From b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea Mon Sep 17 00:00:00 2001 From: spuchmann Date: Thu, 8 May 2008 14:04:44 +0000 Subject: added PermitFileURIs; removing unnecessary dependencies to Sun's JSSE git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1071 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../java/at/gv/egovernment/moa/util/Constants.java | 4 +- .../resources/schemas/MOA-SPSS-config-1.4.3.xsd | 312 +++++++++++++++++++++ .../clients/webservice/conf/http.properties | 13 +- ...rifyXMLSignatureRequest.FileURIs.DataObject.xml | 82 ++++++ ...SignatureRequest.FileURIs.ServerSupplements.xml | 66 +++++ ...ifyXMLSignatureRequest.FileURIs.Supplements.xml | 70 +++++ .../VerifyXMLSignatureRequest.FileURIs.xml | 58 ++++ spss/handbook/conf/moa-spss/spss.config.xml | 1 + .../handbook/config/MOA-SPSS-config-1.3.xsd | 254 ----------------- .../handbook/config/MOA-SPSS-config-1.4.3.xsd | 312 +++++++++++++++++++++ spss/handbook/handbook/config/config.html | 26 +- spss/handbook/handbook/faq/faq.html | 2 +- spss/handbook/handbook/index.html | 2 +- spss/handbook/handbook/install/install.html | 8 +- spss/handbook/handbook/intro/intro.html | 2 +- spss/handbook/handbook/usage/usage.html | 2 +- spss/server/history.txt | 38 +++ .../server/config/ConfigurationPartsBuilder.java | 16 +- .../spss/server/config/ConfigurationProvider.java | 17 +- .../xmlsign/XMLSignatureCreationProfileImpl.java | 7 + .../XMLSignatureVerificationProfileImpl.java | 21 +- .../moa/spss/server/init/SystemInitializer.java | 27 +- .../XMLSignatureVerificationProfileFactory.java | 4 +- 23 files changed, 1041 insertions(+), 303 deletions(-) create mode 100644 common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd create mode 100644 spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.DataObject.xml create mode 100644 spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.ServerSupplements.xml create mode 100644 spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.Supplements.xml create mode 100644 spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.xml delete mode 100644 spss/handbook/handbook/config/MOA-SPSS-config-1.3.xsd create mode 100644 spss/handbook/handbook/config/MOA-SPSS-config-1.4.3.xsd diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java index d82947e3f..887363fdd 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -77,11 +77,11 @@ public interface Constants { /** Local location of the MOA configuration XML schema definition. */ public static final String MOA_CONFIG_SCHEMA_LOCATION = - SCHEMA_ROOT + "MOA-SPSS-config-1.3.xsd"; + SCHEMA_ROOT + "MOA-SPSS-config-1.4.3.xsd"; /** Local location of the MOA ID configuration XML schema definition. */ public static final String MOA_ID_CONFIG_SCHEMA_LOCATION = - SCHEMA_ROOT + "MOA-ID-Configuration-1.4.3.xsd"; + SCHEMA_ROOT + "MOA-ID-Configuration-1.3.xsd"; /** URI of the Security Layer 1.0 namespace. */ public static final String SL10_NS_URI = diff --git