aboutsummaryrefslogtreecommitdiff
path: root/spss
diff options
context:
space:
mode:
Diffstat (limited to 'spss')
-rw-r--r--spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.resp.xml50
-rw-r--r--spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.xml6
-rw-r--r--spss/handbook/conf/moa-spss/certstore/54A361D38F73772377E15E145772C03EC0197142/F86591A6D86718886A0234B8E54E21AAEA63E24Bbin0 -> 1586 bytes
-rw-r--r--spss/handbook/conf/moa-spss/certstore/CCBA90ED697BA209AB6093FC19FB15B53EE26933/159E42D4A53599389431771D5C936552BB22B084bin0 -> 1576 bytes
-rw-r--r--spss/handbook/conf/moa-spss/certstore/D866A07634012B24DB601087D8B3A9FFEDF5CADB/969A71FDCC5302167A60158828B9E7862DED3B4Dbin0 -> 1580 bytes
-rw-r--r--spss/handbook/conf/moa-spss/certstore/E583DB7202A8D1570A18CD11146B0CBCA438F71A/2A5945E1FC2006BE0D59C3375253C9D3327D197Dbin0 -> 1580 bytes
-rw-r--r--spss/handbook/conf/moa-spss/certstore/FE51079176B9F46204816CABA94824B3B14A3830/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02bin0 -> 1485 bytes
-rw-r--r--spss/handbook/conf/moa-spss/log4j.properties2
-rw-r--r--spss/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml4
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-Enc-05.20130923-20230920.SerNoFCDEE.cerbin0 -> 1580 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cerbin0 -> 1580 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-corporate-05.20130923-20230920.SerNoFCE21.cerbin0 -> 1576 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cerbin0 -> 1485 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cerbin0 -> 1580 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/a-sign-premium-mobile-05.20130923-20230920.SerNoFCDD4.cerbin0 -> 1586 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/secureSignature/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cerbin0 -> 1485 bytes
-rw-r--r--spss/handbook/handbook/index.html2
-rw-r--r--spss/handbook/handbook/intro/intro.html8
-rw-r--r--spss/handbook/handbook/spec/MOA-SPSS-2.0.0.pdfbin288576 -> 291606 bytes
-rw-r--r--spss/handbook/handbook/spec/MOA-SPSS-2.0.0.wsdl2
-rw-r--r--spss/handbook/handbook/spec/MOA-SPSS-2.0.0.xsd2
-rw-r--r--spss/handbook/handbook/usage/usage.html70
-rw-r--r--spss/server/history.txt19
-rw-r--r--spss/server/readme.inst.txt2
-rw-r--r--spss/server/readme.update.txt10
-rw-r--r--spss/server/serverlib/pom.xml10
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java2
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java147
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java81
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java8
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java1
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java49
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java343
-rw-r--r--spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties1
-rw-r--r--spss/server/serverws/.settings/org.eclipse.jdt.core.prefs7
-rw-r--r--spss/server/serverws/.settings/org.eclipse.wst.common.component7
-rw-r--r--spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml4
-rw-r--r--spss/server/serverws/pom.xml19
38 files changed, 618 insertions, 238 deletions
diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.resp.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.resp.xml
new file mode 100644
index 000000000..8691c4563
--- /dev/null
+++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.resp.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyXMLSignatureResponse xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <SignerInfo>
+ <dsig:X509Data>
+ <dsig:X509SubjectName>T=DI,serialNumber=847206943023,givenName=Klaus,SN=Stranacher,CN=Klaus Stranacher,C=AT</dsig:X509SubjectName>
+ <dsig:X509IssuerSerial>
+ <dsig:X509IssuerName>CN=a-sign-premium-mobile-03,OU=a-sign-premium-mobile-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>685117</dsig:X509SerialNumber>
+ </dsig:X509IssuerSerial>
+ <dsig:X509Certificate>MIIEtTCCA52gAwIBAgIDCnQ9MA0GCSqGSIb3DQEBBQUAMIGdMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSEwHwYDVQQLDBhhLXNpZ24tcHJl
+bWl1bS1tb2JpbGUtMDMxITAfBgNVBAMMGGEtc2lnbi1wcmVtaXVtLW1vYmlsZS0w
+MzAeFw0xMjAxMTkxMDUwNDRaFw0xNzAxMTkxMDUwNDRaMHExCzAJBgNVBAYTAkFU
+MRkwFwYDVQQDDBBLbGF1cyBTdHJhbmFjaGVyMRMwEQYDVQQEDApTdHJhbmFjaGVy
+MQ4wDAYDVQQqDAVLbGF1czEVMBMGA1UEBRMMODQ3MjA2OTQzMDIzMQswCQYDVQQM
+DAJESTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCl9cWMwe9LaXbcwuLCMRXS6
+KYhou9Fzvo7ScXpwcRn1sbTSjUIIhLUTrqfqO/pnwoKd87PmNcGUFoCXvsb4lUqj
+ggHyMIIB7jARBgNVHQ4ECgQITPnzawkXeUUwDgYDVR0PAQH/BAQDAgbAMBMGA1Ud
+IwQMMAqACEu4Yddf1khjMAkGA1UdEwQCMAAwfgYIKwYBBQUHAQEEcjBwMEUGCCsG
+AQUFBzAChjlodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLXByZW1p
+dW0tbW9iaWxlLTAzYS5jcnQwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLmEtdHJ1
+c3QuYXQvb2NzcDBgBgNVHSAEWTBXMEsGBiooABEBFDBBMD8GCCsGAQUFBwIBFjNo
+dHRwOi8vd3d3LmEtdHJ1c3QuYXQvZG9jcy9jcC9hLXNpZ24tcHJlbWl1bS1tb2Jp
+bGUwCAYGBACLMAEBMCcGCCsGAQUFBwEDAQH/BBgwFjAIBgYEAI5GAQEwCgYIKwYB
+BQUHCwEwgZ0GA1UdHwSBlTCBkjCBj6CBjKCBiYaBhmxkYXA6Ly9sZGFwLmEtdHJ1
+c3QuYXQvb3U9YS1zaWduLXByZW1pdW0tbW9iaWxlLTAzLG89QS1UcnVzdCxjPUFU
+P2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFzZT9vYmplY3RjbGFzcz1laWRD
+ZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQBWEeyDzBQA
+5O5CY7z6K9EwbXxxuuaEEb1GVIyTZ4DcfodjkEEdGqWicsPdUUJDZ7ETyaKucgVt
+WaOHaObkCua9tM5TP3YtaEyDRteqU7N6LMDcMrXle8WOTUcIhSFy5UU8SnFtbZyQ
+v+eeAW48PVq5pzBzizGNtMKCv9XC7df5ARhDEU7tYaVrKIobTdeq8D7zXnZ2Wdt9
+6VG6QBe8eH49bAxabnOk/rF6TMO2NX4h/tlQLBzOdOeEolUHOHkA3L01REL2m/6k
+lPNsA8mX++cD3yKuoCWxtl27peTscRyGKEo2EBLtt7mfaTFBbkdKo1WUkZ+dVesa
+XtKckFCEtW3r</dsig:X509Certificate>
+ <QualifiedCertificate/>
+ <SecureSignatureCreationDevice Source="Certificate"/>
+ <IssuerCountryCode>AT</IssuerCountryCode>
+ </dsig:X509Data>
+ </SignerInfo>
+ <SignatureCheck>
+ <Code>0</Code>
+ </SignatureCheck>
+ <SignatureManifestCheck>
+ <Code>0</Code>
+ </SignatureManifestCheck>
+ <CertificateCheck>
+ <Code>0</Code>
+ </CertificateCheck>
+ </VerifyXMLSignatureResponse>
diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.xml
new file mode 100644
index 000000000..efdc2a76a
--- /dev/null
+++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<moa:VerifyXMLSignatureRequest xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#"><moa:VerifySignatureInfo><moa:VerifySignatureEnvironment><moa:XMLContent>
+<dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/><dsig:Reference Id="reference-1-1" URI="#signed-data-1-1"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xpf:XPath Filter="intersect" xmlns:xpf="http://www.w3.org/2002/06/xmldsig-filter2">id('signed-data-1-1')/node()</xpf:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><dsig:DigestValue>ck5CfKRJ6J4x7YusP2LmJXRBo3sFoSgTCXlujYNSFvI=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="etsi-data-reference-1-1" Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xpf:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xpf="http://www.w3.org/2002/06/xmldsig-filter2">//*[@Id='etsi-signed-1-1']/etsi:QualifyingProperties/etsi:SignedProperties</xpf:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><dsig:DigestValue>twh9pMjAoknEfJ97w9PA8pEnVFrKb/14Mmdl6AhweE8=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>N5mPWLfwxBrJIVQEAktiZqStkManxG7P8GBE8rw5DCEB2k7OctmvlPLLy+JtQy11OVNU0ISQeJn3BprTxgU/tw==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIEtTCCA52gAwIBAgIDCnQ9MA0GCSqGSIb3DQEBBQUAMIGdMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSEwHwYDVQQLDBhhLXNpZ24tcHJlbWl1bS1tb2JpbGUtMDMxITAfBgNVBAMMGGEtc2lnbi1wcmVtaXVtLW1vYmlsZS0wMzAeFw0xMjAxMTkxMDUwNDRaFw0xNzAxMTkxMDUwNDRaMHExCzAJBgNVBAYTAkFUMRkwFwYDVQQDDBBLbGF1cyBTdHJhbmFjaGVyMRMwEQYDVQQEDApTdHJhbmFjaGVyMQ4wDAYDVQQqDAVLbGF1czEVMBMGA1UEBRMMODQ3MjA2OTQzMDIzMQswCQYDVQQMDAJESTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCl9cWMwe9LaXbcwuLCMRXS6KYhou9Fzvo7ScXpwcRn1sbTSjUIIhLUTrqfqO/pnwoKd87PmNcGUFoCXvsb4lUqjggHyMIIB7jARBgNVHQ4ECgQITPnzawkXeUUwDgYDVR0PAQH/BAQDAgbAMBMGA1UdIwQMMAqACEu4Yddf1khjMAkGA1UdEwQCMAAwfgYIKwYBBQUHAQEEcjBwMEUGCCsGAQUFBzAChjlodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLXByZW1pdW0tbW9iaWxlLTAzYS5jcnQwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLmEtdHJ1c3QuYXQvb2NzcDBgBgNVHSAEWTBXMEsGBiooABEBFDBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3LmEtdHJ1c3QuYXQvZG9jcy9jcC9hLXNpZ24tcHJlbWl1bS1tb2JpbGUwCAYGBACLMAEBMCcGCCsGAQUFBwEDAQH/BBgwFjAIBgYEAI5GAQEwCgYIKwYBBQUHCwEwgZ0GA1UdHwSBlTCBkjCBj6CBjKCBiYaBhmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLXByZW1pdW0tbW9iaWxlLTAzLG89QS1UcnVzdCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFzZT9vYmplY3RjbGFzcz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQBWEeyDzBQA5O5CY7z6K9EwbXxxuuaEEb1GVIyTZ4DcfodjkEEdGqWicsPdUUJDZ7ETyaKucgVtWaOHaObkCua9tM5TP3YtaEyDRteqU7N6LMDcMrXle8WOTUcIhSFy5UU8SnFtbZyQv+eeAW48PVq5pzBzizGNtMKCv9XC7df5ARhDEU7tYaVrKIobTdeq8D7zXnZ2Wdt96VG6QBe8eH49bAxabnOk/rF6TMO2NX4h/tlQLBzOdOeEolUHOHkA3L01REL2m/6klPNsA8mX++cD3yKuoCWxtl27peTscRyGKEo2EBLtt7mfaTFBbkdKo1WUkZ+dVesaXtKckFCEtW3r</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="etsi-signed-1-1"><etsi:QualifyingProperties