From 74d8c83f76074d2d0df784cb4a305c586a702d25 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 9 Mar 2016 13:41:09 +0100
Subject: move moa-common to moa-id-common, because MOA-SPSS becomes a seperate
 project

---
 .../java/test/at/gv/egovernment/moa/AllTests.java  |  62 +++++++
 .../test/at/gv/egovernment/moa/MOATestCase.java    |  99 +++++++++++
 .../at/gv/egovernment/moa/util/DOMUtilsTest.java   | 161 ++++++++++++++++++
 .../gv/egovernment/moa/util/DateTimeUtilsTest.java | 129 +++++++++++++++
 .../gv/egovernment/moa/util/KeyStoreUtilsTest.java | 114 +++++++++++++
 .../at/gv/egovernment/moa/util/SSLUtilsTest.java   | 181 +++++++++++++++++++++
 .../at/gv/egovernment/moa/util/URLDecoderTest.java |  53 ++++++
 .../at/gv/egovernment/moa/util/URLEncoderTest.java |  67 ++++++++
 .../moa/util/XMLGrammarBuilderTest.java            | 123 ++++++++++++++
 .../at/gv/egovernment/moa/util/XPathUtilsTest.java |  75 +++++++++
 10 files changed, 1064 insertions(+)
 create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
 create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
 create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
 create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
 create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
 create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java
 create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java
 create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java
 create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XMLGrammarBuilderTest.java
 create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java

(limited to 'id/server/moa-id-commons/src/test/java')

diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
new file mode 100644
index 000000000..ba7a0edc4
--- /dev/null
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa;
+
+import test.at.gv.egovernment.moa.util.DOMUtilsTest;
+import test.at.gv.egovernment.moa.util.DateTimeUtilsTest;
+import test.at.gv.egovernment.moa.util.KeyStoreUtilsTest;
+import test.at.gv.egovernment.moa.util.SSLUtilsTest;
+import test.at.gv.egovernment.moa.util.XPathUtilsTest;
+
+import junit.awtui.TestRunner;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * @author patrick
+ * @version $Id$
+ */
+public class AllTests {
+
+  public static Test suite() {
+    TestSuite suite = new TestSuite();
+    
+//    suite.addTestSuite(DOMUtilsTest.class);
+//    suite.addTestSuite(DateTimeUtilsTest.class);
+//    suite.addTestSuite(XPathUtilsTest.class);
+//    suite.addTestSuite(KeyStoreUtilsTest.class);
+//    suite.addTestSuite(SSLUtilsTest.class);
+
+    return suite;
+  }
+
+  public static void main(String[] args) {
+    try {
+      TestRunner.run(AllTests.class);
+    } catch (Exception e) {
+      e.printStackTrace();
+    }
+  }
+}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
new file mode 100644
index 000000000..5d1c5371a
--- /dev/null
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa;
+
+import java.io.FileInputStream;
+import java.io.StringReader;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+
+import org.xml.sax.InputSource;
+
+import junit.framework.TestCase;
+
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * Base class for MOA test cases.
+ * 
+ * Provides some utility functions.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class MOATestCase extends TestCase {
+
+  protected static final String TESTDATA_ROOT = "data/test/";
+
+  /**
+   * Constructor for MOATestCase.
+   * @param arg0
+   */
+  public MOATestCase(String name) {
+    super(name);
+  }
+
+  /**
+   * Parse an XML file non-validating.
+   */
+  public static Document parseXml(String fileName) throws Exception {
+    return DOMUtils.parseDocument(
+      new FileInputStream(fileName),
+      false,
+      null,
+      null);
+  }
+
+  /**
+   * Parse an XML validating with a given file name.
+   * 
+   * Uses the local schema resources.
+   */
+  public static Document parseXmlValidating(String fileName) throws Exception {
+    return DOMUtils.parseDocument(
+      new FileInputStream(fileName),
+      true,
+      Constants.ALL_SCHEMA_LOCATIONS,
+      null);
+  }
+
+  /**
+   * Parse an XML from a String.