a/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd new file mode 100644 index 000000000..2b2f1d689 --- /dev/null +++ b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd @@ -0,0 +1,312 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/handbook/clients/webservice/conf/http.properties b/spss/handbook/clients/webservice/conf/http.properties index 22f2d2cda..a75f0dfa9 100644 --- a/spss/handbook/clients/webservice/conf/http.properties +++ b/spss/handbook/clients/webservice/conf/http.properties @@ -10,13 +10,12 @@ signServiceQName = SignatureCreation # Zugangspunkt des Webservices -signServiceEndPoint = http://localhost:8080/moa-spss/services/SignatureCreation -#signServiceEndPoint = https://localhost:8443/moa-spss/services/SignatureCreation +signServiceEndPoint = https://localhost:8443/moa-spss/services/SignatureCreation # Name des zu sendenden Signaturerstellungsrequests (entweder absolute # oder relative Pfadangabe; eine relative Pfadangabe wird relativ zum # Arbeitsverzeichnis der Java VM interpretiert) -signRequest = resources/requests/CreateXMLSignatureRequest.Simple.xml +#signRequest = resources/requests/CreateXMLSignatureRequest.Simple.xml #signRequest=resources/requests/CreateXMLSignatureRequest.Refs.xml #signRequest=resources/requests/CreateXMLSignatureRequest.Transforms.xml #signRequest=resources/requests/CreateXMLSignatureRequest.Supplements.xml @@ -30,8 +29,8 @@ signRequest = resources/requests/CreateXMLSignatureRequest.Simple.xml verifyServiceQName = SignatureVerification # Zugangspunkt des Webservices -verifyServiceEndPoint = http://localhost:8080/moa-spss/services/SignatureVerification -#verifyServiceEndPoint = https://localhost:8443/moa-spss/services/SignatureVerification + +verifyServiceEndPoint = https://localhost:8443/moa-spss/services/SignatureVerification # Name des zu sendenden Signaturprüfrequests (entweder absolute # oder relative Pfadangabe; eine relative Pfadangabe wird relativ zum @@ -43,6 +42,10 @@ verifyRequest=resources/requests/VerifyCMSSignatureRequest.Simple.xml #verifyRequest=resources/requests/VerifyXMLSignatureRequest.Supplements.xml #verifyRequest=resources/requests/VerifyXMLSignatureRequest.SigManifest.xml #verifyRequest=resources/requests/VerifyXMLSignatureRequest.XMLDSigManifest.xml +#verifyRequest=resources/requests/VerifyXMLSignatureRequest.FileURIs.xml +#verifyRequest=resources/requests/VerifyXMLSignatureRequest.FileURIs.DataObject.xml +#verifyRequest=resources/requests/VerifyXMLSignatureRequest.FileURIs.Supplements.xml +#verifyRequest=resources/requests/VerifyXMLSignatureRequest.FileURIs.ServerSupplements.xml # # JSSE-Konfiguration diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.DataObject.