Target="#signature-1-1" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2014-03-17T12:08:58Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>rUAiWR/xWih+N/Aa7AUvetg2FFU=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-premium-mobile-03,OU=a-sign-premium-mobile-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>685117</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-1-1"><etsi:MimeType>text/plain</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object><dsig:Object Id="signed-data-1-1">Ich bin ein einfacher Text.</dsig:Object></dsig:Signature>
+</moa:XMLContent></moa:VerifySignatureEnvironment><moa:VerifySignatureLocation xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">//dsig:Signature</moa:VerifySignatureLocation></moa:VerifySignatureInfo>
+<moa:TrustProfileID>Test-TSLProfil</moa:TrustProfileID>
+</moa:VerifyXMLSignatureRequest> \ No newline at end of file
diff --git a/spss/handbook/conf/moa-spss/certstore/54A361D38F73772377E15E145772C03EC0197142/F86591A6D86718886A0234B8E54E21AAEA63E24B b/spss/handbook/conf/moa-spss/certstore/54A361D38F73772377E15E145772C03EC0197142/F86591A6D86718886A0234B8E54E21AAEA63E24B
new file mode 100644
index 000000000..2bf4ad712
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/54A361D38F73772377E15E145772C03EC0197142/F86591A6D86718886A0234B8E54E21AAEA63E24B
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/certstore/CCBA90ED697BA209AB6093FC19FB15B53EE26933/159E42D4A53599389431771D5C936552BB22B084 b/spss/handbook/conf/moa-spss/certstore/CCBA90ED697BA209AB6093FC19FB15B53EE26933/159E42D4A53599389431771D5C936552BB22B084
new file mode 100644
index 000000000..9a777fd34
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/CCBA90ED697BA209AB6093FC19FB15B53EE26933/159E42D4A53599389431771D5C936552BB22B084
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/certstore/D866A07634012B24DB601087D8B3A9FFEDF5CADB/969A71FDCC5302167A60158828B9E7862DED3B4D b/spss/handbook/conf/moa-spss/certstore/D866A07634012B24DB601087D8B3A9FFEDF5CADB/969A71FDCC5302167A60158828B9E7862DED3B4D
new file mode 100644
index 000000000..d17d07619
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/D866A07634012B24DB601087D8B3A9FFEDF5CADB/969A71FDCC5302167A60158828B9E7862DED3B4D
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/certstore/E583DB7202A8D1570A18CD11146B0CBCA438F71A/2A5945E1FC2006BE0D59C3375253C9D3327D197D b/spss/handbook/conf/moa-spss/certstore/E583DB7202A8D1570A18CD11146B0CBCA438F71A/2A5945E1FC2006BE0D59C3375253C9D3327D197D
new file mode 100644
index 000000000..a6a9acdc3
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/E583DB7202A8D1570A18CD11146B0CBCA438F71A/2A5945E1FC2006BE0D59C3375253C9D3327D197D
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/certstore/FE51079176B9F46204816CABA94824B3B14A3830/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 b/spss/handbook/conf/moa-spss/certstore/FE51079176B9F46204816CABA94824B3B14A3830/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02
new file mode 100644
index 000000000..b9a0e5a61
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/FE51079176B9F46204816CABA94824B3B14A3830/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/log4j.properties b/spss/handbook/conf/moa-spss/log4j.properties
index 02b767b87..67bd58309 100644
--- a/spss/handbook/conf/moa-spss/log4j.properties
+++ b/spss/handbook/conf/moa-spss/log4j.properties
@@ -8,7 +8,7 @@ org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFacto
# Configure root logger and loggers for moa-spss
log4j.rootLogger=info, stdout
log4j.logger.moa.spss.server=info, moaspss
-log4j.logger.iaik.server=info, moaspss
+log4j.logger.iaik.server=warn, moaspss
# Configure the 'stdout' appender to write logging output to the console
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
diff --git a/spss/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml b/spss/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml
index 79345890a..8d7541b73 100644
--- a/spss/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml
+++ b/spss/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml
@@ -119,13 +119,13 @@
</cfg:RevocationChecking>
<!-- Optionale Angabe einer TSL Konfiguration-->
<!-- Wichtig: Das WorkingDirectory muss jedenfalls den Unterordner „trust“ aus der Beispielkonfiguration beinhalten. -->
- <cfg:TSLConfiguration>
+ <!-- <cfg:TSLConfiguration>
<cfg:UpdateSchedule>
<cfg:StartTime>02:00:00</cfg:StartTime>
<cfg:Period>86400000</cfg:Period>
</cfg:UpdateSchedule>
<cfg:WorkingDirectory>tslworking</cfg:WorkingDirectory>
- </cfg:TSLConfiguration>
+ </cfg:TSLConfiguration>-->
</cfg:CertificateValidation>
</cfg:SignatureVerification>
</cfg:MOAConfiguration>
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-Enc-05.20130923-20230920.SerNoFCDEE.cer b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-Enc-05.20130923-20230920.SerNoFCDEE.cer
new file mode 100644
index 000000000..d17d07619
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-Enc-05.20130923-20230920.SerNoFCDEE.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cer b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cer
new file mode 100644
index 000000000..a6a9acdc3
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-corporate-05.20130923-20230920.SerNoFCE21.cer b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-corporate-05.20130923-20230920.SerNoFCE21.cer
new file mode 100644
index 000000000..9a777fd34
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-corporate-05.20130923-20230920.SerNoFCE21.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
new file mode 100644
index 000000000..b9a0e5a61
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cer
new file mode 100644
index 000000000..a6a9acdc3
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/a-sign-Premium-Sig-05.20130923-20230920.SerNoFCDB8.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/a-sign-premium-mobile-05.20130923-20230920.SerNoFCDD4.cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/a-sign-premium-mobile-05.20130923-20230920.SerNoFCDD4.cer
new file mode 100644
index 000000000..2bf4ad712
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/a-sign-premium-mobile-05.20130923-20230920.SerNoFCDD4.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
new file mode 100644
index 000000000..b9a0e5a61
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
Binary files differ
diff --git a/spss/handbook/handbook/index.html b/spss/handbook/handbook/index.html
index d2de90090..f84920d0a 100644
--- a/spss/handbook/handbook/index.html
+++ b/spss/handbook/handbook/index.html
@@ -15,7 +15,7 @@
</table>
<hr/>
<p class="title">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP) </p>
- <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 2 </p>
+ <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 2.0.0</p>
<hr/>
<dl>
<dt><a href="./intro/intro.html">Einf&uuml;hrung</a></dt>
diff --git a/spss/handbook/handbook/intro/intro.html b/spss/handbook/handbook/intro/intro.html
index 6156e843a..138ca61e8 100644
--- a/spss/handbook/handbook/intro/intro.html
+++ b/spss/handbook/handbook/intro/intro.html
@@ -30,14 +30,14 @@
<hr/>
