 +439,21 @@ public class ConfigurationProvider } } - private void checkTSLConfiguration() throws ConfigurationException { + private boolean checkTSLenableTrustprofilesExist()throws ConfigurationException { + boolean bTSLEnabledTPExist = false; + Iterator it = trustProfiles.entrySet().iterator(); + while (it.hasNext()) { + Map.Entry pairs = (Map.Entry)it.next(); + TrustProfile tp = (TrustProfile) pairs.getValue(); + if (tp.isTSLEnabled()) + bTSLEnabledTPExist = bTSLEnabledTPExist || true; + } + + return bTSLEnabledTPExist; + + } + + private void checkTSLConfiguration() throws ConfigurationException { boolean bTSLEnabledTPExist = false; Iterator it = trustProfiles.entrySet().iterator(); while (it.hasNext()) { @@ -449,6 +474,43 @@ public class ConfigurationProvider throw new ConfigurationException("config.40", null); } + File workingDir = new File(tslconfiguration_.getWorkingDirectory()); + File eu_trust = new File(workingDir.getAbsolutePath() + "/trust/eu"); + if (!eu_trust.exists()) { + error("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"}); + throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"}); + } + else { + File[] eutrustFiles = eu_trust.listFiles(); + if (eutrustFiles == null) { + error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); + throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); + } + else { + if (eutrustFiles.length == 0) { + error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); + throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); + } + } + + } + + File hashcache = new File(tslconfiguration_.getWorkingDirectory(), "hashcache"); + if (!hashcache.exists()) { + hashcache.mkdir(); + } + if (!hashcache.isDirectory()) { + error("config.38", new Object[] { hashcache.getAbsolutePath() }); + return; + } + + System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath()); +// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR"); +// System.out.println("Hashcache: " + hashcachedir); + + + Logger.debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath()); + } @@ -759,6 +821,17 @@ public class ConfigurationProvider Logger.info(new LogMsg(msg.getMessage(messageId, parameters))); } + /** + * Log a debug message. + * + * @param messageId The message ID. + * @param parameters Additional parameters for the message. + * @see at.gv.egovernment.moa.spss.server.util.MessageProvider + */ + private static void debug(String message) { + Logger.debug(message); + } + /** * Log a warning. * diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 0e5faf790..aca6f5895 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -311,6 +311,12 @@ public class CMSSignatureVerificationInvoker { ByteArrayOutputStream contentOs = new ByteArrayOutputStream(); + CMSDataObject dataobject = request.getDataObject(); + BigDecimal from = dataobject.getExcludeByteRangeFrom(); + BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if ( (from == null) || (to == null)) + return contentIs; BigDecimal counter = new BigDecimal("0"); BigDecimal one = new BigDecimal("1"); @@ -318,7 +324,7 @@ public class CMSSignatureVerificationInvoker { try { while ((byteRead=contentIs.read()) >= 0) { - if (inRange(counter, request.getDataObject())) { + if (inRange(counter, dataobject)) { // if byte is in byte range, set byte to 0x00 contentOs.write(0); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java index 07da0a998..3a004a81d 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.spss.tsl.connector;
import iaik.asn1.ObjectID;
+
import iaik.util._;
import iaik.util.logging._l;
import iaik.utils.RFC2253NameParser;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java index 5456701c0..e06abe44d 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java @@ -46,7 +46,9 @@ public class TSLUpdaterTimerTask extends TimerTask { public void run() {
try {
+ Logger.info("Start TSL Update");
update();
+ Logger.info("Finished TSL Update");
} catch (TSLEngineDiedException e) {
MessageProvider msg = MessageProvider.getInstance();
Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
@@ -172,33 +174,33 @@ public class TSLUpdaterTimerTask extends TimerTask { // convert ArrayList<File> to X509Certificate[]
if (tsl_certs == null) {
- Logger.error("No certificates from TSL imported.");
- throw new TSLSearchException("No certificates from TSL imported.");
+ Logger.warn("No certificates from TSL imported.");
+ //throw new TSLSearchException("No certificates from TSL imported.");
}
+ else {
- X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];
- Iterator itcert = tsl_certs.iterator();
- i = 0;
- File f = null;
- while(itcert.hasNext()) {
- f = (File)itcert.next();
- FileInputStream fis = new FileInputStream(f);
- X509Certificate cert = new X509Certificate(fis);
- addCertificatesTSL[i] = cert;
+ X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];