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.DataObject.xml new file mode 100644 index 000000000..5b4b61938 --- /dev/null +++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.DataObject.xml @@ -0,0 +1,82 @@ + + + + + + + + + + + + + XRuYnuRTOAInpu8TzwDWn9Er4/Y= + + + + + O3/U4zcVG6BOdc2C/m09xe+vxGhp6TKz7lEukgjINsc1o1Bvdelo77T8cEG/muYd + + + + + MIIELjCCAxagAwIBAgIBEzANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJBVDEQ + MA4GA1UEChMHVFUgR3JhejENMAsGA1UECxMERUdJWjEUMBIGA1UEAxMLTU9BIFRl + c3QgQ0EwHhcNMDcwODIzMTM1ODU0WhcNMTIwODIzMTM1ODU0WjBpMQswCQYDVQQG + EwJBVDEQMA4GA1UEChMHVFUgR1JBWjENMAsGA1UECxMERUdJWjE5MDcGA1UEAxMw + VGVzdCBTaWduYXR1cmRpZW5zdCBhbGxlciBLdW5kZW46IEVDRFNBIChQMTkydjEp + MIHzMIG8BgcqhkjOPQIBMIGwAgEBMCQGByqGSM49AQECGQD///////////////// + ///+//////////8wNAQY/////////////////////v/////////8BBhkIQUZ5ZyA + 5w+n6atyJDBJ/rje7MFGubEEMQQYjagOsDCQ9ny/IOtDoYgA9P8K/YL/EBIHGSuV + /8jaeGMQEe1rJM3Vc/l3oR55SBECGQD///////////////+Z3vg2FGvJsbTSKDEC + AQEDMgAExf78b6N6BUhK+FHmunDUCQefSxpQmC6m4yq/+pqdDMJalTWATFhQwZqE + qSMXJ2Tqo4IBNDCCATAwDgYDVR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYD + VR0OBBYEFBrwapQSMwabwPPOijtgOu3iNlt3MHAGA1UdIARpMGcwZQYMKwYBBAGV + EgECewEBMFUwUwYIKwYBBQUHAgIwRxpFVGhpcyBjZXJ0aWZpY2F0ZSBvbmx5IG1h + eSBiZSB1c2VkIGZvciBkZW1vbnN0cmF0aW9uIGFuZCB0ZXN0IHB1cnBvc2VzMEYG + A1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9tb2EtaWRzcHNzLmVnb3ZsYWJzLmd2LmF0 + L2NybHMvbW9hLXRlc3QtY2EuY3JsMBYGByooAAoBAQEECxMJRUdJWi1UZXN0MB8G + A1UdIwQYMBaAFFKXvB3Ugd6H51ClcBGdjhYJNiRSMA0GCSqGSIb3DQEBBQUAA4IB + AQB60RLi9zIwF/Rmy/Wo0yf1/ZktElIt91vfBsXlpgLJ4Q6ol/4hTjMJ4FIa8GOl + 0b9dIkEe+WGq77JFJVgltsRoJfQBSvnK9jdLfB5YJD0ETDnMdckBV+RsxkEtl5Lr + IrT6vExyJUAWz15XJiHgkYZncJCBTy1oh8f3V8cR1VZYwO4QBRDwRdVdZsaL5PME + vvLrcAMJhF5fS4AiqMex2Eh2kav5t6/I5bmB4CKEe+0+dPO8DGl7areEfzQEPd8p + jkkX5PnxriQvZfgVzwrdXGDqMTnBNaRtCGMiQU/0kp21a6BVtT4am27yr9p3ddhl + z7sJ4Z6ys1bwB0on/O65tdn7 + + + + + + + + + TrE7WPVlNnBf1dh9PRiZdwpTaxs= + + + + + + + + + /dsig:Signature + + + Test-Signaturdienste + + diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.ServerSupplements.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.ServerSupplements.xml new file mode 100644 index 000000000..4b9fa43fe --- /dev/null +++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.ServerSupplements.xml @@ -0,0 +1,66 @@ + + + + + + + + + + + + te0YD8LFaK3JLQV8cL69DPnFRLc= + + + + 2M9g7DopnXtz86dkz+7yk5SHSHo= + + + Ti3ckR8eq4D0mUhb+ylUFhIYn7mfUHTc2AjTys4oaq4gFkXvQlQI41Iggp40c916 + + + MIIDlzCCAf+gAwIBAgIRMrFTcaHacn5T5kRFML4Ck6swDQYJKoZIhvcNAQEFBQAwTTESMBAGA1UEAwwJVlNpZyBDQSAyMSowKAYDVQQKDCFIYXVwdHZlcmJhbmQgw7ZzdGVyci4gU296aWFsdmVycy4xCzAJBgNVBAYTAkFUMB4XDTA2MDEyMDA1MTExMVoXDTExMDEyMDA1MTExMVowXzEVMBMGA1UEAwwMRGF2aWQgRmVyYmFzMSowKAYDVQQKDCFIYXVwdHZlcmJhbmQgw7ZzdGVyci4gU296aWFsdmVycy4xDTALBgNVBAsMBFZTaWcxCzAJBgNVBAYTAkFUMEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEc7ESyZ4IdIM9UDtze29i0IqfCbwWSODfCF8bTiXxdJZLWZOE0eqwL2ybWVTEmCXDo4G6MIG3MBMGA1UdIwQMMAqACEhpdVw8ryMqMBEGA1UdDgQKBAhP473ttlxOBjAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0gBA8wDTALBgkqKAAKAQQBZgAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5lY2FyZC5zb3ppYWx2ZXJzaWNoZXJ1bmcuYXQwIAYDVR0RBBkwF4EVZGF2aWQuZmVyYmFzQGlub2RlLmF0MA0GCSqGSIb3DQEBBQUAA4IBgQAu74FsENLTC9kqN4UVEX+pJz4ckOjAI8NbzCEvHgDqfpXmjZKA+8354fE6hsCd8uCJWCJ36ig2cMcOjGJrW+4YExYFRpiq1U2u9N1eKEj7j1oQzNZw4lotDxMFHnzd5WBjXjWekgy3uWkFhqE+NvQtauNtRiR3kg2jMt4MmcjZpck3WoTibrV9sMOzyM8L4y3HdDix97aWTefqxJ28IF9Anuk/uNGu74KcuJjYuIZx7q1ULsuXEs/HJMxU2/9lcT6lRhsp5VE0Z0/zOWdenQYUBscdbNrEDg3gmGU9T7SuxNQfHRLQ1OGzjolJL7kvhsRiK/l7pBtGAt2oPO6OKbLgWhW/6DEYJqnUrScQCli34EVDFC8W9yOBq3BHHZCQOzGgYtxtpI2QzCHLMGEwaxdFAYQp9pVBnX7HGbPqhq2r5osDlcyJDLO9uYW+63CTCVIeJ9018OxvOxNNvb6JzunW/oQAVMj+vTiR4GE74A0qVbuYd0fvEvc47J1q6++QlKc= + + + + + + + 2008-04-17T11:41:15Z + + + + + RREWB1U7AWw/Xy+QkwfAiityVDs= + + + C=AT,O=Hauptverband österr. Sozialvers.,CN=VSig CA 2 + 17249824966675737197051526866457224975275 + + + + + + + + + + text/plain + + + + + + + + + /dsig:Signature + + testID + certifiedSignature+Test + diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.Supplements.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.Supplements.xml new file mode 100644 index 000000000..27929cefd --- /dev/null +++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.Supplements.xml @@ -0,0 +1,70 @@ + + + + + + + + + + + + te0YD8LFaK3JLQV8cL69DPnFRLc= + + + + 2M9g7DopnXtz86dkz+7yk5SHSHo= + + + Ti3ckR8eq4D0mUhb+ylUFhIYn7mfUHTc2AjTys4oaq4gFkXvQlQI41Iggp40c916 + + + MIIDlzCCAf+gAwIBAgIRMrFTcaHacn5T5kRFML4Ck6swDQYJKoZIhvcNAQEFBQAwTTESMBAGA1UEAwwJVlNpZyBDQSAyMSowKAYDVQQKDCFIYXVwdHZlcmJhbmQgw7ZzdGVyci4gU296aWFsdmVycy4xCzAJBgNVBAYTAkFUMB4XDTA2MDEyMDA1MTExMVoXDTExMDEyMDA1MTExMVowXzEVMBMGA1UEAwwMRGF2aWQgRmVyYmFzMSowKAYDVQQKDCFIYXVwdHZlcmJhbmQgw7ZzdGVyci4gU296aWFsdmVycy4xDTALBgNVBAsMBFZTaWcxCzAJBgNVBAYTAkFUMEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEc7ESyZ4IdIM9UDtze29i0IqfCbwWSODfCF8bTiXxdJZLWZOE0eqwL2ybWVTEmCXDo4G6MIG3MBMGA1UdIwQMMAqACEhpdVw8ryMqMBEGA1UdDgQKBAhP473ttlxOBjAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0gBA8wDTALBgkqKAAKAQQBZgAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5lY2FyZC5zb3ppYWx2ZXJzaWNoZXJ1bmcuYXQwIAYDVR0RBBkwF4EVZGF2aWQuZmVyYmFzQGlub2RlLmF0MA0GCSqGSIb3DQEBBQUAA4IBgQAu74FsENLTC9kqN4UVEX+pJz4ckOjAI8NbzCEvHgDqfpXmjZKA+8354fE6hsCd8uCJWCJ36ig2cMcOjGJrW+4YExYFRpiq1U2u9N1eKEj7j1oQzNZw4lotDxMFHnzd5WBjXjWekgy3uWkFhqE+NvQtauNtRiR3kg2jMt4MmcjZpck3WoTibrV9sMOzyM8L4y3HdDix97aWTefqxJ28IF9Anuk/uNGu74KcuJjYuIZx7q1ULsuXEs/HJMxU2/9lcT6lRhsp5VE0Z0/zOWdenQYUBscdbNrEDg3gmGU9T7SuxNQfHRLQ1OGzjolJL7kvhsRiK/l7pBtGAt2oPO6OKbLgWhW/6DEYJqnUrScQCli34EVDFC8W9yOBq3BHHZCQOzGgYtxtpI2QzCHLMGEwaxdFAYQp9pVBnX7HGbPqhq2r5osDlcyJDLO9uYW+63CTCVIeJ9018OxvOxNNvb6JzunW/oQAVMj+vTiR4GE74A0qVbuYd0fvEvc47J1q6++QlKc= + + + + + + + 2008-04-17T11:41:15Z + + + + + RREWB1U7AWw/Xy+QkwfAiityVDs= + + + C=AT,O=Hauptverband österr. Sozialvers.,CN=VSig CA 2 + 17249824966675737197051526866457224975275 + + + + + + + + + + text/plain + + + + + + + + + /dsig:Signature + + + + file:D:/Programme/apache-tomcat-5.5.26/webapps/referencedData/enno-sp.pdf_bku_sign_out.pdf + + + certifiedSignature+Test + diff --git