aboutsummaryrefslogtreecommitdiff
path: root/spss
diff options
context:
space:
mode:
Diffstat (limited to 'spss')
-rw-r--r--spss/handbook/clients/api/.classpath10
-rw-r--r--spss/handbook/clients/api/.settings/org.eclipse.jdt.core.prefs9
-rw-r--r--spss/handbook/clients/referencedData/.classpath2
-rw-r--r--spss/handbook/clients/referencedData/.settings/org.eclipse.jdt.core.prefs9
-rw-r--r--spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.project.facet.core.xml2
-rw-r--r--spss/handbook/clients/webservice/.classpath10
-rw-r--r--spss/handbook/clients/webservice/.settings/org.eclipse.jdt.core.prefs9
-rw-r--r--spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd12
-rw-r--r--spss/handbook/handbook/config/config.html51
-rw-r--r--spss/handbook/handbook/install/install.html2
-rw-r--r--spss/server/history.txt12
-rw-r--r--spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs2
-rw-r--r--spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml2
-rw-r--r--spss/server/serverlib/pom.xml27
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java3
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java30
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java80
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java27
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java29
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java6
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java9
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java181
-rw-r--r--spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties5
-rw-r--r--spss/server/serverws/.classpath46
-rw-r--r--spss/server/serverws/.settings/org.eclipse.jdt.core.prefs11
-rw-r--r--spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml6
-rw-r--r--spss/server/tools/.classpath2
-rw-r--r--spss/server/tools/.settings/org.eclipse.jdt.core.prefs9
28 files changed, 403 insertions, 200 deletions
diff --git a/spss/handbook/clients/api/.classpath b/spss/handbook/clients/api/.classpath
index 0fb87fef8..cb29bfb96 100644
--- a/spss/handbook/clients/api/.classpath
+++ b/spss/handbook/clients/api/.classpath
@@ -5,7 +5,8 @@
<classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+ <classpathentry kind="var" path="M2_REPO/javax/xml/bind/jaxb-api/2.2.6/jaxb-api-2.2.6.jar"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
<classpathentry kind="var" path="M2_REPO/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar"/>
@@ -29,5 +30,12 @@
<classpathentry kind="src" path="/moa-common"/>
<classpathentry kind="var" path="M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar"/>
<classpathentry kind="var" path="M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar"/>
+ <classpathentry kind="var" path="M2_REPO/joda-time/joda-time/1.6.2/joda-time-1.6.2.jar"/>
<classpathentry kind="src" path="/moa-spss-lib"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_util/0.23/iaik_util-0.23.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_xsect/1.1709142/iaik_xsect-1.1709142.jar"/>
+ <classpathentry kind="var" path="M2_REPO/com/sun/xml/bind/jaxb-impl/2.2.5/jaxb-impl-2.2.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jsse/4.4/iaik_jsse-4.4.jar"/>
</classpath> \ No newline at end of file
diff --git a/spss/handbook/clients/api/.settings/org.eclipse.jdt.core.prefs b/spss/handbook/clients/api/.settings/org.eclipse.jdt.core.prefs
index a519d2f62..48249af31 100644
--- a/spss/handbook/clients/api/.settings/org.eclipse.jdt.core.prefs
+++ b/spss/handbook/clients/api/.settings/org.eclipse.jdt.core.prefs
@@ -1,5 +1,6 @@
-eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
-org.eclipse.jdt.core.compiler.compliance=1.4
+#Thu Dec 27 15:45:23 CET 2012
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
diff --git a/spss/handbook/clients/referencedData/.classpath b/spss/handbook/clients/referencedData/.classpath
index ca3d70965..0173dfd90 100644
--- a/spss/handbook/clients/referencedData/.classpath
+++ b/spss/handbook/clients/referencedData/.classpath
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="output" path="target/classes"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
</classpath> \ No newline at end of file
diff --git a/spss/handbook/clients/referencedData/.settings/org.eclipse.jdt.core.prefs b/spss/handbook/clients/referencedData/.settings/org.eclipse.jdt.core.prefs
index a519d2f62..86859a78d 100644
--- a/spss/handbook/clients/referencedData/.settings/org.eclipse.jdt.core.prefs
+++ b/spss/handbook/clients/referencedData/.settings/org.eclipse.jdt.core.prefs
@@ -1,5 +1,6 @@
-eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
-org.eclipse.jdt.core.compiler.compliance=1.4
+#Thu Dec 27 15:45:22 CET 2012
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
diff --git a/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.project.facet.core.xml
index a801c94a0..564572b10 100644
--- a/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -3,5 +3,5 @@
<fixed facet="jst.java"/>
<fixed facet="jst.web"/>
<installed facet="jst.web" version="2.4"/>
- <installed facet="jst.java" version="1.4"/>