+ Iterator itcert = tsl_certs.iterator();
+ i = 0;
+ File f = null;
+ while(itcert.hasNext()) {
+ f = (File)itcert.next();
+ FileInputStream fis = new FileInputStream(f);
+ X509Certificate cert = new X509Certificate(fis);
+ addCertificatesTSL[i] = cert;
- i++;
- fis.close();
- }
+ i++;
+ fis.close();
+ }
- Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates."));
- storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);
- storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);
+ Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates."));
+ storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);
+ storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);
- Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
- storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
- storeUpdater.addCertificatesToCertStores(addCertificates, tid);
-
-
+ Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
+ storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+ storeUpdater.addCertificatesToCertStores(addCertificates, tid);
+ }
}
}
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java index f0dbd779e..492d10eda 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.spss.tsl.utils;
import iaik.util.logging._l;
+
import iaik.util.logging.Log.MultiThreadLoggingGroup;
import iaik.utils.RFC2253NameParserException;
import iaik.utils.Util;
@@ -15,6 +16,7 @@ import iaik.xml.crypto.tsl.TSLOpenURIException; import iaik.xml.crypto.tsl.TSLThreadContext;
import iaik.xml.crypto.tsl.ValidationFixupFilter;
import iaik.xml.crypto.tsl.ValidationFixupFilter.AttributeValueFixup;
+import iaik.xml.crypto.tsl.ValidationFixupFilter.DeleteAttrFixup;
import iaik.xml.crypto.tsl.ValidationFixupFilter.ElementStringValueFixup;
import iaik.xml.crypto.tsl.ValidationFixupFilter.FixedSaxLevelValidationExcption;
import iaik.xml.crypto.tsl.ValidationFixupFilter.Fixup;
@@ -97,44 +99,34 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF trustAnchorsWrongOnEuTsl_;
public TSLImportFromFileContext(
- Countries expectedTerritory,
- URL url,
- Number otherTslPointerId,
- String workingdirectory,
- boolean sqlMultithreaded,
- boolean throwExceptions,
- boolean logExceptions,
- boolean throwWarnings,
- boolean logWarnings,
- boolean nullRedundancies,
- String baseuri,
- Map <Countries, ListIterator<X509Certificate>> trustAnchorsWrongOnEuTsl,
- TSLThreadContext parentContext) {
- super(
- expectedTerritory,
- url,
- otherTslPointerId,
- workingdirectory,
- sqlMultithreaded,
- throwExceptions,
- logExceptions,
- throwWarnings,
- logWarnings,
- nullRedundancies,
- parentContext);
- baseuri_ = baseuri;
- trustAnchorsWrongOnEuTsl_ = trustAnchorsWrongOnEuTsl;
- }
-
- public List<ThrowableAndLocatorAndMitigation> getErrorsAndWarnings() {
- List<ThrowableAndLocatorAndMitigation> errorsAndWarnings = new ArrayList<ThrowableAndLocatorAndMitigation>();
- errorsAndWarnings.addAll(this.fatals_);
- errorsAndWarnings.addAll(this.faildTransactions_);
- errorsAndWarnings.addAll(this.warnings_);
-
- return errorsAndWarnings;
- }
-
+ Countries expectedTerritory,
+ URL url,
+ Number otherTslPointerId,
+ String workingdirectory,
+ boolean sqlMultithreaded,
+ boolean throwExceptions,
+ boolean logExceptions,
+ boolean throwWarnings,
+ boolean logWarnings,
+ boolean nullRedundancies,
+ String baseuri,
+ Map <Countries, ListIterator<X509Certificate>> trustAnchorsWrongOnEuTsl,
+ TSLThreadContext parentContext) {
+ super(
+ expectedTerritory,
+ url,
+ otherTslPointerId,
+ workingdirectory,
+ sqlMultithreaded,
+ throwExceptions,
+ logExceptions,
+ throwWarnings,
+ logWarnings,
+ nullRedundancies,
+ parentContext);
+ baseuri_ = baseuri;
+ trustAnchorsWrongOnEuTsl_ = trustAnchorsWrongOnEuTsl;
+ }
/* (non-Javadoc)
* @see iaik.xml.crypto.tsl.TSLImportFromFileContext#getbaseURI()
*/
@@ -142,67 +134,80 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF public String getbaseURI() {
return this.baseuri_;
}
-
+
+
+
+
//@Override
- protected RuntimeException wrapException(Throwable t, Locator l, Mitigation m) {
- return super.wrapException(t, l, m);
- }
+ protected RuntimeException wrapException(Throwable t, Locator l, Mitigation m) {
+ return super.wrapException(t, l, m);
+ }
@Override
- public synchronized void throwException(Throwable e) {
+ public
+ synchronized void throwException(Throwable e) {
if (e instanceof TSLValidationException) {
// we do not throw dom validation errors for testing
// and just collect them
wrapException(e);
-
} else if (e instanceof TSLVerificationException) {
+
+ boolean corrected = false;
// we do not throw verification errors for testing
// and just collect them
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NO_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NO_TSL_SIGNATURE) {
-
- //TSL with no signature are ignored!!!!