<h1><a name="allgemeines"></a>1 Allgemeines</h1>
<p> Die Module Serversignatur (SS) und Signaturpr&uuml;fung (SP) k&ouml;nnen von Anwendungen verwendet werden, um elektronische Signaturen zu erstellen bzw. vorliegende elektronische Signaturen zu &uuml;berpr&uuml;fen.</p>
- <p>Die Funktionalit&auml;t und der Aufbau der Schnittstelle zu den beiden Modulen ist in der <a href="../spec/MOA-SPSS-2.0.0.pdf" target="_blank" class="term">Spezifikation MOA SP/SS (V2.0.0)</a> detailliert beschrieben. Da diese Spezifikation auf der <a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20080220/" target="_blank" class="term"> @TODO (Update auf neue abgestimmte Spezifikation) Schnittstellenspezifikation des Security-Layers (V 1.2x)</a> aufbaut, ist deren Kenntnis zum Verstehen der Schnittstellen zu SS und SP erforderlich. </p>
+ <p>Die Funktionalit&auml;t und der Aufbau der Schnittstelle zu den beiden Modulen ist in der <a href="../spec/MOA-SPSS-2.0.0.pdf" target="_blank" class="term">Spezifikation MOA SP/SS (V2.0.0)</a> detailliert beschrieben. Da diese Spezifikation auf der <a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html#core" target="_blank" class="term"> Schnittstellenspezifikation des Security-Layers (V 1.2.7)</a> aufbaut, ist deren Kenntnis zum Verstehen der Schnittstellen zu SS und SP erforderlich. </p>
<h1><a name="ss"></a>2 Modul Serversignatur (SS) </h1>
- <p> Das Modul Serversignatur (SS) dient zum Erstellen von XML-Signaturen in Anlehnung an die <a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20080220/"> </a><a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20080220/" target="_blank" class="term">@TODO (Update auf neue abgestimmte Spezifikation) Schnittstellenspezifikation des Security-Layers (V 1.2x TODO)</a>. Eine Signatur kann entweder rein in Software erstellt werden, oder aber unter Zuhilfenahme eines Hardware Security Modules (HSM), das den privaten Schl&uuml;ssel gesch&uuml;tzt enth&auml;lt und die Signatur berechnet.</p>
+ <p> Das Modul Serversignatur (SS) dient zum Erstellen von XML-Signaturen in Anlehnung an die <a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html#core" target="_blank" class="term"> Schnittstellenspezifikation des Security-Layers (V 1.2.7)</a>. Eine Signatur kann entweder rein in Software erstellt werden, oder aber unter Zuhilfenahme eines Hardware Security Modules (HSM), das den privaten Schl&uuml;ssel gesch&uuml;tzt enth&auml;lt und die Signatur berechnet.</p>
<p> Der Zugriff auf einzelne Signaturschl&uuml;ssel in MOA SS kann basierend auf dem f&uuml;r TLS-Client-Authentisierung verwendeten Zertifikat eingeschr&auml;nkt werden. </p>
<p> Anwendungen k&ouml;nnen das Modul entweder als Web-Service oder &uuml;ber ein Java-API ansprechen. </p>
<h1><a name="sp"></a>3 Modul Signaturpr&uuml;fung (SP) </h1>
- <p> Das Modul Signaturpr&uuml;fung (SP) dient zum &Uuml;berpr&uuml;fen von <a href="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/" target="_blank">XML-Signaturen</a> und <a href="http://www.ietf.org/rfc/rfc2630.txt" target="_blank">CMS-Signaturen</a> sowie den fortgeschrittenen Signaturen XAdES (@TODO Link + Versionen basierend auf Update SL) und CAdES (@TODO Link + Versionen basierend auf Update SL).</p>
-<p>Im Zuge der Verifikation einer XML-Signatur werden die Signatur, gegebenenfalls vorhandene XMLDSIG-Manifeste, als auch die G&uuml;ltigkeit und Anwendbarkeit des Zertifikats &uuml;berpr&uuml;ft. Bei XML-Signaturen kann zus&auml;tzlich &uuml;berpr&uuml;ft werden, ob sie den speziellen Anforderungen <a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20080220/" target="_blank" class="term">@TODO (Update auf neue abgestimmte Spezifikation) Schnittstellenspezifikation des Security-Layers (V 1.2x)</a> entsprechen (vgl. Signaturmanifest). </p>
+ <p> Das Modul Signaturpr&uuml;fung (SP) dient zum &Uuml;berpr&uuml;fen von <a href="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/" target="_blank">XML-Signaturen</a> und <a href="http://www.ietf.org/rfc/rfc2630.txt" target="_blank">CMS-Signaturen</a> sowie den fortgeschrittenen Signaturen XAdES und CAdES entsprechende der <a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html#core" target="_blank" class="term">Schnittstellenspezifikation des Security-Layers (V 1.2.7)</a>.</p>
+<p>Im Zuge der Verifikation einer XML-Signatur werden die Signatur, gegebenenfalls vorhandene XMLDSIG-Manifeste, als auch die G&uuml;ltigkeit und Anwendbarkeit des Zertifikats &uuml;berpr&uuml;ft. Bei XML-Signaturen kann zus&auml;tzlich &uuml;berpr&uuml;ft werden, ob sie den speziellen Anforderungen <a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html#core" target="_blank" class="term"> Schnittstellenspezifikation des Security-Layers (V 1.2.7)</a> entsprechen (vgl. Signaturmanifest). </p>
<p> Anwendungen k&ouml;nnen das Modul entweder als Web-Service oder &uuml;ber ein Java-API ansprechen.</p>
</body>
</html>
diff --git a/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.pdf b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.pdf
index 1e65beca9..6cf538229 100644
--- a/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.pdf
+++ b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.pdf
Binary files differ
diff --git a/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.wsdl b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.wsdl
index 4f9deee38..c8bf32950 100644
--- a/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.wsdl
+++ b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.wsdl
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Web Service Description for MOA SP/SS 1.4
+ Web Service Description for MOA SP/SS 1.5
-->
<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-2.0.0.xsd"/>
diff --git a/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.xsd b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.xsd
index 73d145ecf..739b12431 100644
--- a/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.xsd
+++ b/spss/handbook/handbook/spec/MOA-SPSS-2.0.0.xsd
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- MOA SP/SS 2.0.0 Schema
+ MOA SP/SS 1.5.2 Schema
-->
<xsd:schema xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
diff --git a/spss/handbook/handbook/usage/usage.html b/spss/handbook/handbook/usage/usage.html
index bdad18910..690b7120f 100644
--- a/spss/handbook/handbook/usage/usage.html
+++ b/spss/handbook/handbook/usage/usage.html
@@ -52,6 +52,7 @@
<li><a href="#webservice_xmlrequests_pruefungxml_xmldsigmanifest">Pr&uuml;fung eines XMLDSIG-Manifests</a></li>
<li><a href="#webservice_xmlrequests_pruefungxml_ergaenzungsobjekte">Erg&auml;nzungsobjekte</a></li>
<li><a href="#webservice_xmlrequests_pruefungxml_signaturmanifest">Signatur-Manifest des Security-Layers</a></li>
+ <li><a href="#webservice_xmlrequests_pruefungxml_tsl">Pr&uuml;fung gegen Trustprofil mit TSL Unterst&uuml;tzung</a></li>
</ol>
</li>
</ol>
@@ -1185,8 +1186,69 @@ Ich habe weiters ein eigenens ID-Attribut bekommen.&lt;/doc:Paragraph&gt;
&lt;/VerifyXMLSignatureResponse&gt;
</pre>
<p>Das Element<code> CertificateCheck</code> enth&auml;lt das Resultat der Zertifikatspr&uuml;fung (siehe <a href="#webservice_xmlrequests_pruefungxml_einfach">Einfaches Beispiel</a>).</p>
-<p>&nbsp;</p>
-<p>@TODO Beispiel-Request mit TSL-Pr&uuml;fung</p>
+<!-- TSL -->
+<h4><a name="webservice_xmlrequests_pruefungxml_tsl"></a>2.1.4.6 Pr&uuml;fung gegen Trustprofil mit TSL Unterst&uuml;tzung</h4>
+<h5>Request</h5>
+<p><code><a href="../../clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.xml" target="_blank">VerifyXMLSignatureRequest.TSL.xml</a></code> ist ein einfacher XML-Request zur Pr&uuml;fung einer XML-Signatur. Sein Aufbau wird nachfolgend analysiert. Bitte beachten Sie, dass der dargestellte Request zur bessernen Lesbarkeit einger&uuml;ckt und gek&uuml;rzt wurde.</p>
+<pre>
+&lt;VerifyXMLSignatureRequest xmlns=&quot;http://reference.e-government.gv.at/namespace/moa/20020822#&quot;&gt;
+ &lt;VerifySignatureInfo&gt;
+ &lt;VerifySignatureEnvironment&gt;
+ &lt;XMLContent&gt;
+ &lt;dsig:Signature Id=&quot;signature-1-1&quot; xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;
+ [..]