+ <installed facet="jst.java" version="5.0"/>
</faceted-project> \ No newline at end of file
diff --git a/spss/handbook/clients/webservice/.classpath b/spss/handbook/clients/webservice/.classpath
index 0fb87fef8..cb29bfb96 100644
--- a/spss/handbook/clients/webservice/.classpath
+++ b/spss/handbook/clients/webservice/.classpath
@@ -5,7 +5,8 @@
<classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+ <classpathentry kind="var" path="M2_REPO/javax/xml/bind/jaxb-api/2.2.6/jaxb-api-2.2.6.jar"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
<classpathentry kind="var" path="M2_REPO/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar"/>
@@ -29,5 +30,12 @@
<classpathentry kind="src" path="/moa-common"/>
<classpathentry kind="var" path="M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar"/>
<classpathentry kind="var" path="M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar"/>
+ <classpathentry kind="var" path="M2_REPO/joda-time/joda-time/1.6.2/joda-time-1.6.2.jar"/>
<classpathentry kind="src" path="/moa-spss-lib"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_util/0.23/iaik_util-0.23.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_xsect/1.1709142/iaik_xsect-1.1709142.jar"/>
+ <classpathentry kind="var" path="M2_REPO/com/sun/xml/bind/jaxb-impl/2.2.5/jaxb-impl-2.2.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jsse/4.4/iaik_jsse-4.4.jar"/>
</classpath> \ No newline at end of file
diff --git a/spss/handbook/clients/webservice/.settings/org.eclipse.jdt.core.prefs b/spss/handbook/clients/webservice/.settings/org.eclipse.jdt.core.prefs
index a519d2f62..48249af31 100644
--- a/spss/handbook/clients/webservice/.settings/org.eclipse.jdt.core.prefs
+++ b/spss/handbook/clients/webservice/.settings/org.eclipse.jdt.core.prefs
@@ -1,5 +1,6 @@
-eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
-org.eclipse.jdt.core.compiler.compliance=1.4
+#Thu Dec 27 15:45:23 CET 2012
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd
index 9fdaac33e..669ebe53f 100644
--- a/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd
+++ b/spss/handbook/handbook/config/MOA-SPSS-config-1.5.2.xsd
@@ -156,13 +156,14 @@
<xs:element name="EUTSL" minOccurs="0">
<xs:complexType>
<xs:sequence>
- <xs:element name="CountrySelection" minOccurs="0"/>
+ <xs:element name="CountrySelection" type="xs:string" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
+ <!--
<xs:element name="TSLTrustProfile">
<xs:complexType>
<xs:sequence>
@@ -179,6 +180,7 @@
</xs:sequence>
</xs:complexType>
</xs:element>
+ -->
</xs:sequence>
</xs:complexType>
</xs:element>
@@ -282,16 +284,14 @@
<xs:complexType>
<xs:sequence>
<xs:element name="UpdateSchedule" minOccurs="0">
- <xs:complexType/>
- </xs:element>
- <xs:element name="SQLite">
<xs:complexType>
<xs:sequence>
- <xs:element name="JDBCURL" type="xs:anyURI"/>
- <xs:element name="JDBCDriverClassName" type="xs:token"/>
+ <xs:element name="StartTime" type="xs:time"/>
+ <xs:element name="Period" type="xs:unsignedLong"/>
</xs:sequence>
</xs:complexType>
</xs:element>
+ <xs:element name="WorkingDirectory" type="xs:anyURI" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html
index 3863f6c5b..6cb0d4a37 100644
--- a/spss/handbook/handbook/config/config.html
+++ b/spss/handbook/handbook/config/config.html
@@ -87,6 +87,7 @@
<li><a href="#konfigurationsparameter_sp_certificatevalidation_revocationchecking_archiving">Archivierung von Widerrufsinformationen</a></li>
<li><a href="#konfigurationsparameter_sp_certificatevalidation_revocationchecking_distributionpoint">Manuelle
Konfiguration von Verteilungspunkten f&uuml;r Widerrufsinformationen</a></li>
+ <li><a href="#konfigurationsparameter_sp_certificatevalidation_tslconfiguration">TSL Konfiguration</a></li>
</ol>
</li>
</ol>
@@ -707,22 +708,27 @@ als relativ zum Pfad jenes Verzeichnisses interpretiert werden, in dem die zentr
<p>Das Element <code>cfg:</code><code>TrustProfile</code> weist folgende Kindelemente
auf:</p>
<ul>
- <li><code>Id</code>: Dieses obligatorische Element vom Typ <code>xs:token</code> enth&auml;lt einen
+ <li><code>cfg:Id</code>: Dieses obligatorische Element vom Typ <code>xs:token</code> enth&auml;lt einen
frei w&auml;hlbaren Identifikator f&uuml;r dieses Konfigurationselement, der innerhalb der XML-Konfigurationsdatei
eindeutig sein muss. Dieser Identifikator wird im Request zur Signaturpr&uuml;fung verwendet, um
das zu verwendende Vertrauensprofil auszuw&auml;hlen. </li>
- <li>Element <code>TrustAnchorsLocation</code>: Dieses obligatorische Element vom Typ <code>xs:anyURI </code> enth&auml;lt
+ <li>Element <code>cfg:TrustAnchorsLocation</code>: Dieses obligatorische Element vom Typ <code>xs:anyURI </code> enth&auml;lt
eine relative oder absolute URL, die ein Verzeichnis im lokalen Dateisystem referenziert.
Eine relative URL wird relativ zum Pfad jenes Verzeichnisses interpretiert, in dem die zentrale
Konfigurationsdatei gespeichert ist. Eine absolute URL muss als Protokoll-Teil <code>file</code> verwenden.
Das referenzierte Verzeichnis muss eine oder mehrere DER-kodierte Zertifikatsdateien beinhalten.