- l.warn("TSL IS NOT SIGNED! "
- + this.expectedTerritory_.name() + " TSL ignored.");
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
+// // NEVER DO THIS! unless you want to import TSLs without signatures.
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NO_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NO_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+// }
+//
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+// }
- wrapException(e);
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+//
+// corrected = true;
+// }
+//
+//
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+//
+// corrected = true;
+// }
+//
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+//
+// corrected = true;
+// }
+//
+// if (corrected)
+// wrapException(e);
+// else
+// super.throwException(e);
+
+ super.throwException(e);
} else if (e instanceof FileNotFoundException) {
// we do not stop and continue processing
wrapException(e);
-
} else if (e instanceof IllegalArgumentException) {
// we do not stop and continue processing
wrapException(e);
-
} else {
// all other errors are treated as per default
super.throwException(e);
@@ -221,9 +226,6 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF if(
e instanceof FixedSaxLevelValidationExcption &&
enclosingMethod.getDeclaringClass().equals(ValidationFixupFilter.class)){
-
-
-
wrapException(e,
((LocatorAspect) e).getLocator(),
new FixedValidationMitigation("Performed SAX Level Fixup."));
@@ -247,7 +249,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF if (parameters[0] instanceof DOMError) {
DOMError domError = (DOMError) parameters[0];
- l.info(""+domError.getRelatedData());
+ _l.warn(""+domError.getRelatedData());
// domError.getRelatedData().getClass().getField("")
@@ -308,6 +310,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF }
});
return mitigatedResult;
+
}
}
@@ -378,11 +381,43 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF }
}
- l.error("Ignoring download error using old: " + parameters[0], null);
+ _l.err("Ignoring download error using old: " + parameters[0], null);
wrapException(e);
return parameters[1];
}
+// if (
+// expectedTerritory_ == Countries.PL &&(
+// (e.getCause() instanceof java.io.EOFException ||
+// e.getCause() instanceof iaik.security.ssl.SSLException) &&
+// parameters[0] instanceof URL &&
+// ((URL)parameters[0]).getProtocol().equalsIgnoreCase("https")
+// )){
+// File f = null;
+// System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
+// TLS.register("TLSv1");
+// try {
+// f = (File) enclosingMethod.invoke(thisObject, parameters);
+// } catch (IllegalAccessException e1) {
+// wrapException(e1);
+// } catch (InvocationTargetException e1) {
+// wrapException(e1);
+// }
+//
+// // System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", null);
+// TLS.register();
+//
+// if (f != null){
+// wrapException(e, null, new Mitigation() {
+// @Override
+// public String getReport() {
+// return "Trying TLSv1 and sun.security.ssl.allowUnsafeRenegotiation=true";
+// }
+// });
+// return f;
+// }
+// }
+
if (
e instanceof TSLSecurityException &&
enclosingMethod.getDeclaringClass().equals(TSLContext.class) &&
@@ -406,14 +441,14 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF wrapException(e1);
}
wrapException(e, getLocator(),
- new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation(){
- @Override
- public String getReport() {
- return "make an exception for " + expectedTerritory_ + " who have the wrong certificate in " +
- "the EU TSL and allow the certificate " +
- parameters[1];
- }
- });
+ new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation(){
+ @Override
+ public String getReport() {
+ return "make an exception for " + expectedTerritory_ + " who have the wrong certificate in " +
+ "the EU TSL and allow the certificate " +
+ parameters[1];
+ }
+ });
return null;
}
X509Certificate crt = (X509Certificate)parameters[1];
@@ -530,47 +565,45 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF }
}
-// //TODO: CONSIDER, IF WE REALLY WANT THIS PART OF CODE!