+   */
+  public static Document parseXmlString(String xml) throws Exception {
+    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+    DocumentBuilder builder;
+    
+    factory.setNamespaceAware(true);
+    builder = factory.newDocumentBuilder();
+
+    return builder.parse(new InputSource(new StringReader(xml)));
+  }
+
+}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
new file mode 100644
index 000000000..1a2b6904d
--- /dev/null
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.util;
+import java.io.FileInputStream;
+import java.util.Map;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import test.at.gv.egovernment.moa.*;
+
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class DOMUtilsTest extends MOATestCase {
+  private static final String TESTDATA_BASE = TESTDATA_ROOT + "xml/";
+  private static boolean grammarsInitialized = false;
+
+  /**
+   * Constructor for DOMUtilsTest.
+   * @param name
+   */
+  public DOMUtilsTest(String name) {
+    super(name);
+  }
+
+  protected void setUp() throws Exception {
+    if (!grammarsInitialized) {
+      // preparse XML schema
+      DOMUtils.addSchemaToPool(
+        getClass().getResourceAsStream(Constants.XML_SCHEMA_LOCATION),
+        Constants.XML_NS_URI);
+      // preparse XMLDsig Filter2 schema
+      DOMUtils.addSchemaToPool(
+        getClass().getResourceAsStream(Constants.DSIG_FILTER2_SCHEMA_LOCATION),
+        Constants.DSIG_FILTER2_NS_URI);
+      // preparse XMLDsig schema
+      DOMUtils.addSchemaToPool(
+        getClass().getResourceAsStream(Constants.DSIG_SCHEMA_LOCATION),
+        Constants.DSIG_NS_URI);
+      // preparse MOA schema
+      DOMUtils.addSchemaToPool(
+        getClass().getResourceAsStream(Constants.MOA_SCHEMA_LOCATION),
+        Constants.MOA_NS_URI);
+      grammarsInitialized = true;
+    }
+  }
+
+  private Document parse(String fileName) throws Exception {
+    return DOMUtils.parseDocument(
+      new FileInputStream(fileName),
+      true,
+      Constants.ALL_SCHEMA_LOCATIONS,
+      null);
+  }
+
+  public void testParseCreateXMLSignature() throws Exception {
+    parse(TESTDATA_BASE + "CreateXMLSignature/TestGeneratorCX2.005.Req.xml");
+    parse(TESTDATA_BASE + "CreateXMLSignature/Req000.xml");
+    parse(TESTDATA_BASE + "CreateXMLSignature/Req001.xml");
+    parse(TESTDATA_BASE + "CreateXMLSignature/Req002.xml");
+    parse(TESTDATA_BASE + "CreateXMLSignature/Req004.xml");
+  }
+
+  public void testParseVerifyCMSSignature() throws Exception {
+    parse(TESTDATA_BASE + "VerifyCMSSignature/Req000.xml");
+  }
+
+  public void testParseVerifyXMLSignature() throws Exception {
+    parse(TESTDATA_BASE + "VerifyXMLSignature/Req000.xml");
+    parse(TESTDATA_BASE + "VerifyXMLSignature/Req001.xml");
+    parse(TESTDATA_BASE + "VerifyXMLSignature/Req002.xml");
+    parse(TESTDATA_BASE + "VerifyXMLSignature/TestGeneratorVX.002.Req.xml");
+    //parse(TESTDATA_BASE + "VerifyXMLSignature/TestGeneratorVX.006.Req.xml");
+    parse(TESTDATA_BASE + "VerifyXMLSignature/VerifySAMLRequest.xml");
+  }
+  
+  public void testParseInfobox() throws Exception {
+    parse(TESTDATA_BASE + "Infobox/InfoboxReadResponseMOA4.xml");
+    parse(TESTDATA_BASE + "Infobox/InfoboxReadResponse.xml");  
+  }
+ 
+
+  private Document parsePlain(String fileName) throws Exception {
+    return DOMUtils.parseDocument(
+      new FileInputStream(fileName),
+      false,
+      null,
+      null);
+  }
+
+  public void testValidateCreateXMLSignature() throws Exception {
+    Document doc;
+    boolean valid;
+
+    // test a valid request
+    doc = parsePlain(TESTDATA_BASE + "CreateXMLSignature/Req000.xml");