Jede Zertifikatsdatei repr&auml;sentiert einen Vertrauensanker. </li>
- <li>Element <code>SignerCertsLocation</code>: Dieses optionale Element vom Typ <code>xs:anyURI </code> enth&auml;lt
+ <li>Element <code>cfg:SignerCertsLocation</code>: Dieses optionale Element vom Typ <code>xs:anyURI </code> enth&auml;lt
eine relative oder absolute URL, die ein Verzeichnis im lokalen Dateisystem referenziert. Eine
relative URL wird relativ zum Pfad jenes Verzeichnisses interpretiert, in dem die zentrale Konfigurationsdatei
gespeichert ist. Eine absolute URL muss als Protokoll-Teil <code>file</code> verwenden. Das referenzierte
Verzeichnis muss eine oder mehrere DER-kodierte Zertifikatsdateien beinhalten. Jede Zertifikatsdatei
- repr&auml;sentiert ein explizit erlaubtes Signatorzertifikat. </li>
+ repr&auml;sentiert ein explizit erlaubtes Signatorzertifikat. </li>
+ <li>Element <code>cfg:EUTSL</code>: Dieses optionale Element aktiviert bei Vorhandensein die EU-TSL Unterst&uuml;zung f&uuml;r dieses Vertrauensprofile. D.h. als Vertrauensanker werden jene CA-Zertifikate herangezogen, die zum gegenw&auml;rtigen Zeitpunkt auf der EU-TSL bzw. den entsprechenden TSLs der Mitgliedsstaaten befugt sind qualifizierte Zertifikate auszustellen und dessen Zertififierungsdiensteanbieter unter dem ServiceLevel &quot;accredited&quot; oder &quot;undersupervision&quot; stehen. Des Weiteren werden bei TSL-aktivierten Vertrauensprofilen, die &Uuml;berpr&uuml;fung auf qualifiziertes Zertifikat (QC-&Uuml;berpr&uuml;fung) und die &Uuml;berpr&uuml;fung auf sichere Signaturerstellungseinheit (SSCD-&Uuml;berpr&uuml;fung) &uuml;ber die EU-TSL durchgef&uuml;hrt.<br>
+ Zus&auml;tzliche kann ein optionales Kind-Element
+ <code>cfg:CountrySelection</code> angegeben werden. Dieses Element definiert eine komma-separierte Liste an zweistelligen L&auml;nderk&uuml;rzeln nach ISO 3166. Ist so eine Liste vorhanden, werden nur die Vertrauensanker der angegebenen L&auml;ndern herangezogen.<br>
+ <strong>Wichtig</strong>: Es k&ouml;nnen zus&auml;tzlich manuelle Vertrauensanker via <code>cfg:TrustAnchorsLocation</code> konfiguriert werden. Hierbei ist jedoch, insbesondere beim Hinzuf&uuml;gen von Enduser-Zertifikaten als Vertrauensanker, zu beachten, dass eine QC- bzw. SSCD-&Uuml;berpr&uuml;fung gegebenfalls nicht erfolgreich durchgef&uuml;hrt werden kann.<br>
+ <strong>Wichtig</strong>: Bei aktivierter TSL-Unterst&uuml;tzung muss einen entsprechende TSL Konfiguration angegeben werden (siehe <a href="#konfigurationsparameter_sp_certificatevalidation_tslconfiguration">TSL Konfiguration</a>).</li>
</ul></td>
</tr>
</table>
@@ -992,7 +998,42 @@ Wird der Wert auf -1 gesetzt, dann bedeutet das ein unendlich langes Intervall.
</table>
- <h3><a name="konfigurationsparameter_sp_verifytransformsinfoprofile" id="konfigurationsparameter_sp_verifytransformsinfoprofile"></a>2.3.2 Profil f&uuml;r Transformationen</h3>
+ <h5><a name="konfigurationsparameter_sp_certificatevalidation_tslconfiguration" id="konfigurationsparameter_sp_certificatevalidation_tslconfiguration"></a>2.3.1.3.7
+ TSL Konfiguration</h5>
+<table class="fixedWidth" border="1" cellpadding="2">
+ <tr>
+ <td>Name</td>
+ <td><code>cfg:SignatureVerification/cfg:CertificateValidation/cfg:TSLConfiguration</code></td>
+ </tr>
+ <tr>
+ <td>Gebrauch</td>
+ <td>Null oder einmal </td>
+ </tr>
+ <tr>
+ <td>Erl&auml;uterung</td>
+ <td><p>Das Element <code>cfg:TSLConfiguration</code><code></code> legt die TSL Konfiguration fest, wenn Vertrauensprofile mit TSL Unterst&uuml;tzung konfiguriert sind. Das Element weist folgende Kind-Elemente auf:
+ <ul>
+ <ul>
+ <li>Element <code>cfg:UpdateSchedule</code>: Dieses Element legt fest wann und in welchem Intervall die EU-TSL erneut eingelesen werden soll. Das Element <code>cfg:UpdateSchedule</code> besteht dabei aus folgenden Kind-Elementen:</li>
+ <ul>
+ <li>Element <code>cfg:StartTime</code>: Legt eine Startzeit im Format hh:mm:ss fest. </li>
+ <li>Element <code>cfg:Period</code>: Legt das Intervall (in Millisekunden) fest, in welchem die EU-TSL erneut eingelesen werden soll</li>
+ </ul>
+ <em>Hinweis</em>: Wird kein <code>cfg:UpdateSchedule</code> Element angegeben so wird defaultm&auml;&szlig;ig 02:00.00 als Startzeit und 86400000 Millisekunden (=1 Tag) als Intervall herangezogen
+
+ <li>Element <code>cfg:WorkingDirectory</code>: Diese Element gibt einen Pfad zum Arbeitsverzeichnis (inkl. Lese- und Schreibrechte) f&uuml;r die TSL an. Enth&auml;lt dieses Element eine relative Pfadangabe, so wird dieser relativ zum Verzeichnis in dem sich die MOA-SPSS Konfigurationsdatei befindet interpretiert.<br>
+ <strong>Wichtig</strong>: Das angegebene Verzeichnis muss jedenfalls die Unterverzeichnis
+ &quot;trust&quot; aus der Beispiel-Konfiguration beinhalten. In dessen Unterverzeichnis &quot;eu&quot; m&uuml;ssen jene vertrauensw&uuml;rdige Zertifikate angegeben werden, mit denen die EU-TSL signiert ist.</li>
+ </ul>
+ <p><strong>Wichtig</strong>: Beim Tomcat-Start muss zus&auml;tzlich noch ein so genannten Hashcache Verzeichnis angegeben werden. Dies erfolgt mit dem Parameter iaik.xml.crypto.tsl.BinaryHashCache.DIR (siehe auch <a href="../install/install.html#webservice_basisinstallation_installation_tomcatstartstop">Starten und Stoppen von Tomcat</a>). </p>