+ &lt;/dsig:Signature&gt;
+ &lt;/XMLContent&gt;
+ &lt;/VerifySignatureEnvironment&gt;
+</pre>
+<p>Das Element <code>VerifySignatureEnvironment</code> enth&auml;lt jenes XML-Dokument, das die zu pr&uuml;fende XML-Signatur enth&auml;lt. </p>
+<pre>
+ &lt;VerifySignatureLocation
+ xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;//dsig:Signature&lt;/VerifySignatureLocation&gt;
+ &lt;/VerifySignatureInfo&gt;
+</pre>
+<p>Das Element <code>VerifySignatureLocation</code> enth&auml;lt als Text den XPath-Ausdruck zur Selektion der XML-Signatur innerhalb des zu pr&uuml;fenden XML-Dokuments. Die Auswertung des XPath-Ausdrucks muss genau ein Element <code>dsig:Signature</code> ergeben. Bitte beachten Sie, dass im Kontext des Elements <code>VerifySignatureLocation</code> alle im XPath-Ausdruck verwendeten Namespace-Pr&auml;fixe bekannt sein m&uuml;ssen (hier das Pr&auml;fix <code>dsig</code>). </p>
+<pre>
+ &lt;TrustProfileID&gt;Test-TSLProfil&lt;/TrustProfileID&gt;
+&lt;/VerifyXMLSignatureRequest&gt;
+</pre>
+<p>Das Element <code>TrustProfileID</code> schlie&szlig;lich enth&auml;lt den Bezeichner des Vertrauensprofils, gegen das die Zertifikatspr&uuml;fung von MOA SP durchgef&uuml;hrt wird. In diesem Falle muss f&uuml;r das Vertrauenprofil die TSL Unterst&uuml;tzung aktiviert sein. In der beispielhaften Konfiguration <a href="../../../conf/moa-spss/sp.minimum_with_tsl.config.xml" target="_blank">sp.minimum_with_tsl.config.xml</a> ist so eine Vertrauensprofile mit der ID Test-TSLProfil eingerichtet.</p>
+<h5>Response</h5>
+<p><code><a href="../../clients/webservice/resources/requests/VerifyXMLSignatureRequest.TSL.resp.xml" target="_blank">VerifyXMLSignatureRequest.TSL.resp.xml</a></code> ist eine typische Response des SP Webservices auf den obigen Request. Sein Aufbau wird nachfolgend analysiert. Bitte beachten Sie, dass die dargestellte Response zur bessernen Lesbarkeit einger&uuml;ckt und gek&uuml;rzt wurde.</p>
+<pre>
+&lt;VerifyXMLSignatureResponse
+ xmlns=&quot;http://reference.e-government.gv.at/namespace/moa/20020822#&quot;
+ xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;
+ &lt;SignerInfo&gt;
+ &lt;dsig:X509Data&gt;
+ &lt;dsig:X509SubjectName&gt;T=DI,serialNumber=847206943023,givenName=Klaus,SN=Stranacher,
+ CN=Klaus Stranacher,C=AT&lt;/dsig:X509SubjectName&gt;
+ &lt;dsig:X509IssuerSerial&gt;
+ &lt;dsig:X509IssuerName&gt;CN=a-sign-premium-mobile-03,OU=a-sign-premium-mobile-03,
+ O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT&lt;/dsig:X509IssuerName&gt;
+ &lt;dsig:X509SerialNumber&gt;685117&lt;/dsig:X509SerialNumber&gt;
+ &lt;/dsig:X509IssuerSerial&gt;
+ &lt;dsig:X509Certificate&gt;...&lt;/dsig:X509Certificate&gt;
+ &lt;QualifiedCertificate/&gt;<br> &lt;SecureSignatureCreationDevice Source=&quot;Certificate&quot;/&gt;<br> &lt;IssuerCountryCode&gt;AT&lt;/IssuerCountryCode&gt;<br> &lt;/dsig:X509Data&gt;
+ &lt;/SignerInfo&gt;
+</pre>
+<p>Die Response enth&auml;lt zun&auml;chst in <code>SignerInfo/dsig:X509Data</code> Informationen &uuml;ber den Signator, die aus dem in der XML-Signatur enthaltenen Signatorzertifikat entnommen sind. </p>
+<p><code>dsig:X509SubjectName</code> ist immer vorhanden und enth&auml;lt den Namen des Signators. <code>dsig:X509IssuerSerial</code> ist ebenfalls immer vorhanden und enth&auml;lt den Namen des Austellers des Signatorzertifikats (<code>dsig:X509IssuerName</code>) sowie die Seriennummer des Zertifikats (<code>dsig:X509SerialNumber</code>). Auch <code>dsig:X509Certificate</code> ist ist immer vorhanden und enth&auml;lt das Signatorzertifikat in base64 kodierter Form. </p>
+<p>Optional vorhanden ist das inhaltslose Element <code>QualifiedCertificate</code>, und zwar dann, wenn es sich beim Signatorzertifikat um ein qualifiziertes Zertifikat handelt. Optional vorhanden ist das Element <code>SecureSignatureCreationDevice</code>, und zwar dann wenn die Signatur mittels einer sicheren Signaturerstellungseinheit erzeugt wurde. Das Attribut <code>Source</code>, gibt dabei an ob diese Information &uuml;ber die entsprechende TSL (<code>Source=TSL</code>) oder &uuml;ber das Zertifikat ermittelt wurde (<code>Source=Certificate</code>). Das weitere optionale Element <code>IssuerCountryCode</code> gibt dabei den L&auml;ndercode des Zertifizierungsdiensteanbieters an, der das Signaturzertifikat ausgestellt hat. Ebenfalls optional vorhanden (nicht in diesem Beispiel) ist schlie&szlig;lich das Element <code>PublicAuthority</code>, und zwar dann, wenn das Signatorzertifikat die &ouml;sterreichspezifische Zertifikatserweiterung <a href="http://www.digitales.oesterreich.gv.at/site/cob__28513/5580/default.aspx" target="_blank">Verwaltungseigenschaft</a> aufweist. Ist in dieser Zertifikatserweiterung das Verwaltungskennzeichen mitkodiert, wird dieses Kennzeichen als Textinhalt des optionalen Elements <code>PublicAuthority/Code</code> geliefert.</p>
+<pre>
+ &lt;SignatureCheck&gt;
+ &lt;Code&gt;0&lt;/Code&gt;
+ &lt;/SignatureCheck&gt;
+</pre>
+<p> Anschlie&szlig;end an <code>SignerInfo</code> enth&auml;lt die Response mit <code>SignatureCheck/Code</code> das Resultat der kryptographischen Pr&uuml;fung der Signatur. In unserem Beispiel ist dort der Wert <code>0</code> enthalten, d. h. die Signatur konnte erfolgreich validiert werden. F&uuml;r eine &Uuml;bersicht der m&ouml;glichen Kodes siehe <a href="#sl"> Security-Layer Spezifikation</a>.</p>
+<pre>
+ &lt;CertificateCheck&gt;
+ &lt;Code&gt;0&lt;/Code&gt;
+ &lt;/CertificateCheck&gt;
+</pre>
+<p>Abschlie&szlig;end enth&auml;lt die Response mit <code>CertificateCheck/Code</code> das Resultat der Pr&uuml;fung des Signatorzertifikats. Zun&auml;chst pr&uuml;ft MOA SP, ob ausgehend vom Signatorzertifikat eine Zertifikatskette zu einem im zugeh&ouml;rigen Vertrauensprofil konfigurierten sog. <span class="term">Trust Anchor</span> gebildet werden kann. Gelingt dies, wird die G&uuml;ltigkeit jedes Zertifikats dieser Kette &uuml;berpr&uuml;ft. In unserem Beispiel enth&auml;lt <code>Code</code> den Wert <code>0</code>, d. h. MOA SP konnte die Kette bilden, und alle Zertifikate der Kette sind g&uuml;ltig. F&uuml;r eine &Uuml;bersicht der m&ouml;glichen Kodes siehe <a href="#sl"> Security-Layer Spezifikation</a>.</p>
+
+<!-- TSL -->
<h2><a name="webservice_clients" id="webservice_clients"></a>2.2 Webservice-Clients</h2>
<p><a href="#webservice_xmlrequests">Abschnitt 2.1</a> bespricht eine Reihe von typischen XML-Requests, die &uuml;ber die Webservice-Schnittstelle an MOA SP/SS gesendet werden k&ouml;nnen, um entweder Signaturen zu erstellen (MOA SS) oder Signaturen zu pr&uuml;fen (MOA SP). Dieser Abschnitt zeigt die Verwendung des prototypischen Webservice-Clients, der mit dieser Dokumentation zu MOA SP/SS ausgeliefert wird.</p>
<h3><a name="webservice_clients_übersicht" id="webservice_clients_übersicht"></a>2.2.1 &Uuml;bersicht</h3>
@@ -1290,8 +1352,8 @@ Ich habe weiters ein eigenens ID-Attribut bekommen.&lt;/doc:Paragraph&gt;
<th>Link</th>
</tr>
<tr id="sl">
- <td><p>Security Layer Spezifikation V x.x @TODO Version einf&uuml;gen</p></td>
- <td>@TODO Link</td>
+ <td><p>Security Layer Spezifikation Version 1.2.7</p></td>
+ <td><a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html#core" target="_blank">http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html#core</a></td>
</tr>
</tbody>
</table>
diff --git a/spss/server/history.txt b/spss/server/history.txt
index a69bf1211..651524419 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -2,24 +2,27 @@
2.0.0
##############
-- Signaturerstelltung:
+- Signaturerstellung:
- Unterstuetzung von XAdES Version 1.4.2
- Unterstuetzung von CMS/CAdES Signaturen Version 2.2.1
-- TSL Unterstuetzung
-- Libraries aktualisiert bzw. hinzugef�gt:
+- Signaturpruefung:
+ - Trust-service Status List (TSL) Unterstuetzung
+- Update der Standard Trustprofile und Standard Konfigurationen
+- Sicherheitsupdates
+ - Angabe einer Whitelist um das Aufloesen externer Referenzen von den angegebenen Quellen zu aktivieren.