+    valid =
+      DOMUtils.validateElement(
+        doc.getDocumentElement(),
+        Constants.ALL_SCHEMA_LOCATIONS,
+        null);
+    assertTrue(valid);
+
+    // test an invalid request
+    doc = parsePlain(TESTDATA_BASE + "CreateXMLSignature/invalid.xml");
+    try {
+      valid =
+        DOMUtils.validateElement(
+          doc.getDocumentElement(),
+          Constants.ALL_SCHEMA_LOCATIONS,
+          null);
+      fail();
+    } catch (Exception e) {
+    }
+  }
+
+  public void testGetNamespaceDeclarations() throws Exception {
+    Document doc;
+    NodeList nl;
+    Element elem;
+    Map nsDecls;
+
+    doc = parse(TESTDATA_BASE + "VerifyXMLSignature/Req002.xml");
+    nl = doc.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Reference");
+    elem = (Element) nl.item(0);
+    nsDecls = DOMUtils.getNamespaceDeclarations(elem);
+
+    assertEquals(2, nsDecls.size());
+    assertEquals(Constants.DSIG_NS_URI, nsDecls.get("dsig"));
+    assertEquals(Constants.MOA_NS_URI, nsDecls.get(""));
+  }
+
+}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
new file mode 100644
index 000000000..e3468b89f
--- /dev/null
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.util;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.TimeZone;
+
+import junit.framework.TestCase;
+
+import at.gv.egovernment.moa.util.DateTimeUtils;
+
+/**
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class DateTimeUtilsTest extends TestCase {
+
+  /**
+   * Constructor for DateTimeUtilsTest.
+   * @param arg0
+   */
+  public DateTimeUtilsTest(String arg0) {
+    super(arg0);
+  }
+
+  public void testParseDateTimeValid() throws Exception {
+    Date date;
+    DateFormat format = new SimpleDateFormat("dd.MM.yyyy HH:mm:ss");
+    
+    String dateStr;
+    
+    format.setTimeZone(TimeZone.getTimeZone("GMT"));    
+    date = DateTimeUtils.parseDateTime("+1971-12-12T06:30:15");
+    date.setTime(date.getTime() + TimeZone.getDefault().getRawOffset());
+    dateStr = format.format(date);
+    assertEquals("12.12.1971 06:30:15", dateStr);
+    
+    date = DateTimeUtils.parseDateTime("2000-01-01T23:59:59.012Z");
+    dateStr = format.format(date);
+    assertEquals("01.01.2000 23:59:59", dateStr);
+    
+    date = DateTimeUtils.parseDateTime("2003-05-20T12:17:30-05:00");
+    dateStr = format.format(date);
+    assertEquals("20.05.2003 17:17:30", dateStr);
+    
+    
+    date = DateTimeUtils.parseDateTime("2002-02-02T02:02:02.33+04:30");
+    dateStr = format.format(date);
+    assertEquals("01.02.2002 21:32:02", dateStr);
+  }
+  
+  public void testParseDateTimeInvalid() {
+    try {    
+      DateTimeUtils.parseDateTime("+1971-12-12T6:30:15");
+      fail();
+    } catch (ParseException e) {
+    }
+    
+    try {    
+      DateTimeUtils.parseDateTime("2000-01-0123:59:59.999999Z");
+      fail();
+    } catch (ParseException e) {
+    }
+    
+    try {    
+      DateTimeUtils.parseDateTime("2003-05-20T12:17:3005:00");
+      fail();
+    } catch (ParseException e) {
+    }
+    
+    try {    
+      DateTimeUtils.parseDateTime(" 2002-02-02T02:02:02.33+04:00");
+      fail();
+    } catch (ParseException e) {
+    }
+
+  }
+  
+  public void testBuildDateTimeGMTMinus3() {
+  	String should = "2002-01-01T01:01:01-03:00";
+  	doTestBuildDateTime(2002, 1, 1, 1, 1, 1, "GMT-03:00", should);
+  }
+  public void testBuildDateTimeMEZSommerzeit() {
+  	String should = "2002-07-31T23:59:59+02:00";
+  	doTestBuildDateTime(2002, 7, 31, 23, 59, 59, "GMT+01:00", should);
+  }
+  public void testBuildDateTimeGMT() {
+  	String should = "2002-01-01T01:01:01";
+  	doTestBuildDateTime(2002, 1, 1, 1, 1, 1, "GMT+00:00", should);