+ <p><em>Hinweis</em>: Um die TSL &Uuml;berpr&uuml;fung zu aktivieren muss auch (zumindest) ein Vertrauensprofil mit TSL &Uuml;berpr&uuml;fung konfiguriert werden (siehe <a href="#konfigurationsparameter_sp_certificatevalidation_pathvalidation_trustprofile">Vertrauensprofil</a>)</p></td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ <td>&nbsp;</td>
+ </tr>
+ </table>
+<h3><a name="konfigurationsparameter_sp_verifytransformsinfoprofile" id="konfigurationsparameter_sp_verifytransformsinfoprofile"></a>2.3.2 Profil f&uuml;r Transformationen</h3>
<table class="fixedWidth" border="1" cellpadding="2">
<tr>
<td>Name</td>
diff --git a/spss/handbook/handbook/install/install.html b/spss/handbook/handbook/install/install.html
index 1f9ed69e4..7abb103bd 100644
--- a/spss/handbook/handbook/install/install.html
+++ b/spss/handbook/handbook/install/install.html
@@ -40,7 +40,7 @@
</ol>
</li>
<li><a href="#webservice_basisinstallation_installation_spssdeploy">Einsatz des MOA SP/SS Webservices in Tomcat</a></li>
- <li><a href="#webservice_basisinstallation_installation_tomcatconfig_httpsconn">Starten und Stoppen von Tomcat</a>
+ <li><a href="#webservice_basisinstallation_installation_tomcatstartstop">Starten und Stoppen von Tomcat</a>
<ol>
<li><a href="#webservice_basisinstallation_installation_tomcatstartstop_windows">Unter Windows</a></li>
<li><a href="#webservice_basisinstallation_installation_tomcatstartstop_unix">Unter Unix</a></li>
diff --git a/spss/server/history.txt b/spss/server/history.txt
index 7154bd22f..7d1d3d323 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -1,4 +1,16 @@
##############
+1.5.2
+##############
+
+- TSL Unterstützung
+- Libraries aktualisiert bzw. hinzugefügt:
+ iaik-moa: Version 1.32 ?
+ iaik-ixsil: Version 1.2.2.5 ?
+ Axis: Version 1.0_IAIK ?
+ iaik-tsl Versio x.x
+
+
+##############
1.5.1
##############
diff --git a/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs b/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs
index 7dfadf4fe..81f1dbf57 100644
--- a/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs
+++ b/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs
@@ -1,4 +1,4 @@
-#Tue Dec 18 14:23:26 CET 2012
+#Thu Dec 27 13:40:40 CET 2012
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
index 3679d8190..656f15b87 100644
--- a/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -4,4 +4,4 @@
<fixed facet="jst.utility"/>
<installed facet="jst.utility" version="1.0"/>
<installed facet="jst.java" version="5.0"/>
-</faceted-project>
+</faceted-project> \ No newline at end of file
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index 481464f63..d425edb83 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -143,40 +143,33 @@
</dependency>
<dependency>
- <groupId>iaik</groupId>
+ <groupId>iaik.prod</groupId>
<artifactId>iaik_tsl</artifactId>
- <!-- <version>0.0.1-SNAPSHOT</version> -->
</dependency>
<dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik.util</artifactId>
- <!-- <version>0.23</version> -->
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_util</artifactId>
</dependency>
<dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik.xsect</artifactId>
- <!-- <version>1.1709142</version> -->
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_xsect</artifactId>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
- <!-- <version>2.2.6</version>-->
- </dependency>
+ </dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
- <!-- <version>2.2.5</version>-->
</dependency>
<dependency>
<groupId>org.xerial</groupId>
<artifactId>sqlite-jdbc</artifactId>
- <!-- <version>3.7.8-SNAPSHOT</version>-->
- </dependency>
+ </dependency>
<dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik.jsse</artifactId>
- <!-- <version>4.4</version>-->
- </dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_jsse</artifactId>
+ </dependency>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
index 1971096a8..7ad838822 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
@@ -99,7 +99,6 @@ public class VerifyCMSSignatureResponseBuilder {
CheckResult signatureCheck = responseElement.getSignatureCheck();
CheckResult certCheck = responseElement.getCertificateCheck();
- // TODO CMS TSL check
ResponseBuilderUtils.addSignerInfo(
responseDoc,
responseElem,
@@ -107,7 +106,7 @@ public class VerifyCMSSignatureResponseBuilder {
signerInfo.isQualifiedCertificate(),
signerInfo.isPublicAuthority(),
signerInfo.getPublicAuhtorityID(),
- false);
+ signerInfo.isSSCD());
ResponseBuilderUtils.addCodeInfoElement(
responseDoc,
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index c9b76dd7e..d9e20fda9 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -135,7 +135,7 @@ public class SystemInitializer {
//start TSL Update
TSLUpdaterTimerTask.tslconnector_ = tslconnector;
- TSLUpdaterTimerTask.update();
+ //TSLUpdaterTimerTask.update();
//initialize TSL Update Task
initTSLUpdateTask(tslconfig);
@@ -147,20 +147,20 @@ public class SystemInitializer {
catch (TSLEngineDiedException e) {
Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
}
- catch (TSLSearchException e) {
- Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
- }
- catch (CertStoreException e) {
- Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
- } catch (TrustStoreException e) {
- Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
- } catch (CertificateException e) {
- Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
- } catch (FileNotFoundException e) {
- Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
- } catch (IOException e) {
- Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
- }
+// catch (TSLSearchException e) {
+// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+// }
+// catch (CertStoreException e) {
+// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+// } catch (TrustStoreException e) {
+// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+// } catch (CertificateException e) {
+// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+// } catch (FileNotFoundException e) {
+// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+// } catch (IOException e) {
+// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+// }
// set IXSIL debug output
IXSILInit.setPrintDebugLog(
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index ba2513d2f..2c4bbd4eb 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -30,6 +30,9 @@ import iaik.server.modules.cmsverify.CMSSignatureVerificationModule;
import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory;
import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
+import iaik.x509.X509Certificate;
+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
+import iaik.xml.crypto.tsl.ex.TSLSearchException;
import java.io.IOException;
import java.io.InputStream;
@@ -37,6 +40,8 @@ import java.util.Date;
import java.util.Iterator;
import java.util.List;
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.logging.LoggingContext;
import at.gv.egovernment.moa.logging.LoggingContextManager;
import at.gv.egovernment.moa.spss.MOAApplicationException;
@@ -52,6 +57,8 @@ import at.gv.egovernment.moa.spss.server.logging.IaikLog;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
/**
* A class providing an interface to the
@@ -183,7 +190,12 @@ public class CMSSignatureVerificationInvoker {
for (resultIter = results.iterator(); resultIter.hasNext();) {
result = (CMSSignatureVerificationResult) resultIter.next();
- responseBuilder.addResult(result, trustProfile);
+
+ // check QC and SSCD via TSL (if enabled)
+ boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());
+ boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());;
+
+ responseBuilder.addResult(result, trustProfile, checkQCFromTSL, checkSSCDFromTSL);
}
} else {
int i;
@@ -194,7 +206,12 @@ public class CMSSignatureVerificationInvoker {
try {
result =
(CMSSignatureVerificationResult) results.get(signatories[i] - 1);
- responseBuilder.addResult(result, trustProfile);
+ // check QC and SSCD via TSL (if enabled)
+ boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());
+ boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());;
+
+
+ responseBuilder.addResult(result, trustProfile, checkQCFromTSL, checkSSCDFromTSL);
} catch (IndexOutOfBoundsException e) {
throw new MOAApplicationException(
"2249",
@@ -206,6 +223,65 @@ public class CMSSignatureVerificationInvoker {
return responseBuilder.getResponse();
}
+ private boolean checkQC(boolean tslEnabledTrustProfile, List chainlist) {
+ boolean checkQCFromTSL = false;
+ try {
+ if (tslEnabledTrustProfile) {
+ if (chainlist != null) {
+ X509Certificate[] chain = new X509Certificate[chainlist.size()];
+
+ Iterator it = chainlist.iterator();
+ int i = 0;
+ while(it.hasNext()) {
+ chain[i] = (X509Certificate)it.next();
+ i++;
+ }
+
+ checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
+ //checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
+ }
+ }
+ }
+ catch (TSLEngineDiedException e) {
+ MessageProvider msg = MessageProvider.getInstance();
+ Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
+ } catch (TSLSearchException e) {
+ MessageProvider msg = MessageProvider.getInstance();
+ Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
+ }
+
+ return checkQCFromTSL;
+ }
+
+ private boolean checkSSCD(boolean tslEnabledTrustProfile, List chainlist) {
+ boolean checkSSCDFromTSL = false;
+ try {
+ if (tslEnabledTrustProfile) {
+ if (chainlist != null) {
+ X509Certificate[] chain = new X509Certificate[chainlist.size()];
+
+ Iterator it = chainlist.iterator();
+ int i = 0;
+ while(it.hasNext()) {
+ chain[i] = (X509Certificate)it.next();
+ i++;
+ }
+
+ checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
+ }
+ }
+ }
+ catch (TSLEngineDiedException e) {
+ MessageProvider msg = MessageProvider.getInstance();
+ Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
+ } catch (TSLSearchException e) {
+ MessageProvider msg = MessageProvider.getInstance();
+ Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
+ }
+
+ return checkSSCDFromTSL;
+ }
+
/**
* Get the signed content contained either in the request itself or given as a
* reference to external data.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index fcd5ae0e7..3b82c6caf 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -71,9 +71,13 @@ public class VerifyCMSSignatureResponseBuilder {
*
* @param result The result to add.
* @param trustprofile The actual trustprofile
+ * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the
+ * certificate as qualified, otherwise <code>false</code>.
+ * @param checkSSCDFromTSL <code>true</code>, if the TSL check verifies the
+ * signature based on a SSDC, otherwise <code>false</code>.