-// //ugly hack to accept a certificate which uses a crazy X509SubjectName!!
-// if ( expectedTerritory_ == Countries.DK &&
-// e instanceof KeySelectorException &&
-// parameters[0] instanceof X509DataImpl){
-// if (e.getMessage().equals("KeyInfo X509SubjectName (CN=Adam Arndt Digst,serialNumber=CVR:34051178-RID:25902029,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) does not match SubjectDN (serialNumber=CVR:34051178-RID:25902029+CN=Adam Arndt Digst,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) of KeyInfo X509Certificate.\n"+
-// "Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear MUST refer to the certificate or certificates containing the validation key.")) {
-//
-// X509DataImpl x509DataImpl = (X509DataImpl) parameters[0];
-//
-// Node child = x509DataImpl.getNode().getFirstChild().getNextSibling();
-// Node child1 = x509DataImpl.getNode().getFirstChild();
-//
-// x509DataImpl.getNode().removeChild(child);
-// x509DataImpl.getNode().removeChild(child1);
-//
-//
-// parameters[0] = (X509Data) x509DataImpl
-//
-// Object mitigatedResult = null;
-// try {
-//
-// mitigatedResult = enclosingMethod.invoke(thisObject, parameters);
-// } catch (IllegalAccessException e1) {
-// wrapException(e1);
-// } catch (InvocationTargetException e1) {
-// wrapException(e1);
-// }
-//
-// if (mitigatedResult != null){
-// wrapException(e, null, new Mitigation(null) {
-// @Override
-// public String getReport() {
-// return "Deleted wrong X509SubjectName from XMLDSIG Signature.";
-// }
-// });
-// return mitigatedResult;
-// }
-// }
-// }
-
+ if ( expectedTerritory_ == Countries.DK &&
+ e instanceof KeySelectorException &&
+ parameters[0] instanceof X509DataImpl){
+ if (e.getMessage().equals("KeyInfo X509SubjectName (CN=Adam Arndt Digst,serialNumber=CVR:34051178-RID:25902029,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) does not match SubjectDN (serialNumber=CVR:34051178-RID:25902029+CN=Adam Arndt Digst,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) of KeyInfo X509Certificate.\n"+
+ "Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear MUST refer to the certificate or certificates containing the validation key.")) {
+
+ X509DataImpl x509DataImpl = (X509DataImpl) parameters[0];
+
+ ListIterator li = x509DataImpl.getContent().listIterator();
+ li.next();
+ String sn = (String) li.next();
+
+ _l.err(sn, null);
+
+ System.exit(1);
+
+ Object mitigatedResult = null;
+ try {
+
+ mitigatedResult = enclosingMethod.invoke(thisObject, parameters);
+ } catch (IllegalAccessException e1) {
+ wrapException(e1);
+ } catch (InvocationTargetException e1) {
+ wrapException(e1);
+ }
+
+ if (mitigatedResult != null){
+ wrapException(e, null, new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation() {
+ @Override
+ public String getReport() {
+ return "Deleted wrong X509SubjectName from XMLDSIG Signature.";
+ }
+ });
+ return mitigatedResult;
+
+ }
+ }
+ }
+
} else {
if (e instanceof MitigatedTSLSecurityException){
@@ -578,7 +611,6 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF // and collect them
wrapException(e);
return null;
-
} else if (e instanceof FixedSaxLevelValidationExcption) {
// we allow to mitigate Sax Level Fixup for testing
// and collect them
@@ -607,7 +639,11 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF if(expectedTerritory_ == Countries.EL){
//fix the whitespace in Greece TSL
status = status.trim();
- }
+ }
+ if (status != null && status.startsWith("http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/")) {
+ status = status.substring("http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/".length());
+ }
+
return super.compressStatus(status);
}
@@ -625,6 +661,37 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF @Override
public iaik.xml.crypto.tsl.ValidationFixupFilter.Fixup getSaxLevelValidationFixup(SAXParseException e) {
+ if (expectedTerritory_ == Countries.AT){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.CZ){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.FR){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.NO){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.SK){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+