+  }
+  private void doTestBuildDateTime(
+  	int year, int month, int day, 
+  	int hour, int min, int sec, 
+  	String timeZone, String dateTimeShould) {
+  		
+//  	Calendar cal = new GregorianCalendar(TimeZone.getTimeZone(timeZone));
+//  	cal.set(year,month, day, hour, min, sec);
+//  	cal.set(Calendar.MILLISECOND, 0);
+//  	String dateTimeBuilt = DateTimeUtils.buildDateTime(cal, false);
+//  	assertEquals(dateTimeShould, dateTimeBuilt);
+  }
+
+}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
new file mode 100644
index 000000000..2433eca89
--- /dev/null
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.util;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.KeyStore;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
+
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+
+import junit.framework.TestCase;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class KeyStoreUtilsTest extends TestCase {
+	private String tmpDir = "tmp/KeyStoreUtilsTest";
+	private String tmpDirURL = "file:" + tmpDir;
+
+  public KeyStoreUtilsTest(String arg0) {
+    super(arg0);
+  }
+  
+  protected void setUp() throws Exception {
+    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+    new File(tmpDir).mkdirs();
+  }
+  protected void tearDown() throws Exception {
+  	new File(tmpDir).delete();
+  }
+  public void testCreateKeyStoreJKS() throws Exception {
+  	String[] certFilenames = new String[] {
+  		"data/test/security/server-certs/baltimore.cer"
+  	};
+  	KeyStore ks = KeyStoreUtils.createKeyStore("jks", certFilenames);
+  	assertEquals(1, ks.size());
+  	X509Certificate cert = (X509Certificate)ks.getCertificate("0");
+  	assertEquals(3424, cert.getSerialNumber().intValue());
+  }
+  public void testCreateKeyStorePKCS12() throws Exception {
+  	String[] certFilenames = new String[] {
+  		"data/test/security/server-certs/baltimore.cer"
+  	};
+  	KeyStore ks = KeyStoreUtils.createKeyStore("pkcs12", certFilenames);
+  	assertEquals(1, ks.size());
+  	X509Certificate cert = (X509Certificate)ks.getCertificate("0");
+  	assertEquals(3424, cert.getSerialNumber().intValue());
+  }
+  public void testCreateKeyStoreFromCertificateDirectory() throws Exception {
+    // copy certificate files to a temporary directory, 
+    // omitting the "CVS" directory in the source directory
+  	copyCertificates("data/test/security/server-certs", tmpDir);
+  	KeyStore ks = KeyStoreUtils.createKeyStoreFromCertificateDirectory("jks", tmpDirURL);
+  	assertEquals(2, ks.size());
+  	X509Certificate cert0 = (X509Certificate)ks.getCertificate("0");
+  	X509Certificate cert1 = (X509Certificate)ks.getCertificate("1");
+  	assertTrue(3424 == cert0.getSerialNumber().intValue() || 3424 == cert1.getSerialNumber().intValue());
+  }
+  private void copyCertificates(String from, String to) throws IOException {
+		String[] fromList = new File(from).list();
+		for (int i = 0; i < fromList.length; i++) {
+      File fromFile = new File(from + File.separator + fromList[i]);
+      if (fromFile.isFile()) {
+      	String toFile = to + "/" + fromList[i];
+      	FileInputStream in = new FileInputStream(fromFile);
+      	FileOutputStream out = new FileOutputStream(toFile);
+      	for (int ch = in.read(); ch >= 0; ch = in.read())
+      		out.write(ch);
+      	out.close();
+      	in.close();
+      }
+    }
+    
+  }
+  public void testLoadKeyStore() throws Exception {
+  	String keyStoreURL = "file:data/test/security/client-certs/sicher-demo(buergerkarte).p12";
+  	KeyStore ks = KeyStoreUtils.loadKeyStore("pkcs12", keyStoreURL, "buergerkarte");
+  	assertEquals(1, ks.size());
+  	Enumeration aliases = ks.aliases();