+- Libraries aktualisiert bzw. hinzugefuegt:
iaik-moa: Version 1.5
- iaik-tsl Versio 1.0.0
-
+ iaik-tsl Version 1.0
##############
1.5.1
##############
- Sicherheitsupdates
- - Defaultm��iges Deaktiveren des Aufl�sens von externen Referenzen
- - Angabe einer Blacklist in der Konfiguration um den Intranetbereich zu sch�tzen, so das Aufl�sen externer Referenzen aktiviert wird
+ - Defaultmaessiges Deaktiveren des Aufloesens von externen Referenzen
+ - Angabe einer Blacklist in der Konfiguration um den Intranetbereich zu schützen, so das Aufloesen externer Referenzen aktiviert wird
- Update der Standard Trustprofile und Standard Konfigurationen
-- Standard Trustprofil "OfficialSignature" f�r Amtssignaturen hinzugef�gt
+- Standard Trustprofil "OfficialSignature" fuer Amtssignaturen hinzugefuegt
- Libraries aktualisiert:
iaik-moa: Version 1.32
iaik-ixsil: Version 1.2.2.5
diff --git a/spss/server/readme.inst.txt b/spss/server/readme.inst.txt
index b14da5ee1..6cbf14fd0 100644
--- a/spss/server/readme.inst.txt
+++ b/spss/server/readme.inst.txt
@@ -1,6 +1,6 @@
Willkommen zur Installation von MOA SP/SS!
-Für eine Anleitung zur Installation verwenden Sie bitte das
+Fuer eine Anleitung zur Installation verwenden Sie bitte das
Installationshandbuch "handbook.html" im Verzeichnis "doc" dieser
Distribution.
diff --git a/spss/server/readme.update.txt b/spss/server/readme.update.txt
index 21d7c56a0..07d100272 100644
--- a/spss/server/readme.update.txt
+++ b/spss/server/readme.update.txt
@@ -5,7 +5,7 @@
Es gibt zwei Moeglichkeiten (im Folgenden als "Update Variante A" und
"Update Variante B" bezeichnet), das Update von MOA-SPSS auf Version
-2.0.0 durchzuf�hren. Update Variante A geht dabei den Weg ueber eine
+2.0.0 durchzufuehren. Update Variante A geht dabei den Weg ueber eine
vorangestellte Neuinstallation, waehrend Variante B direkt eine
bestehende Installation aktualisiert.
@@ -26,9 +26,9 @@ Update Variante A
Ihrer MOA-SPSS-Installation.
2.) Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
- JAVA_HOME\jre\lib\ext, und l�schen Sie diese Dateien danach.
+ JAVA_HOME\jre\lib\ext, und loeschen Sie diese Dateien danach.
-3.) F�hren Sie eine Neuinstallation gemaess Handbuch durch.
+3.) Fuehren Sie eine Neuinstallation gemaess Handbuch durch.
4.) Kopieren Sie etwaige Konfigurationsdateien, Trust-Profile und Key-Stores,
die Sie aus Ihrer alten Installation beibehalten moechten, aus Ihrer
@@ -110,7 +110,7 @@ Update Variante B
10.) Update des Cert-Stores.
a) Kopieren Sie den Inhalt des Verzeichnisses MOA_SPSS_INST\conf\moa-spss\certstore
in das Verzeichnis CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
- vorhandene Dateien oder Unterverzeichnisse �berschreiben sollen, dann bejahen Sie das.
+ vorhandene Dateien oder Unterverzeichnisse ueberschreiben sollen, dann bejahen Sie das.
b) Falls vorhanden, loeschen Sie die Datei "890A4C8282E95EBB398685D9501486EF213941B5" aus dem
Verzeichnis CATALINA_HOME\conf\moa-spss\certstore\10F17BDACD8DEAA1E8F23FBEAE7B3EC3D9773D1D.
@@ -123,7 +123,7 @@ Update Variante B
CATALINA_HOME\conf\moa-spss\certstore\10F17BDACD8DEAA1E8F23FBEAE7B3EC3D9773D1D.
11.) Nur wenn alte Installation aelter als Version 1.3.0:
- Mit dem Wechsel auf Version 1.3.0 verwendet MOA SP ein neues Format f�r die
+ Mit dem Wechsel auf Version 1.3.0 verwendet MOA SP ein neues Format fuer die
XML-Konfigurationsdatei. Sie muessen die Konfigurationsdatei fuer MOA-SP aus
Ihrer alten Installation auf das neue Format konvertieren. Details dazu
finden Sie im MOA-SPSS-Installationshandbuch. \ No newline at end of file
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index 5afc4b70c..288004a66 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -143,16 +143,16 @@
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_tsl</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_util</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_xsect</artifactId>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_xsect_eval</artifactId>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
@@ -167,7 +167,7 @@
<artifactId>sqlite-jdbc</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_jsse</artifactId>
</dependency>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
index 6209d8ef9..6b3f4301f 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
@@ -175,7 +175,7 @@ public class VerifyCMSSignatureRequestParser {
excludeByteRangeFrom = new BigDecimal(excludeByteRangeFromStr);
if (excludeByteRangeToStr != null)
excludeByteRangeTo = new BigDecimal(excludeByteRangeToStr);
-
+
return factory.createCMSDataObject(metaInfo, content, excludeByteRangeFrom, excludeByteRangeTo);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 0908d88c9..3d2da8384 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -1268,6 +1268,111 @@ public class ConfigurationPartsBuilder {
}
/**
+ * Build the trust profile mapping.
+ *
+ * @return The profile ID to profile mapping.
+ */
+ public Map buildTrustProfiles()
+ {
+ Map trustProfiles = new HashMap();
+ NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+ Element profileElem;
+
+ while ((profileElem = (Element) profileIter.nextNode()) != null)
+ {
+ String id = getElementValue(profileElem, CONF + "Id", null);
+ String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null);
+ String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null);
+
+ URI trustAnchorsLocURI = null;
+ try
+ {
+ trustAnchorsLocURI = new URI(trustAnchorsLocStr);
+ if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file
+ trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr);
+ }
+ }
+ catch (URIException e) {
+ warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e);
+ continue;
+ }
+ catch (MalformedURLException e)
+ {
+ warn("config.15", new Object[] {id}, e);
+ continue;
+ }
+
+ File profileDir = new File(trustAnchorsLocURI.getPath());
+ if (!profileDir.exists() || !profileDir.isDirectory()) {
+ warn("config.27", new Object[] { "uri", id });
+ continue;
+ }
+
+
+
+ if (trustProfiles.containsKey(id)) {
+ warn("config.04", new Object[] { "TrustProfile", id });
+ continue;
+ }
+
+ URI signerCertsLocURI = null;
+ if (signerCertsLocStr != null && !"".equals(signerCertsLocStr))
+ {
+ try
+ {
+ signerCertsLocURI = new URI(signerCertsLocStr);
+ if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr);
+
+ File signerCertsDir = new File(signerCertsLocURI.getPath());
+ if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) {
+ warn("config.27", new Object[] { "signerCertsUri", id });
+ continue;
+ }
+ }
+ catch (URIException e) {
+ warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e);
+ continue;
+ }
+ catch (MalformedURLException e) {
+ warn("config.15", new Object[] {id}, e);
+ continue;
+ }
+ }
+
+ signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
+
+ TrustProfile profile = null;
+
+ profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, false, null);
+
+ trustProfiles.put(id, profile);
+
+ }
+
+ return trustProfiles;
+ }
+
+ /**
+ * checks if a trustprofile with TSL support is enabled
+ *
+ * @return true if TSL support is enabled in at least one trustprofile, else false
+ */
+ public boolean checkTrustProfilesTSLenabled()
+ {
+ NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+ Element profileElem;
+
+ boolean tslSupportEnabled = false;
+ while ((profileElem = (Element) profileIter.nextNode()) != null) {
+ Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL");
+ if (eutslElem != null) //EUTSL element found --> TSL enabled
+ tslSupportEnabled = true;
+ }
+
+ return tslSupportEnabled;
+ }
+
+ /**
* Returns the location of the certificate store.