* @throws MOAException
*/
- public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile)
+ public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQCFromTSL, boolean checkSSCDFromTSL)
throws MOAException {
CertificateValidationResult certResult =
@@ -86,16 +90,28 @@ public class VerifyCMSSignatureResponseBuilder {
SignerInfo signerInfo;
CheckResult signatureCheck;
CheckResult certificateCheck;
-
- // TODO Check TSL check
+
+
+ boolean qualifiedCertificate = false;
+
+ // verify qualified certificate checks (certificate or TSL)
+ if (trustProfile.isTSLEnabled()) {
+ // take TSL result
+ qualifiedCertificate = checkQCFromTSL;
+ }
+ else {
+ // take result from certificate
+ qualifiedCertificate = certResult.isQualifiedCertificate();
+ }
+
// add SignerInfo element
signerInfo =
factory.createSignerInfo(
(X509Certificate) certResult.getCertificateChain().get(0),
- certResult.isQualifiedCertificate(),
+ qualifiedCertificate,
certResult.isPublicAuthorityCertificate(),
certResult.getPublicAuthorityID(),
- false);
+ checkSSCDFromTSL);
// add SignatureCheck element
signatureCheck = factory.createCheckResult(signatureCheckCode, null);
@@ -103,6 +119,7 @@ public class VerifyCMSSignatureResponseBuilder {
// add CertificateCheck element
certificateCheck = factory.createCheckResult(certificateCheckCode, null);
+
// build the response element
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index 290841c66..8a5b6f5b7 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -229,6 +229,14 @@ public class XMLSignatureVerificationInvoker {
profile,
signingTime,
new TransactionId(context.getTransactionID()));
+ } catch (IAIKException e) {
+ MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+ throw moaException;
+ } catch (IAIKRuntimeException e) {
+ MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+ throw moaException;
+ }
+ try {
if (tp.isTSLEnabled()) {
List list = result.getCertificateValidationResult().getCertificateChain();
if (list != null) {
@@ -245,21 +253,14 @@ public class XMLSignatureVerificationInvoker {
checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
}
-
- }
-
- } catch (IAIKException e) {
- MOAException moaException = IaikExceptionMapper.getInstance().map(e);
- throw moaException;
- } catch (IAIKRuntimeException e) {
- MOAException moaException = IaikExceptionMapper.getInstance().map(e);
- throw moaException;
- } catch (TSLEngineDiedException e) {
- MOAException moaException = IaikExceptionMapper.getInstance().map(e);
- throw moaException;
+ }
+ }
+ catch (TSLEngineDiedException e) {
+ MessageProvider msg = MessageProvider.getInstance();
+ Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
} catch (TSLSearchException e) {
- MOAException moaException = IaikExceptionMapper.getInstance().map(e);
- throw moaException;
+ MessageProvider msg = MessageProvider.getInstance();
+ Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
}
// swap back in the request as root document
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java
index 7e8dcf0c4..defaedd86 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java
@@ -41,8 +41,10 @@ public class Configurator {
throw new TSLEngineDiedException(e);
}
- //@TODO Check "/"
- Configurator._TSLWorkingDirectoryPath = TSLWorkingDirectoryPath + "/";
+ if (!TSLWorkingDirectoryPath.endsWith("/"))
+ TSLWorkingDirectoryPath += "/";
+
+ Configurator._TSLWorkingDirectoryPath = TSLWorkingDirectoryPath;
initialDefaultConfig();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
index b88255115..2e4af2817 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
@@ -92,17 +92,12 @@ public class TSLConnector implements TSLConnectorInterface {
//TODO: clean hascash and TLS Download folder
String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
- System.out.println("hashcachedir: " + hashcachedir);
-
if (hashcachedir==null)
hashcachedir = DEFAULT_HASHCACHE_DIR;
String tsldownloaddir = Configurator.get_TSLWorkingDirectoryPath() + "TslDownload";
- System.out.println("hashcachedir: " + hashcachedir);
-
File hashcachefile = new File(hashcachedir);
- System.out.println("Hashcache: " + hashcachefile.getAbsolutePath());
File[] filelist = hashcachefile.listFiles();
@@ -247,8 +242,8 @@ public class TSLConnector implements TSLConnectorInterface {
Countries expectedTerritory = entry.getValue().getSchemeTerritory();
try {
- if (expectedTerritory.equals("RO"))
- System.out.println("Stop");
+// if (expectedTerritory.equals("RO"))
+// System.out.println("Stop");
Number otpId = entry.getKey();
LocationAndCertHash lac = entry.getValue();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
index 6798a5db1..c365a1121 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
@@ -1,21 +1,40 @@
package at.gv.egovernment.moa.spss.tsl.timer;
import iaik.pki.store.certstore.CertStoreException;
+import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.truststore.TrustStoreException;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.utils.StoreUpdater;
+import iaik.server.ConfigurationData;
+import iaik.x509.X509Certificate;
import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
import iaik.xml.crypto.tsl.ex.TSLSearchException;
+import java.io.File;
+import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.Map;
import java.util.TimerTask;
import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;
import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.StringUtils;
+
public class TSLUpdaterTimerTask extends TimerTask {
@@ -31,7 +50,7 @@ public class TSLUpdaterTimerTask extends TimerTask {
Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
// TODO wenn update nicht erfolgreich, dann soll TSL-Trustprofil nicht zur
- // Verfügung stehen.
+ // Verfügung stehen?