a/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.xml b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.xml new file mode 100644 index 000000000..fc67859ba --- /dev/null +++ b/spss/handbook/clients/webservice/resources/requests/VerifyXMLSignatureRequest.FileURIs.xml @@ -0,0 +1,58 @@ + + + + + + + + + + + + tLODyeiWFbAkQKwhrR23jtcgu4k= + + + + VEjXB6+geUL16oTPDVx5lcQliGl/oyVobug3BVxVwhu8CU7WK65moTcTuo/CL2hQ + + + + + MIID+DCCA2WgAwIBAgIBCTAJBgUrDgMCHQUAMH8xCzAJBgNVBAYTAkFUMSwwKgYD + VQQKEyNTdGFic3RlbGxlIElLVC1TdHJhdGVnaWUgZGVzIEJ1bmRlczEeMBwGA1UE + CxMVVGVjaG5payB1bmQgU3RhbmRhcmRzMSIwIAYDVQQDExlUZXN0IENBIC0gU2ln + bmF0dXJkaWVuc3RlMB4XDTA0MDgwNDA4MjM0OFoXDTA3MDgwNDA4MjM0OFowgZgx + CzAJBgNVBAYTAkFUMS0wKwYDVQQKEyRTdGFic3N0ZWxsZSBJS1QtU3RyYXRlZ2ll + IGRlcyBCdW5kZXMxHjAcBgNVBAsTFVRlY2huaWsgdW5kIFN0YW5kYXJkczE6MDgG + A1UEAxMxVGVzdDogU2lnbmF0dXJkaWVuc3QgYWxsZXIgS3VuZGVuOiBFQ0RTQSAo + UDE5MnYxKTCB8zCBvAYHKoZIzj0CATCBsAIBATAkBgcqhkjOPQEBAhkA//////// + /////////////v//////////MDQEGP////////////////////7//////////AQY + ZCEFGeWcgOcPp+mrciQwSf643uzBRrmxBDEEGI2oDrAwkPZ8vyDrQ6GIAPT/Cv2C + /xASBxkrlf/I2nhjEBHtayTN1XP5d6EeeUgRAhkA////////////////md74NhRr + ybG00igxAgEBAzIABNHWY9lQOE1zgmpcpjTg2WIg6qgEsGhpXELPinJoMPDVheTv + 2BZPG42YJsNfvWgC06OCARwwggEYMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8E + AjAAMB0GA1UdDgQWBBRHH5EXnrWosCmIa+JyEM5seMxFVzBdBgNVHSAEVjBUMFIG + DCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0 + IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2VlaWduZXQuMEMGA1UdHwQ8MDowOKA2 + oDSGMmh0dHA6Ly9sYWJzLmNpby5ndi5hdC90ZW1wL2NybHMvc2lnbmF0dXJkaWVu + c3QuY3JsMBQGByooAAoBAQEECQwHQktBLUlLVDAfBgNVHSMEGDAWgBRAl0P5fWaw + vf59+uxGcYY9wffZPTAJBgUrDgMCHQUAA4GBAIMKUsnajgfBtpHeDdMdQMLA8fdt + lluezDOM78WYYSFURP04QZk5iHkShzptgZCF5Y/T4an3dC3SnytL67LJvEoKUyja + iTMLo7650xRTvAjTaMJ+nly/wTRYJKplOLXKWj3WwfObMHXdsDE8NJmpJSRE7Sw7 + +tj+UiTiNNSaXirq + + + + + + + /dsig:Signature + + + + + + + Test-Signaturdienste + \ No newline at end of file diff --git a/spss/handbook/conf/moa-spss/spss.config.xml b/spss/handbook/conf/moa-spss/spss.config.xml index 8e167af57..9f79c5a19 100644 --- a/spss/handbook/conf/moa-spss/spss.config.xml +++ b/spss/handbook/conf/moa-spss/spss.config.xml @@ -145,5 +145,6 @@ + false diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.3.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-1.3.xsd deleted file mode 100644 index 1521b4f1b..000000000 --- a/spss/handbook/handbook/config/MOA-SPSS-config-1.3.xsd +++ /dev/null @@ -1,254 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.4.3.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-1.4.3.xsd new file mode 100644 index 000000000..2b2f1d689 --- /dev/null +++ b/spss/handbook/handbook/config/MOA-SPSS-config-1.4.3.xsd @@ -0,0 +1,312 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html index 1bd968e96..a77a82b12 100644 --- a/spss/handbook/handbook/config/config.html +++ b/spss/handbook/handbook/config/config.html @@ -15,7 +15,7 @@
-

MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4

+

MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.3

Konfiguration

Inhalt

@@ -92,6 +92,7 @@
  • Profil für Transformationen
  • Profil für Ergänzungsobjekte
    • +
  • file-URIs
    • @@ -134,7 +135,7 @@

    1.2 Zentrale Konfigurationsdatei

    -

    Die Konfiguration von MOA SP/SS erfolgt zentral über eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema MOA-SPSS-config-1.3.xsd entsprechen. Abschnitt 2 erläutert die Konfigurationsmöglichkeiten im Einzelnen.

    +

    Die Konfiguration von MOA SP/SS erfolgt zentral über eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema MOA-SPSS-config-1.4.3.xsd entsprechen. Abschnitt 2 erläutert die Konfigurationsmöglichkeiten im Einzelnen.

    1.2.1 Aktualisierung auf das Format von MOA SP/SS 1.3

    Mit dem Wechsel auf Version 1.3 verwendet MOA SP/SS ein neues, übersichtlicheres Format für die @@ -984,6 +985,27 @@ als relativ zum Pfad jenes Verzeichnisses interpretiert werden, in dem die zentr +

    2.3.4 file-URIs

    + + + + + + + + + + + + + + + +
    Namecfg:SignatureVerification/cfg:PermitFileURIs
    GebrauchNull mal oder einmal
    Erläuterung

    Der Inhalt dieses Elements vom Typ xs:boolean gibt an, ob file-URIs innerhalb von MOA-SP zugelassen werden sollen. In MOA-SS werden file-URIs strikt verboten.

    +

    Bitte beachten Sie: Das Erlauben von file-URIs birgt Sicherheitsrisikien. Eine Deaktivierung sollte nur in begründeten Ausnahmefällen in Erwägung gezogen werden.

    +

    Bitte beachten Sie: Es werden keine file-URIs in Ergänzungsobjekten unterstützt.

    +

    Zulässige Werte für diesen Parameter sind true oder false. Wird dieses Element nicht angegeben, so nimmt MOA den Wert false an.

    +

    3 Beispielkonfigurationen

    3.1 Minimale Konfiguration für MOA SS

    Nachfolgend finden Sie eine zentrale Konfigurationsdatei mit den minimal notwendigen Einträgen für diff --git a/spss/handbook/handbook/faq/faq.html b/spss/handbook/handbook/faq/faq.html index 99072cb78..36484a2d0 100644 --- a/spss/handbook/handbook/faq/faq.html +++ b/spss/handbook/handbook/faq/faq.html @@ -15,7 +15,7 @@

    -

    MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4

    +

    MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.3

    FAQ

    Inhalt

    diff --git a/spss/handbook/handbook/index.html b/spss/handbook/handbook/index.html index 683f66501..11db2c816 100644 --- a/spss/handbook/handbook/index.html +++ b/spss/handbook/handbook/index.html @@ -16,7 +16,7 @@

    MOA: Serversignatur (SS) und Signaturprüfung (SP)

    -

    Übersicht zur Dokumentation der Version 1.4

    +

    Übersicht zur Dokumentation der Version 1.4.3

    Einführung
    diff --git a/spss/handbook/handbook/install/install.html b/spss/handbook/handbook/install/install.html index 82765751f..60589f733 100644 --- a/spss/handbook/handbook/install/install.html +++ b/spss/handbook/handbook/install/install.html @@ -15,7 +15,7 @@
    -

    MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4

    +

    MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.3

    Installation

    Inhalt

    @@ -127,7 +127,7 @@
    Installation von Apache Tomcat 4.1
    Installieren Sie Apache Tomcat 4.1.18 oder höher in ein Verzeichnis, das keine Leerzeichen im Pfadnamen enthält. Wir empfehlen die Installation von Apache Tomcat 4.1.31. Verwenden Sie bitte die zu Ihrem J2SE SDK passende Distribution von Tomcat. Das Wurzelverzeichnis der Tomcat-Installation wird im weiteren Verlauf als $CATALINA_HOME bezeichnet.
    Entpacken der MOA SP/SS Webservice Distribution
    -
    Entpacken Sie die Datei moa-spss-1.4.0.zip in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als $MOA_SPSS_INST bezeichnet.
    +
    Entpacken Sie die Datei moa-spss-1.4.3.zip in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als $MOA_SPSS_INST bezeichnet.
    Installation der Krypographiebibliotheken von SIC/IAIK

    Die Installation der Kryptographiebibliotheken von SIC/IAIK:

    @@ -380,7 +380,7 @@ INFO | 01 21:25:26,540 | Thread-3 | TID=1049225059594-100 NID=<null>
    Installation von J2SE SDK
    Installieren Sie J2SE 1.4.x SDK oder J2SE 5.0 SDK in ein beliebiges Verzeichnis. Wir empfehlen die Installation von J2SE 5.0 SDK. Das Wurzelverzeichnis der J2SE SDK Installation wird im weiteren Verlauf als $JAVA_HOME bezeichnet.
    Entpacken der MOA SP/SS Klassenbibliotheks-Distribution
    -
    Entpacken Sie die Datei moa-spss-1.4.0-lib.zip in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als $MOA_SPSS_INST bezeichnet.
    +
    Entpacken Sie die Datei moa-spss-1.4.3-lib.zip in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als $MOA_SPSS_INST bezeichnet.
    Installation der Krypographiebibliotheken von SIC/IAIK

    Die Installation der Kryptographiebibliotheken von SIC/IAIK:

    @@ -399,7 +399,7 @@ INFO | 01 21:25:26,540 | Thread-3 | TID=1049225059594-100 NID=<null> MOA SP/SS -1.4.0  +1.4.3  moa-spss.jar, moa-common.jar MOA IAIK diff --git a/spss/handbook/handbook/intro/intro.html b/spss/handbook/handbook/intro/intro.html index c907a2e05..bc887e958 100644 --- a/spss/handbook/handbook/intro/intro.html +++ b/spss/handbook/handbook/intro/intro.html @@ -15,7 +15,7 @@
    -

    MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4

    +

    MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.3

    Einführung

    Inhalt

    diff --git a/spss/handbook/handbook/usage/usage.html b/spss/handbook/handbook/usage/usage.html index ea7302fcb..95d3e49a0 100644 --- a/spss/handbook/handbook/usage/usage.html +++ b/spss/handbook/handbook/usage/usage.html @@ -15,7 +15,7 @@
    -

    MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4

    +

    MOA: Serversignatur (SS) und Signaturprüfung (SP), V 1.4.3

    Anwendung

    Inhalt

    diff --git a/spss/server/history.txt b/spss/server/history.txt index 18647a12b..9a0952355 100644 --- a/spss/server/history.txt +++ b/spss/server/history.txt @@ -2,11 +2,49 @@ 1.4.3 ############## +- Unnötige Abhängigkeit zu JSSE-Implementierung von Sun wurden entfernt, welcher den Einsatz von MOA SP/SS in + Java-Laufzeitumgebungen anderer Hersteller als Sun (z.B. IBM) erschwert. + +- Ein Konfigurationsparameter für MOA SP wurde eingeführt (cfg:SignatureVerification/cfg:PermitFileURIs) welcher + file-URIs erlauben oder verbieten soll. + - Das Herauslösen des Verarbeitungsrequests aus dem SOAP-Request endete in einer ClassCastException, wenn zwischen dem Body-Element des SOAP-Envelopes und dem Request white spaces vorhanden sind bzw. dieses Element nicht unmittelbar nach dem Body-Element steht. Das Herauslösen ist nun gegen white spaces robust. +- Bei der Signaturverifikation (zusätzlich zu den bisherigen) folgende Algorithmen unterstützt: + 1. Added the following signature algorithms for XML signatures: + o http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 + o http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 + o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224 + o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 + o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 + o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 + o http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160 + 2. Added the following hash algorithms for XML signatures: + o http://www.w3.org/2001/04/xmldsig-more#sha224 + o http://www.w3.org/2001/04/xmldsig-more#sha384 + o http://www.w3.org/2001/04/xmlenc#sha512 + 3. Added the following signature algorithms for verifying CMS signatures: + o SHA224withRSA + o SHA384withRSA + o SHA512withRSA + o SHA224withECDSA + o SHA256withECDSA + o SHA384withECDSA + o SHA512withECDSA + o RIPEMD160withECDSAPlain + 4. Added the following hash algorithms for CMS signatures: + o SHA-224 + o SHA-384 + o SHA-512 + +- IAIK Libraries aktualisiert: + iaik-cms: Version 4.01_MOA + iaik-moa: Version 1.23 + iaik-ecc: Version 2.16 + ############## 1.4.2 ############## diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 14ceb71cd..327b66f54 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -190,7 +190,9 @@ public class ConfigurationPartsBuilder { private static final String SUPPLEMENT_PROFILE_XPATH = ROOT + CONF + "SignatureVerification/" + CONF + "SupplementProfile"; - + private static final String PERMIT_FILE_URIS_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "PermitFileURIs"; // // default values for configuration parameters // @@ -1235,5 +1237,15 @@ public class ConfigurationPartsBuilder { String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null); return Boolean.valueOf(autoAdd).booleanValue(); } - + + /** + * Returns whether file URIs are permitted + * @return whether file URIs are permitted + */ + public boolean getPermitFileURIs() + { + String permitFileURIs = getElementValue(getConfigElem(), PERMIT_FILE_URIS_XPATH, "false"); + return Boolean.valueOf(permitFileURIs).booleanValue(); + } + } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 57f06326a..16bf153c9 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -206,7 +206,11 @@ public class ConfigurationProvider * be used during certificate path construction. */ private boolean useAuthorityInfoAccess_; - + /** + * Indicates whether file URIs are allowed or not + */ + private boolean permitFileURIs; + /** * Return the single instance of configuration data. * @@ -319,6 +323,7 @@ public class ConfigurationProvider verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles(); supplementProfiles = builder.buildSupplementProfiles(); warnings = new ArrayList(builder.getWarnings()); + permitFileURIs = builder.getPermitFileURIs(); } catch (Throwable t) { throw new ConfigurationException("config.11", null, t); } finally { @@ -685,5 +690,13 @@ public class ConfigurationProvider { return useAuthorityInfoAccess_; } - + + /** + * Returns whether the file URIs are permitted or not + * @return whether the file URIs are permitted or not + */ + public boolean getPermitFileURIs() + { + return permitFileURIs; + } } \ No newline at end of file diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java index fb3ff4931..2a35e5892 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java @@ -275,5 +275,12 @@ public class XMLSignatureCreationProfileImpl public String getSignedPropertiesID() { return propertyIDGenerator.uniqueId(); } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getPermitFileURIs() + */ + public boolean getPermitFileURIs() { + return false; + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java index 216596dc3..ab302388d 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java @@ -26,7 +26,8 @@ public class XMLSignatureVerificationProfileImpl private boolean includeHashInputData; /** Whether to include reference input data in the response. */ private boolean includeReferenceInputData; - + /** Whether the file URIs are permitted */ + private boolean permitFileURIs; /** * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#checkSecurityLayerManifest() */ @@ -127,5 +128,21 @@ public class XMLSignatureVerificationProfileImpl public void setIncludeReferenceInputData(boolean includeReferenceInputData) { this.includeReferenceInputData = includeReferenceInputData; } - + + /** + * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getPermitFileURIs() + */ + public boolean getPermitFileURIs() { + return permitFileURIs; + } + + /** + * Set whether the file URIs are permitted or not + * + * @param permitFileURIs whether the file URIs are permitted or not + */ + public void setPermitFileURIs(boolean permitFileURIs) + { + this.permitFileURIs = permitFileURIs; + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index 4871ac4fe..42b1c7c3c 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -1,11 +1,6 @@ package at.gv.egovernment.moa.spss.server.init; import java.io.IOException; -import java.security.Security; - -import javax.net.ssl.SSLSocketFactory; - -import org.apache.axis.AxisProperties; import iaik.ixsil.init.IXSILInit; @@ -42,7 +37,7 @@ public class SystemInitializer { */ public static void init() { MessageProvider msg = MessageProvider.getInstance(); - ClassLoader cl = SystemInitializer.class.getClassLoader(); + Thread archiveCleaner; // set up the MOA SPSS logging hierarchy @@ -51,25 +46,7 @@ public class SystemInitializer { // set up a logging context for logging the startup LoggingContextManager.getInstance().setLoggingContext( new LoggingContext("startup")); - - // load some jsse classes so that the integrity of the jars can be verified - // before the iaik jce is installed as the security provider - // this workaround is only needed when sun jsse is used in conjunction with - // iaik-jce (on jdk1.3) - try { - cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar - } catch (ClassNotFoundException e) { - Logger.warn(msg.getMessage("init.03", null), e); - } - - // set up SUN JSSE SSL - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - System.setProperty( - "java.protocol.handler.pkgs", - "com.sun.net.ssl.internal.www.protocol"); - SSLSocketFactory.getDefault(); - - + // AxisProperties.setProperty("enableNamespacePrefixOptimization","false"); // AxisProperties.setProperty("disablePrettyXML", "true"); // AxisProperties.setProperty("axis.doAutoTypes", "true"); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java index 5df13a337..1a8c72779 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java @@ -86,7 +86,9 @@ public class XMLSignatureVerificationProfileFactory { } else { profile.setTransformationSupplements(Collections.EMPTY_LIST); } - + + profile.setPermitFileURIs(config.getPermitFileURIs()); + return profile; } -- cgit v1.2.3