*
* @return the location of the certificate store.
@@ -1385,6 +1490,22 @@ public class ConfigurationPartsBuilder {
Logger.warn(new LogMsg(txt));
warnings.add(txt);
}
+
+ /**
+ * Log a warning.
+ *
+ * @param messageId The message ID.
+ * @param args Additional parameters for the message.
+ * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+ */
+ private void debug(String messageId, Object[] args) {
+ MessageProvider msg = MessageProvider.getInstance();
+ String txt = msg.getMessage(messageId, args);
+
+ Logger.debug(new LogMsg(txt));
+
+ }
+
/**
* Log a debug message.
@@ -1577,31 +1698,31 @@ public class ConfigurationPartsBuilder {
public TSLConfiguration getTSLConfiguration() {
TSLConfigurationImpl tslconfiguration = new TSLConfigurationImpl();
-
+
String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null);
if (StringUtils.isEmpty(euTSLUrl)) {
euTSLUrl = TSLConfiguration.DEFAULT_EU_TSL_URL;
- warn("config.39", new Object[] { "EUTSL", euTSLUrl });
+ debug("config.39", new Object[] { "EUTSL", euTSLUrl });
}
String updateSchedulePeriod = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "Period" , null);
if (StringUtils.isEmpty(updateSchedulePeriod)) {
updateSchedulePeriod = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_PERIOD;
- warn("config.39", new Object[] { "UpdateSchedule/Period", updateSchedulePeriod });
+ debug("config.39", new Object[] { "UpdateSchedule/Period", updateSchedulePeriod });
}
String updateScheduleStartTime = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "StartTime", null);
if (StringUtils.isEmpty(updateScheduleStartTime)) {
updateScheduleStartTime = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_STARTTIME;
- warn("config.39", new Object[] { "UpdateSchedule/StartTime", updateScheduleStartTime });
+ debug("config.39", new Object[] { "UpdateSchedule/StartTime", updateScheduleStartTime });
}
String workingDirectoryStr = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "WorkingDirectory", null);
if (StringUtils.isEmpty(workingDirectoryStr)) {
workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR;
- warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr });
+ debug("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr });
}
// convert update schedule starting time to Date object
@@ -1638,24 +1759,12 @@ public class ConfigurationPartsBuilder {
return null;
}
- File hashcache = new File(tslWorkingDir, "hashcache");
- if (!hashcache.exists()) {
- hashcache.mkdir();
- }
- if (!hashcache.isDirectory()) {
- error("config.38", new Object[] { hashcache.getAbsolutePath() });
- return null;
- }
-
- System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath());
-// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
-// System.out.println("Hashcache: " + hashcachedir);
-
+
debug("TSL Konfiguration - EUTSLUrl: " + euTSLUrl);
debug("TSL Konfiguration - UpdateSchedule/Period: " + updateSchedulePeriod);
debug("TSL Konfiguration - UpdateSchedule/StartTime: " + updateScheduleStartTime);
debug("TSL Konfiguration - TSLWorkingDirectory: " + tslWorkingDir.getAbsolutePath());
- debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath());
+
// set TSL configuration
tslconfiguration.setEuTSLUrl(euTSLUrl);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 2cad35763..d67cbf1b4 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -347,6 +347,16 @@ public class ConfigurationProvider
try {
builder = new ConfigurationPartsBuilder(configElem, configRoot);
+ if (builder.checkTrustProfilesTSLenabled()) {
+ debug("TSL support enabled for at least one trustprofile.");
+ tslconfiguration_ = builder.getTSLConfiguration();
+ trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+ }
+ else {
+ tslconfiguration_ = null;
+ trustProfiles = builder.buildTrustProfiles();
+ }
+
digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName();
canonicalizationAlgorithmName =
builder.getCanonicalizationAlgorithmName();
@@ -361,14 +371,14 @@ public class ConfigurationProvider
keyGroupMappings =
builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL);
- tslconfiguration_ = builder.getTSLConfiguration();
-
xadesVersion = builder.getXAdESVersion();
defaultChainingMode = builder.getDefaultChainingMode();
chainingModes = builder.buildChainingModes();
useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess();
autoAddCertificates_ = builder.getAutoAddCertificates();
- trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+ //trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+
+
distributionPoints = builder.buildDistributionPoints();
enableRevocationChecking_ = builder.getEnableRevocationChecking();
maxRevocationAge_ = builder.getMaxRevocationAge();
@@ -379,6 +389,7 @@ public class ConfigurationProvider
revocationArchiveJDBCDriverClass_ = builder.getRevocationArchiveJDBCDriverClass();
+
//check TSL configuration
checkTSLConfiguration();
@@ -428,7 +439,21 @@ public class ConfigurationProvider
}
}
- private void checkTSLConfiguration() throws ConfigurationException {
+ private boolean checkTSLenableTrustprofilesExist()throws ConfigurationException {
+ boolean bTSLEnabledTPExist = false;
+ Iterator it = trustProfiles.entrySet().iterator();
+ while (it.hasNext()) {
+ Map.Entry pairs = (Map.Entry)it.next();
+ TrustProfile tp = (TrustProfile) pairs.getValue();
+ if (tp.isTSLEnabled())
+ bTSLEnabledTPExist = bTSLEnabledTPExist || true;
+ }
+
+ return bTSLEnabledTPExist;
+
+ }
+
+ private void checkTSLConfiguration() throws ConfigurationException {
boolean bTSLEnabledTPExist = false;
Iterator it = trustProfiles.entrySet().iterator();
while (it.hasNext()) {
@@ -449,6 +474,43 @@ public class ConfigurationProvider
throw new ConfigurationException("config.40", null);
}
+ File workingDir = new File(tslconfiguration_.getWorkingDirectory());
+ File eu_trust = new File(workingDir.getAbsolutePath() + "/trust/eu");
+ if (!eu_trust.exists()) {
+ error("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"});
+ throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"});
+ }
+ else {
+ File[] eutrustFiles = eu_trust.listFiles();
+ if (eutrustFiles == null) {
+ error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+ throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+ }
+ else {
+ if (eutrustFiles.length == 0) {
+ error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+ throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+ }
+ }
+
+ }
+
+ File hashcache = new File(tslconfiguration_.getWorkingDirectory(), "hashcache");
+ if (!hashcache.exists()) {
+ hashcache.mkdir();
+ }
+ if (!hashcache.isDirectory()) {
+ error("config.38", new Object[] { hashcache.getAbsolutePath() });
+ return;
+ }
+
+ System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath());
+// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
+// System.out.println("Hashcache: " + hashcachedir);
+
+
+ Logger.debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath());
+
}
@@ -759,6 +821,17 @@ public class ConfigurationProvider
Logger.info(new LogMsg(msg.getMessage(messageId, parameters)));
}
+ /**
+ * Log a debug message.
+ *
+ * @param messageId The message ID.
+ * @param parameters Additional parameters for the message.
+ * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+ */
+ private static void debug(String message) {
+ Logger.debug(message);
+ }
+
/**
* Log a warning.