if (expectedTerritory_ == Countries.ES && getDownloadLocation().toString().contains(".es/")){
if (e.getMessage().equals("cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'tslx:CertSubjectDNAttributeType'.")){
return new LocalNameFixup("CertSubjectDNAttributeType","CertSubjectDNAttribute",e, this);
@@ -734,7 +801,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF String msg = e.getMessage();
- l.info(msg);
+ _l.info(msg);
return(
msg.startsWith("["+SQLiteErrorCode.SQLITE_CONSTRAINT.name()+"]") &&
msg.contains("column " + DbTables.TSLDownload.C.rawHash + " is not unique")
@@ -748,7 +815,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF @Override
protected long howLongWaitForThreads() {
// TODO Auto-generated method stub
- return 10000;
+ return 100000;
}
@Override
@@ -768,7 +835,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF synchronized (log) {
parentContext_.print("<" + ncName + " state=\"" + currentThread.getState()
+ "\" " + " id=\"" + currentThread.getId() + "\">\n" + log.toString() + "</"
- + ncName + ">\n");
+ + ncName + ">" + _.LB);
parentContext_.flushLog();
log.setLength(0);
}
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties index e4ee607c0..9e2e0e490 100644 --- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties +++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties @@ -159,6 +159,7 @@ config.46=Start periodical TSL update task at {0} and then every {1} millisecond config.48=No whitelisted URIs given.
config.49=Whitelisted URI: {0}.
config.50=Fehler beim Erstellen des TSL Vertrauensprofils: Das Verzeichnis ({0}) ist kein Verzeichnis.
+config.51=Fehler beim Erstellen der TSL Konfiguration: TSL-Arbeitsverzeichnis ist fehlerhaft ({0}).
handler.00=Starte neue Transaktion: TID={0}, Service={1}
handler.01=Aufruf von Adresse={0}
diff --git a/spss/server/serverws/moa-spss-ws.iml b/spss/server/serverws/moa-spss-ws.iml new file mode 100644 index 000000000..0714500d5 --- /dev/null +++ b/spss/server/serverws/moa-spss-ws.iml @@ -0,0 +1,79 @@ +<?xml version="1.0" encoding="UTF-8"?> +<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4"> + <component name="FacetManager"> + <facet type="web" name="Web"> + <configuration> + <descriptors> + <deploymentDescriptor name="web.xml" url="file://$MODULE_DIR$/src/main/webapp/WEB-INF/web.xml" /> + </descriptors> + <webroots> + <root url="file://$MODULE_DIR$/src/main/webapp" relative="/" /> + <root url="file://$MODULE_DIR$/resources/wsdl" relative="resources/schemas" /> + <root url="file://$MODULE_DIR$/../../handbook" relative="WEB-INF" /> + </webroots> + </configuration> + </facet> + </component> + <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_5" inherit-compiler-output="false"> + <output url="file://$MODULE_DIR$/target/classes" /> + <output-test url="file://$MODULE_DIR$/target/test-classes" /> + <content url="file://$MODULE_DIR$"> + <excludeFolder url="file://$MODULE_DIR$/target" /> + </content> + <orderEntry type="inheritedJdk" /> + <orderEntry type="sourceFolder" forTests="false" /> + <orderEntry type="module" module-name="moa-spss-lib" /> + <orderEntry type="library" name="Maven: axis:axis:1.0_IAIK" level="project" /> + <orderEntry type="library" name="Maven: org.apache.axis:axis-jaxrpc:1.4" level="project" /> + <orderEntry type="library" name="Maven: org.apache.axis:axis-saaj:1.4" level="project" /> + <orderEntry type="library" name="Maven: axis:axis-wsdl4j:1.5.1" level="project" /> + <orderEntry type="library" name="Maven: commons-discovery:commons-discovery:0.2" level="project" /> + <orderEntry type="library" name="Maven: commons-logging:commons-logging:1.0.4" level="project" /> + <orderEntry type="library" name="Maven: javax.activation:activation:1.1" level="project" /> + <orderEntry type="library" name="Maven: javax.mail:mail:1.4" level="project" /> + <orderEntry type="library" name="Maven: log4j:log4j:1.2.14" level="project" /> + <orderEntry type="library" scope="RUNTIME" name="Maven: postgresql:postgresql:7.2" level="project" /> + <orderEntry type="library" name="Maven: javax.servlet:servlet-api:2.4" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: xalan-bin-dist:xalan:2.7.1" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: xalan:serializer:2.7.1" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: xml-apis:xml-apis:1.3.04" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: xerces:xercesImpl:2.9.0" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: xalan-bin-dist:xml-apis:2.7.1" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: xalan-bin-dist:serializer:2.7.1" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_moa:1.5" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_ixsil:1.2.2.5" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: iaik.prod:iaik_jce_full:5.101" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: iaik.prod:iaik_ecc:2.19" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_cms:4.1_MOA" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: iaik.prod:iaik_Pkcs11Provider:1.2.4" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: iaik.prod:iaik_Pkcs11Wrapper:1.2.17" level="project" /> + <orderEntry type="module" module-name="moa-common" /> + <orderEntry type="library" name="Maven: jaxen:jaxen:1.0-FCS" level="project" /> + <orderEntry type="library" name="Maven: saxpath:saxpath:1.0-FCS" level="project" /> + <orderEntry type="library" name="Maven: joda-time:joda-time:1.6.2" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:slf4j-api:1.7.5" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:slf4j-simple:1.7.5" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:jcl-over-slf4j:1.7.5" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:log4j-over-slf4j:1.7.5" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.5" level="project" /> + <orderEntry type="library" name="Maven: commons-io:commons-io:1.3.2" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_tsl:1.0" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_xsect_eval:1.1709142" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_ecc_signed:2.19" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_jce_eval_signed:3.181" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_pki_module:1.0" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_javax_crypto:1.0" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_util:0.23" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_jsse:4.4" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_ssl:4.4" level="project" /> + <orderEntry type="library" name="Maven: iaik:w3c_http:1.0" level="project" /> + <orderEntry type="library" name="Maven: org.xerial:sqlite-jdbc:3.7.8-SNAPSHOT" level="project" /> + <orderEntry type="library" name="Maven: stax:stax-api:1.0.1" level="project" /> + <orderEntry type="library" name="Maven: javax.xml.bind:jaxb-api:2.2.6" level="project" /> + <orderEntry type="library" name="Maven: com.sun.xml.bind:jaxb-impl:2.2.5" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_util:0.23" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_xsect:1.1709142" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_jsse:4.4" level="project" /> + </component> +</module> + diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml index b8a04eba4..76319b676 100644 --- a/spss/server/serverws/pom.xml +++ b/spss/server/serverws/pom.xml @@ -17,12 +17,26 @@ <repositoryPath>${basedir}/../../../repository</repositoryPath> </properties> + + <repositories> + <repository> + <id>JBoss IAIK</id> + <url>http://nexus.iaik.tugraz.at/nexus/content/repositories/nexus/</url> + <!-- <releases><enabled>true</enabled></releases> --> + </repository> + <repository> + <id>IAIK libs</id> + <url>http://nexus.iaik.tugraz.at/nexus/content/repositories/iaik/</url> + <!-- <releases><enabled>true</enabled></releases> --> + </repository> + </repositories> + <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> - <version>2.1.1</version> + <version>2.3</version> <!