} catch (TSLSearchException e) {
MessageProvider msg = MessageProvider.getInstance();
@@ -62,86 +81,86 @@ public class TSLUpdaterTimerTask extends TimerTask {
}
public static void update() throws TSLEngineDiedException, TSLSearchException, ConfigurationException, MOAApplicationException, CertStoreException, TrustStoreException, CertificateException, FileNotFoundException, IOException {
-// MessageProvider msg = MessageProvider.getInstance();
-//
-// //get TSl configuration
-// ConfigurationProvider config = ConfigurationProvider.getInstance();
-// ConfigurationData configData = new IaikConfigurator().configure(config);
-// TSLConfiguration tslconfig = config.getTSLConfiguration();
-// if (tslconfig != null) {
-//
-// Logger.info(new LogMsg(msg.getMessage("config.42", null)));
-//
-// // get certstore parameters
-// CertStoreParameters[] certStoreParameters = configData.getPKIConfiguration().getCertStoreConfiguration().getParameters();
-//
-// // iterate over all truststores
-// Map mapTrustProfiles = config.getTrustProfiles();
-// Iterator it = mapTrustProfiles.entrySet().iterator();
-// while (it.hasNext()) {
-// Map.Entry pairs = (Map.Entry)it.next();
-// TrustProfile tp = (TrustProfile) pairs.getValue();
-// if (tp.isTSLEnabled()) {
-// TrustStoreProfile tsp = new TrustStoreProfileImpl(config, tp.getId());
-// TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
-// trustStoreProfiles[0] = tsp;
-//
-// Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
-//
-// TransactionId tid = new TransactionId("TSLConfigurator-" + tp.getId());
-// ArrayList tsl_certs = null;
-// if (StringUtils.isEmpty(tp.getCountries())) {
-// Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-//
-// // get certificates from TSL from all countries
-// tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
-// }
-// else {
-// Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-// // get selected countries as array
-// String countries = tp.getCountries();
-// String[] array = countries.split(",");
-// for (int i = 0; i < array.length; i++)
-// array[i] = array[i].trim();
-//
-// // get certificates from TSL from given countries
-// tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
-// }
-//
-// // create store updater for each TSL enabled truststore
-// Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
-// StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
-//
-// // convert ArrayList<File> to X509Certificate[]
-// X509Certificate[] addCertificates = new X509Certificate[tsl_certs.size()];
-// Iterator itcert = tsl_certs.iterator();
-// int i = 0;
-// while(itcert.hasNext()) {
-// File f = (File)itcert.next();
-// X509Certificate cert = new X509Certificate(new FileInputStream(f));
-// addCertificates[i] = cert;
-//
-// i++;
-// }
-//
-// // get certificates to be removed
-// X509Certificate[] removeCertificates = tp.getCertficatesToBeRemoved();
-//
-//
-// //Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-// Logger.debug(new LogMsg("Remove " + removeCertificates.length + " certificates."));
-// storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
-//
-//
-// Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
-// storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
-//
-// // set the certifcates to be removed for the next TSL update
-// tp.setCertificatesToBeRemoved(addCertificates);
-//
-// }
-// }
-// }
+ MessageProvider msg = MessageProvider.getInstance();
+
+ //get TSl configuration
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ ConfigurationData configData = new IaikConfigurator().configure(config);
+ TSLConfiguration tslconfig = config.getTSLConfiguration();
+ if (tslconfig != null) {
+
+ Logger.info(new LogMsg(msg.getMessage("config.42", null)));
+
+ // get certstore parameters
+ CertStoreParameters[] certStoreParameters = configData.getPKIConfiguration().getCertStoreConfiguration().getParameters();
+
+ // iterate over all truststores
+ Map mapTrustProfiles = config.getTrustProfiles();
+ Iterator it = mapTrustProfiles.entrySet().iterator();
+ while (it.hasNext()) {
+ Map.Entry pairs = (Map.Entry)it.next();
+ TrustProfile tp = (TrustProfile) pairs.getValue();
+ if (tp.isTSLEnabled()) {
+ TrustStoreProfile tsp = new TrustStoreProfileImpl(config, tp.getId());
+ TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
+ trustStoreProfiles[0] = tsp;
+
+ Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
+
+ TransactionId tid = new TransactionId("TSLConfigurator-" + tp.getId());
+ ArrayList tsl_certs = null;
+ if (StringUtils.isEmpty(tp.getCountries())) {
+ Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+
+ // get certificates from TSL from all countries
+ tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
+ }
+ else {
+ Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+ // get selected countries as array
+ String countries = tp.getCountries();
+ String[] array = countries.split(",");
+ for (int i = 0; i < array.length; i++)
+ array[i] = array[i].trim();
+
+ // get certificates from TSL from given countries
+ tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
+ }
+
+ // create store updater for each TSL enabled truststore
+ Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
+ StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
+
+ // convert ArrayList<File> to X509Certificate[]
+ X509Certificate[] addCertificates = new X509Certificate[tsl_certs.size()];
+ Iterator itcert = tsl_certs.iterator();
+ int i = 0;
+ while(itcert.hasNext()) {
+ File f = (File)itcert.next();
+ X509Certificate cert = new X509Certificate(new FileInputStream(f));
+ addCertificates[i] = cert;
+
+ i++;
+ }
+
+ // get certificates to be removed
+ X509Certificate[] removeCertificates = tp.getCertficatesToBeRemoved();
+
+
+ //Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+ Logger.debug(new LogMsg("Remove " + removeCertificates.length + " certificates."));
+ storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
+
+
+ Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
+ storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+
+ // set the certifcates to be removed for the next TSL update
+ tp.setCertificatesToBeRemoved(addCertificates);
+
+ }
+ }
+ }
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
index 60786dc8a..645ff9f6d 100644
--- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
+++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
@@ -145,7 +145,7 @@ config.34=Blacklisted URI: {0}.
config.35=External URIs not allowed.
config.36=No blacklisted URIs given.