*
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 0e5faf790..aca6f5895 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -311,6 +311,12 @@ public class CMSSignatureVerificationInvoker {
ByteArrayOutputStream contentOs = new ByteArrayOutputStream();
+ CMSDataObject dataobject = request.getDataObject();
+ BigDecimal from = dataobject.getExcludeByteRangeFrom();
+ BigDecimal to = dataobject.getExcludeByteRangeTo();
+
+ if ( (from == null) || (to == null))
+ return contentIs;
BigDecimal counter = new BigDecimal("0");
BigDecimal one = new BigDecimal("1");
@@ -318,7 +324,7 @@ public class CMSSignatureVerificationInvoker {
try {
while ((byteRead=contentIs.read()) >= 0) {
- if (inRange(counter, request.getDataObject())) {
+ if (inRange(counter, dataobject)) {
// if byte is in byte range, set byte to 0x00
contentOs.write(0);
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
index 07da0a998..3a004a81d 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.spss.tsl.connector;
import iaik.asn1.ObjectID;
+
import iaik.util._;
import iaik.util.logging._l;
import iaik.utils.RFC2253NameParser;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
index 0cb18a08e..e06abe44d 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
@@ -46,7 +46,9 @@ public class TSLUpdaterTimerTask extends TimerTask {
public void run() {
try {
+ Logger.info("Start TSL Update");
update();
+ Logger.info("Finished TSL Update");
} catch (TSLEngineDiedException e) {
MessageProvider msg = MessageProvider.getInstance();
Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
@@ -170,30 +172,35 @@ public class TSLUpdaterTimerTask extends TimerTask {
fis.close();
}
- // convert ArrayList<File> to X509Certificate[]
- X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];
- Iterator itcert = tsl_certs.iterator();
- i = 0;
- File f = null;
- while(itcert.hasNext()) {
- f = (File)itcert.next();
- FileInputStream fis = new FileInputStream(f);
- X509Certificate cert = new X509Certificate(fis);
- addCertificatesTSL[i] = cert;
+ // convert ArrayList<File> to X509Certificate[]
+ if (tsl_certs == null) {
+ Logger.warn("No certificates from TSL imported.");
+ //throw new TSLSearchException("No certificates from TSL imported.");
+ }
+ else {
+
+ X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];
+ Iterator itcert = tsl_certs.iterator();
+ i = 0;
+ File f = null;
+ while(itcert.hasNext()) {
+ f = (File)itcert.next();
+ FileInputStream fis = new FileInputStream(f);
+ X509Certificate cert = new X509Certificate(fis);
+ addCertificatesTSL[i] = cert;
- i++;
- fis.close();
- }
+ i++;
+ fis.close();
+ }
- Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates."));
- storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);
- storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);
+ Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates."));
+ storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);
+ storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);
- Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
- storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
- storeUpdater.addCertificatesToCertStores(addCertificates, tid);
-
-
+ Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
+ storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+ storeUpdater.addCertificatesToCertStores(addCertificates, tid);
+ }
}
}
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java
index f0dbd779e..492d10eda 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.spss.tsl.utils;
import iaik.util.logging._l;
+
import iaik.util.logging.Log.MultiThreadLoggingGroup;
import iaik.utils.RFC2253NameParserException;
import iaik.utils.Util;
@@ -15,6 +16,7 @@ import iaik.xml.crypto.tsl.TSLOpenURIException;
import iaik.xml.crypto.tsl.TSLThreadContext;
import iaik.xml.crypto.tsl.ValidationFixupFilter;
import iaik.xml.crypto.tsl.ValidationFixupFilter.AttributeValueFixup;
+import iaik.xml.crypto.tsl.ValidationFixupFilter.DeleteAttrFixup;
import iaik.xml.crypto.tsl.ValidationFixupFilter.ElementStringValueFixup;
import iaik.xml.crypto.tsl.ValidationFixupFilter.FixedSaxLevelValidationExcption;
import iaik.xml.crypto.tsl.ValidationFixupFilter.Fixup;
@@ -97,44 +99,34 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
trustAnchorsWrongOnEuTsl_;
public TSLImportFromFileContext(
- Countries expectedTerritory,
- URL url,
- Number otherTslPointerId,
- String workingdirectory,
- boolean sqlMultithreaded,
- boolean throwExceptions,
- boolean logExceptions,
- boolean throwWarnings,
- boolean logWarnings,
- boolean nullRedundancies,
- String baseuri,
- Map <Countries, ListIterator<X509Certificate>> trustAnchorsWrongOnEuTsl,
- TSLThreadContext parentContext) {
- super(
- expectedTerritory,
- url,
- otherTslPointerId,
- workingdirectory,
- sqlMultithreaded,
- throwExceptions,
- logExceptions,
- throwWarnings,
- logWarnings,
- nullRedundancies,
- parentContext);
- baseuri_ = baseuri;
- trustAnchorsWrongOnEuTsl_ = trustAnchorsWrongOnEuTsl;
- }
-
- public List<ThrowableAndLocatorAndMitigation> getErrorsAndWarnings() {
- List<ThrowableAndLocatorAndMitigation> errorsAndWarnings = new ArrayList<ThrowableAndLocatorAndMitigation>();
- errorsAndWarnings.addAll(this.fatals_);
- errorsAndWarnings.addAll(this.faildTransactions_);
- errorsAndWarnings.addAll(this.warnings_);
-
- return errorsAndWarnings;
- }
-
+ Countries expectedTerritory,
+ URL url,
+ Number otherTslPointerId,
+ String workingdirectory,
+ boolean sqlMultithreaded,
+ boolean throwExceptions,
+ boolean logExceptions,
+ boolean throwWarnings,
+ boolean logWarnings,
+ boolean nullRedundancies,
+ String baseuri,
+ Map <Countries, ListIterator<X509Certificate>> trustAnchorsWrongOnEuTsl,
+ TSLThreadContext parentContext) {
+ super(
+ expectedTerritory,
+ url,
+ otherTslPointerId,
+ workingdirectory,
+ sqlMultithreaded,
+ throwExceptions,
+ logExceptions,
+ throwWarnings,
+ logWarnings,
+ nullRedundancies,
+ parentContext);
+ baseuri_ = baseuri;
+ trustAnchorsWrongOnEuTsl_ = trustAnchorsWrongOnEuTsl;
+ }
/* (non-Javadoc)
* @see iaik.xml.crypto.tsl.TSLImportFromFileContext#getbaseURI()
*/
@@ -142,67 +134,80 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
public String getbaseURI() {
return this.baseuri_;
}
-
+
+
+
+
//@Override
- protected RuntimeException wrapException(Throwable t, Locator l, Mitigation m) {
- return super.wrapException(t, l, m);
- }
+ protected RuntimeException wrapException(Throwable t, Locator l, Mitigation m) {
+ return super.wrapException(t, l, m);
+ }
@Override
- public synchronized void throwException(Throwable e) {
+ public
+ synchronized void throwException(Throwable e) {
if (e instanceof TSLValidationException) {
// we do not throw dom validation errors for testing
// and just collect them
wrapException(e);
-
} else if (e instanceof TSLVerificationException) {
+
+ boolean corrected = false;
// we do not throw verification errors for testing
// and just collect them
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NO_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NO_TSL_SIGNATURE) {
-
- //TSL with no signature are ignored!!!!
- l.warn("TSL IS NOT SIGNED! "
- + this.expectedTerritory_.name() + " TSL ignored.");
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
-
- if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE
- .getClass().getName(), "true"))
- && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE) {
- ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
- }
+// // NEVER DO THIS! unless you want to import TSLs without signatures.
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NO_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NO_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+// }
+//
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+// }
- wrapException(e);
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+//
+// corrected = true;
+// }
+//
+//
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+//
+// corrected = true;
+// }
+//
+// if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE
+// .getClass().getName(), "true"))
+// && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE) {
+// ((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);
+//
+// corrected = true;
+// }
+//
+// if (corrected)
+// wrapException(e);
+// else
+// super.throwException(e);
+
+ super.throwException(e);
} else if (e instanceof FileNotFoundException) {
// we do not stop and continue processing
wrapException(e);
-
} else if (e instanceof IllegalArgumentException) {
// we do not stop and continue processing
wrapException(e);
-
} else {
// all other errors are treated as per default
super.throwException(e);
@@ -221,9 +226,6 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
if(
e instanceof FixedSaxLevelValidationExcption &&
enclosingMethod.getDeclaringClass().equals(ValidationFixupFilter.class)){
-
-
-
wrapException(e,
((LocatorAspect) e).getLocator(),
new FixedValidationMitigation("Performed SAX Level Fixup."));
@@ -247,7 +249,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
if (parameters[0] instanceof DOMError) {
DOMError domError = (DOMError) parameters[0];
- l.info(""+domError.getRelatedData());
+ _l.warn(""+domError.getRelatedData());
// domError.getRelatedData().getClass().getField("")
@@ -308,6 +310,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
}
});
return mitigatedResult;
+
}
}
@@ -378,11 +381,43 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
}
}
- l.error("Ignoring download error using old: " + parameters[0], null);
+ _l.err("Ignoring download error using old: " + parameters[0], null);
wrapException(e);
return parameters[1];
}
+// if (
+// expectedTerritory_ == Countries.PL &&(
+// (e.getCause() instanceof java.io.EOFException ||
+// e.getCause() instanceof iaik.security.ssl.SSLException) &&
+// parameters[0] instanceof URL &&
+// ((URL)parameters[0]).getProtocol().equalsIgnoreCase("https")
+// )){
+// File f = null;
+// System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
+// TLS.register("TLSv1");
+// try {
+// f = (File) enclosingMethod.invoke(thisObject, parameters);
+// } catch (IllegalAccessException e1) {
+// wrapException(e1);
+// } catch (InvocationTargetException e1) {
+// wrapException(e1);
+// }
+//
+// // System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", null);
+// TLS.register();
+//
+// if (f != null){
+// wrapException(e, null, new Mitigation() {
+// @Override
+// public String getReport() {
+// return "Trying TLSv1 and sun.security.ssl.allowUnsafeRenegotiation=true";
+// }
+// });
+// return f;
+// }
+// }
+
if (
e instanceof TSLSecurityException &&
enclosingMethod.getDeclaringClass().equals(TSLContext.class) &&
@@ -406,14 +441,14 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
wrapException(e1);
}
wrapException(e, getLocator(),
- new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation(){
- @Override
- public String getReport() {
- return "make an exception for " + expectedTerritory_ + " who have the wrong certificate in " +
- "the EU TSL and allow the certificate " +
- parameters[1];
- }
- });
+ new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation(){
+ @Override
+ public String getReport() {
+ return "make an exception for " + expectedTerritory_ + " who have the wrong certificate in " +
+ "the EU TSL and allow the certificate " +
+ parameters[1];
+ }
+ });
return null;
}
X509Certificate crt = (X509Certificate)parameters[1];
@@ -530,47 +565,45 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
}
}
-// //TODO: CONSIDER, IF WE REALLY WANT THIS PART OF CODE!