-- <version>2.0.2</version>--> <configuration> <archive> @@ -70,7 +84,7 @@ <artifactId>iaik_ixsil</artifactId> </dependency> <dependency> - <groupId>iaik.prod</groupId> + <groupId>iaik</groupId> <artifactId>iaik_tsl</artifactId> </dependency> <dependency> @@ -78,12 +92,12 @@ <artifactId>log4j</artifactId> </dependency> <dependency> - <groupId>iaik.prod</groupId> + <groupId>iaik</groupId> <artifactId>iaik_util</artifactId> </dependency> <dependency> - <groupId>iaik.prod</groupId> - <artifactId>iaik_xsect</artifactId> + <groupId>iaik</groupId> + <artifactId>iaik_xsect_eval</artifactId> </dependency> <dependency> <groupId>javax.xml.bind</groupId> @@ -98,13 +112,10 @@ <artifactId>sqlite-jdbc</artifactId> </dependency> <dependency> - <groupId>iaik.prod</groupId> + <groupId>iaik</groupId> <artifactId>iaik_jsse</artifactId> - </dependency> - <dependency> - <groupId>iaik.prod</groupId> - <artifactId>iaik_util</artifactId> - </dependency> + </dependency> + <!-- transitive dependencies we don't want to include into the war --> <dependency> <groupId>iaik.prod</groupId> diff --git a/spss/server/tools/moa-spss-tools.iml b/spss/server/tools/moa-spss-tools.iml new file mode 100644 index 000000000..25d80b1dd --- /dev/null +++ b/spss/server/tools/moa-spss-tools.iml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4"> + <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_5" inherit-compiler-output="false"> + <output url="file://$MODULE_DIR$/target/classes" /> + <output-test url="file://$MODULE_DIR$/target/test-classes" /> + <content url="file://$MODULE_DIR$"> + <sourceFolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" /> + <sourceFolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" /> + <excludeFolder url="file://$MODULE_DIR$/target" /> + </content> + <orderEntry type="inheritedJdk" /> + <orderEntry type="sourceFolder" forTests="false" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_moa:1.5" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_jce_full:5.101" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_ecc:2.19" level="project" /> + <orderEntry type="library" name="Maven: log4j:log4j:1.2.14" level="project" /> + <orderEntry type="library" name="Maven: xalan-bin-dist:xalan:2.7.1" level="project" /> + <orderEntry type="library" name="Maven: xalan:serializer:2.7.1" level="project" /> + <orderEntry type="library" name="Maven: xml-apis:xml-apis:1.3.04" level="project" /> + <orderEntry type="library" name="Maven: commons-io:commons-io:1.3.2" level="project" /> + </component> +</module> + diff --git a/spss/server/tools/pom.xml b/spss/server/tools/pom.xml index 48e0a998c..503c49545 100644 --- a/spss/server/tools/pom.xml +++ b/spss/server/tools/pom.xml @@ -25,6 +25,10 @@ <scope>compile</scope> </dependency> --> + + + + <dependency> <groupId>iaik.prod</groupId> <artifactId>iaik_moa</artifactId> @@ -52,6 +56,10 @@ </dependency> </dependencies> + + + + <build> <plugins> <plugin> @@ -63,6 +71,16 @@ </archive> </configuration> </plugin> + + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <configuration> + <source>1.5</source> + <target>1.5</target> + </configuration> + </plugin> </plugins> </build> + </project> diff --git a/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java b/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java index 0c144ce73..d334501d2 100644 --- a/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java +++ b/spss/server/tools/src/main/java/at/gv/egovernment/moa/spss/server/tools/CertTool.java @@ -60,7 +60,7 @@ public class CertTool { /** Error message if the DN cannot be parsed according to RFC2253. */ private static final String ILLEGAL_RFC2253_NAME = - "Kein gültiger RFC2253-Name"; + "Kein gültiger RFC2253-Name"; /** * Main entry point of the tool. @@ -163,7 +163,7 @@ public class CertTool { certStore.storeCertificate(cert, null); - System.out.println("\nDas Zertifikat wurde erfolreich hinzugefügt.\n"); + System.out.println("\nDas Zertifikat wurde erfolreich hinzugef�gt.\n"); } catch (FileNotFoundException e) { System.err.println("Zertifikat nicht gefunden: " + certFile); @@ -175,10 +175,10 @@ public class CertTool { "Fehler beim Lesen des Zertifikats: " + e.getMessage()); } catch (DirectoryStoreException e) { System.err.println( - "Fehler beim Öffnen des Zertifikatsspeichers: " + e.getMessage()); + "Fehler beim Öffnen des Zertifikatsspeichers: " + e.getMessage()); } catch (CertStoreException e) { System.err.println( - "Fehler beim Hinzufügen des Zertifikats: " + e.getMessage()); + "Fehler beim Hinzufügen des Zertifikats: " + e.getMessage()); } catch (Throwable t) { System.err.println("Allgemeiner Fehler: " + t.getMessage()); t.printStackTrace(); |