config.37=Fehler beim Erstellen der TSL Konfiguration: Name des TSL Arbeits-Verzeichnisses konnte nicht in eine URL umgewandet werden (Wert="{0}")
-config.38=Fehler beim Erstellen der TSL Konfiguration: Das TSL Arbeits-Verzeichnis zeigt nicht auf ein existierendes Objekt, das kein Verzeichnis ist (Wert="{0}")
+config.38=Fehler beim Erstellen der TSL Konfiguration: Das TSL Arbeits-Verzeichnis ist kein Verzeichnis (Wert="{0}")
config.39=TSL Konfguration: Kein Attribut "{0}" angegeben oder Attribut konnte nicht ausgewertet werden. Verwenden Default-Wert ("{1}")
config.40=Fehler beim Erstellen der TSL Konfiguration: Es wurde mindestens ein TrustProfile mit aktivierter TSL-Unterstützung konfiguriert. Die allgemeine TSL-Konfiguration ist jedoch fehlerhaft.
config.41=Initialisiere TSL Bibliothek
@@ -169,4 +169,5 @@ invoker.01=Keine passende Transformationskette gefunden (Index={0})
invoker.02=Der Hashwert der Transformation stimmt nicht überein (Index={0})
invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1})
-tsl.00=Aktulisierung der TSL konnte nicht durchgeführt werden. TrustProfile mit aktiviertem TSL-Support stehen nicht zur Verfügung. \ No newline at end of file
+tsl.00=Aktulisierung der TSL konnte nicht durchgeführt werden. TrustProfile mit aktiviertem TSL-Support stehen nicht zur Verfügung.
+tsl.01=Fehler bei der QC (qualifiziertes Zertifikat) bzw. SSCD (sichere Signaturerstellungseinheit) Überprüfung via TSL. \ No newline at end of file
diff --git a/spss/server/serverws/.classpath b/spss/server/serverws/.classpath
index af4743f8a..bd0d802c7 100644
--- a/spss/server/serverws/.classpath
+++ b/spss/server/serverws/.classpath
@@ -1,12 +1,38 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
- <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER">
- <attributes>
- <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
- </attributes>
- </classpathentry>
- <classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
- <classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
- <classpathentry kind="output" path="target/classes"/>
-</classpath>
+ <classpathentry kind="output" path="target/classes"/>
+ <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/xml/bind/jaxb-api/2.2.6/jaxb-api-2.2.6.jar"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
+ <classpathentry kind="src" path="/moa-spss-lib"/>
+ <classpathentry kind="var" path="M2_REPO/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/axis/axis-wsdl4j/1.5.1/axis-wsdl4j-1.5.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-discovery/commons-discovery/0.2/commons-discovery-0.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/postgresql/postgresql/7.2/postgresql-7.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xalan/2.7.0/xalan-2.7.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xml-apis/2.7.0/xml-apis-2.7.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/serializer/2.7.0/serializer-2.7.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Provider/1.2.4/iaik_Pkcs11Provider-1.2.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Wrapper/1.2.17/iaik_Pkcs11Wrapper-1.2.17.jar"/>
+ <classpathentry kind="src" path="/moa-common"/>
+ <classpathentry kind="var" path="M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar"/>
+ <classpathentry kind="var" path="M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar"/>
+ <classpathentry kind="var" path="M2_REPO/joda-time/joda-time/1.6.2/joda-time-1.6.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_util/0.23/iaik_util-0.23.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_xsect/1.1709142/iaik_xsect-1.1709142.jar"/>
+ <classpathentry kind="var" path="M2_REPO/com/sun/xml/bind/jaxb-impl/2.2.5/jaxb-impl-2.2.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jsse/4.4/iaik_jsse-4.4.jar"/>
+</classpath> \ No newline at end of file
diff --git a/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
index 7e3b7e969..0e32dbb18 100644
--- a/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
+++ b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
@@ -1,7 +1,8 @@
-eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
-org.eclipse.jdt.core.compiler.compliance=1.4
-org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+#Thu Dec 27 15:45:22 CET 2012
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.compliance=1.5
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml
index df66dd21b..564572b10 100644
--- a/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -2,6 +2,6 @@
<faceted-project>
<fixed facet="jst.java"/>
<fixed facet="jst.web"/>
- <installed facet="jst.java" version="1.4"/>
- <installed facet="jst.web" version="2.3"/>
-</faceted-project>
+ <installed facet="jst.web" version="2.4"/>
+ <installed facet="jst.java" version="5.0"/>
+</faceted-project> \ No newline at end of file
diff --git a/spss/server/tools/.classpath b/spss/server/tools/.classpath
index a9bfad977..65abf443d 100644
--- a/spss/server/tools/.classpath
+++ b/spss/server/tools/.classpath
@@ -3,7 +3,7 @@
<classpathentry kind="src" path="src/main/java" including="**/*.java"/>
<classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/>
<classpathentry kind="output" path="target/classes"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar"/>
<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar"/>
<classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar"/>
diff --git a/spss/server/tools/.settings/org.eclipse.jdt.core.prefs b/spss/server/tools/.settings/org.eclipse.jdt.core.prefs
index a519d2f62..3bfb290ea 100644
--- a/spss/server/tools/.settings/org.eclipse.jdt.core.prefs
+++ b/spss/server/tools/.settings/org.eclipse.jdt.core.prefs
@@ -1,5 +1,6 @@
-eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
-org.eclipse.jdt.core.compiler.compliance=1.4
+#Thu Dec 27 15:45:21 CET 2012
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5