-// //ugly hack to accept a certificate which uses a crazy X509SubjectName!!
-// if ( expectedTerritory_ == Countries.DK &&
-// e instanceof KeySelectorException &&
-// parameters[0] instanceof X509DataImpl){
-// if (e.getMessage().equals("KeyInfo X509SubjectName (CN=Adam Arndt Digst,serialNumber=CVR:34051178-RID:25902029,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) does not match SubjectDN (serialNumber=CVR:34051178-RID:25902029+CN=Adam Arndt Digst,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) of KeyInfo X509Certificate.\n"+
-// "Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear MUST refer to the certificate or certificates containing the validation key.")) {
-//
-// X509DataImpl x509DataImpl = (X509DataImpl) parameters[0];
-//
-// Node child = x509DataImpl.getNode().getFirstChild().getNextSibling();
-// Node child1 = x509DataImpl.getNode().getFirstChild();
-//
-// x509DataImpl.getNode().removeChild(child);
-// x509DataImpl.getNode().removeChild(child1);
-//
-//
-// parameters[0] = (X509Data) x509DataImpl
-//
-// Object mitigatedResult = null;
-// try {
-//
-// mitigatedResult = enclosingMethod.invoke(thisObject, parameters);
-// } catch (IllegalAccessException e1) {
-// wrapException(e1);
-// } catch (InvocationTargetException e1) {
-// wrapException(e1);
-// }
-//
-// if (mitigatedResult != null){
-// wrapException(e, null, new Mitigation(null) {
-// @Override
-// public String getReport() {
-// return "Deleted wrong X509SubjectName from XMLDSIG Signature.";
-// }
-// });
-// return mitigatedResult;
-// }
-// }
-// }
-
+ if ( expectedTerritory_ == Countries.DK &&
+ e instanceof KeySelectorException &&
+ parameters[0] instanceof X509DataImpl){
+ if (e.getMessage().equals("KeyInfo X509SubjectName (CN=Adam Arndt Digst,serialNumber=CVR:34051178-RID:25902029,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) does not match SubjectDN (serialNumber=CVR:34051178-RID:25902029+CN=Adam Arndt Digst,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) of KeyInfo X509Certificate.\n"+
+ "Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear MUST refer to the certificate or certificates containing the validation key.")) {
+
+ X509DataImpl x509DataImpl = (X509DataImpl) parameters[0];
+
+ ListIterator li = x509DataImpl.getContent().listIterator();
+ li.next();
+ String sn = (String) li.next();
+
+ _l.err(sn, null);
+
+ System.exit(1);
+
+ Object mitigatedResult = null;
+ try {
+
+ mitigatedResult = enclosingMethod.invoke(thisObject, parameters);
+ } catch (IllegalAccessException e1) {
+ wrapException(e1);
+ } catch (InvocationTargetException e1) {
+ wrapException(e1);
+ }
+
+ if (mitigatedResult != null){
+ wrapException(e, null, new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation() {
+ @Override
+ public String getReport() {
+ return "Deleted wrong X509SubjectName from XMLDSIG Signature.";
+ }
+ });
+ return mitigatedResult;
+
+ }
+ }
+ }
+
} else {
if (e instanceof MitigatedTSLSecurityException){
@@ -578,7 +611,6 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
// and collect them
wrapException(e);
return null;
-
} else if (e instanceof FixedSaxLevelValidationExcption) {
// we allow to mitigate Sax Level Fixup for testing
// and collect them
@@ -607,7 +639,11 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
if(expectedTerritory_ == Countries.EL){
//fix the whitespace in Greece TSL
status = status.trim();
- }
+ }
+ if (status != null && status.startsWith("http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/")) {
+ status = status.substring("http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/".length());
+ }
+
return super.compressStatus(status);
}
@@ -625,6 +661,37 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
@Override
public iaik.xml.crypto.tsl.ValidationFixupFilter.Fixup getSaxLevelValidationFixup(SAXParseException e) {
+ if (expectedTerritory_ == Countries.AT){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.CZ){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.FR){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.NO){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+ if (expectedTerritory_ == Countries.SK){
+ if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){
+ return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);
+ }
+ }
+
+
if (expectedTerritory_ == Countries.ES && getDownloadLocation().toString().contains(".es/")){
if (e.getMessage().equals("cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'tslx:CertSubjectDNAttributeType'.")){
return new LocalNameFixup("CertSubjectDNAttributeType","CertSubjectDNAttribute",e, this);
@@ -734,7 +801,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
String msg = e.getMessage();
- l.info(msg);
+ _l.info(msg);
return(
msg.startsWith("["+SQLiteErrorCode.SQLITE_CONSTRAINT.name()+"]") &&
msg.contains("column " + DbTables.TSLDownload.C.rawHash + " is not unique")
@@ -748,7 +815,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
@Override
protected long howLongWaitForThreads() {
// TODO Auto-generated method stub
- return 10000;
+ return 100000;
}
@Override
@@ -768,7 +835,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF
synchronized (log) {
parentContext_.print("<" + ncName + " state=\"" + currentThread.getState()
+ "\" " + " id=\"" + currentThread.getId() + "\">\n" + log.toString() + "</"
- + ncName + ">\n");
+ + ncName + ">" + _.LB);
parentContext_.flushLog();
log.setLength(0);
}
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
index e4ee607c0..9e2e0e490 100644
--- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
+++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
@@ -159,6 +159,7 @@ config.46=Start periodical TSL update task at {0} and then every {1} millisecond
config.48=No whitelisted URIs given.
config.49=Whitelisted URI: {0}.
config.50=Fehler beim Erstellen des TSL Vertrauensprofils: Das Verzeichnis ({0}) ist kein Verzeichnis.
+config.51=Fehler beim Erstellen der TSL Konfiguration: TSL-Arbeitsverzeichnis ist fehlerhaft ({0}).
handler.00=Starte neue Transaktion: TID={0}, Service={1}
handler.01=Aufruf von Adresse={0}
diff --git a/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
index 9ab0af09b..862602624 100644
--- a/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
+++ b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
@@ -1,6 +1,5 @@
-#Mon Apr 29 14:25:29 CEST 2013
-org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
org.eclipse.jdt.core.compiler.compliance=1.5
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.source=1.5
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.component b/spss/server/serverws/.settings/org.eclipse.wst.common.component
index ff1d935dd..ffe4d38a0 100644
--- a/spss/server/serverws/.settings/org.eclipse.wst.common.component
+++ b/spss/server/serverws/.settings/org.eclipse.wst.common.component
@@ -1,15 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
<wb-module deploy-name="moa-spss-ws">
+ <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
+ <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
<dependent-module archiveName="moa-spss-lib-2.0.0.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
<dependency-type>uses</dependency-type>
</dependent-module>
<dependent-module archiveName="moa-common-2.0.0.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
<dependency-type>uses</dependency-type>
</dependent-module>
- <property name="context-root" value="moa-spss-ws"/>
- <wb-resource deploy-path="/" source-path="src/main/webapp"/>
- <wb-resource deploy-path="/" source-path="resources/wsdl"/>
- <wb-resource deploy-path="/" source-path="C:/eclipse_workspaces/MOA_Git02/moa-idspss/spss/handbook"/>
<property name="java-output-path" value="/target/classes"/>
+ <property name="context-root" value="moa-spss"/>
</wb-module>
</project-modules>
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml
index 564572b10..ac59587b0 100644
--- a/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -2,6 +2,6 @@
<faceted-project>
<fixed facet="jst.java"/>
<fixed facet="jst.web"/>
- <installed facet="jst.web" version="2.4"/>
<installed facet="jst.java" version="5.0"/>
-</faceted-project> \ No newline at end of file
+ <installed facet="jst.web" version="2.3"/>
+</faceted-project>
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml
index 4dc5319ec..76319b676 100644
--- a/spss/server/serverws/pom.xml
+++ b/spss/server/serverws/pom.xml
@@ -36,7 +36,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
- <version>2.1.1</version>
+ <version>2.3</version>
<!-- <version>2.0.2</version>-->
<configuration>
<archive>
@@ -84,7 +84,7 @@
<artifactId>iaik_ixsil</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_tsl</artifactId>
</dependency>
<dependency>
@@ -92,12 +92,12 @@
<artifactId>log4j</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_util</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_xsect</artifactId>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_xsect_eval</artifactId>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
@@ -112,13 +112,10 @@
<artifactId>sqlite-jdbc</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_jsse</artifactId>
- </dependency>
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_util</artifactId>
- </dependency>
+ </dependency>
+
<!-- transitive dependencies we don't want to include into the war -->
<dependency>
<groupId>iaik.prod</groupId>