+  	String alias = (String)aliases.nextElement();
+  	X509Certificate cert = (X509Certificate)ks.getCertificate(alias);
+  	assertEquals(new BigInteger("1044289238331").intValue(), cert.getSerialNumber().intValue());
+  }
+
+}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java
new file mode 100644
index 000000000..2b5094fb8
--- /dev/null
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java
@@ -0,0 +1,181 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.util;
+
+import java.net.URL;
+import java.security.KeyStore;
+import java.security.Security;
+
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSocketFactory;
+
+import junit.framework.TestCase;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+import at.gv.egovernment.moa.util.SSLUtils;
+
+import com.sun.net.ssl.HostnameVerifier;
+import com.sun.net.ssl.HttpsURLConnection;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SSLUtilsTest extends TestCase {
+
+  public SSLUtilsTest(String arg0) {
+    super(arg0);
+  }
+
+	
+  protected void setUp() throws Exception {
+    //System.setProperty("javax.net.debug", "all");
+    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+    System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+    System.setProperty("https.cipherSuites", "SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5");
+  }
+
+	public void testGetSSLSocketFactoryBaltimoreOK() throws Exception {
+		doTestGetSSLSocketFactory(
+			"GET",
+			"https://www.baltimore.com/",
+			false,
+			"file:data/test/security/cacerts+gt_cybertrust_root",
+			"changeit",
+			true);
+	}
+	public void testGetSSLSocketFactoryBaltimoreNOK() throws Exception {
+		doTestGetSSLSocketFactory(
+			"GET",
+			"https://www.baltimore.com/",
+			false,
+			"file:data/test/security/cacerts",
+			"changeit", 
+			false);
+	}
+	public void testGetSSLSocketFactoryVerisignOK() throws Exception {
+		doTestGetSSLSocketFactory(
+			"GET",
+			"https://www.verisign.com/",
+			false,
+			"file:data/test/security/cacerts",
+			"changeit",
+			true);
+	}
+	public void testGetSSLSocketFactoryVerisignNoTruststoreOK() throws Exception {
+		doTestGetSSLSocketFactory(
+			"GET",
+			"https://www.verisign.com/",
+			false,
+			null,
+			null,
+			true);
+	}
+	public void testGetSSLSocketFactoryLocalhostOK() throws Exception {
+		String urlString = "https://localhost:8443/moa-id-auth/index.jsp";
+		doTestGetSSLSocketFactory(
+			"GET",
+			urlString,
+			true,
+			"file:data/test/security/server.keystore.tomcat",
+			"changeit",
+			true);
+	}
+	public void testGetSSLSocketFactoryLocalhostNOK() throws Exception {
+		String urlString = "https://localhost:8443/moa-id-auth/index.jsp";
+		doTestGetSSLSocketFactory(
+			"GET",
+			urlString,
+			true,
+			null,
+			null,
+			false);
+	}
+		
+	public void doTestGetSSLSocketFactory(
+		String requestMethod,
+		String urlString, 
+		boolean useHostnameVerifierHack,
+		String truststoreurl,
+		String trustpassword,
+		boolean shouldOk
+		) throws Exception {
+
+		doTestGetSSLSocketFactory(
+			requestMethod, urlString, useHostnameVerifierHack, truststoreurl, trustpassword, null, null, null, shouldOk);
+		}
+	public void doTestGetSSLSocketFactory(
+		String requestMethod,
+		String urlString, 
+		boolean useHostnameVerifierHack,
+		String truststoreurl,
+		String trustpassword,
+		String keystoretype,
+		String keystoreurl,
+		String keypassword,
+		boolean shouldOk
+		) throws Exception {
+
+		KeyStore truststore = null;
+		if (truststoreurl != null)
+			truststore = KeyStoreUtils.loadKeyStore("jks", truststoreurl, trustpassword);
+		SSLSocketFactory sf = SSLUtils.getSSLSocketFactory(
+			truststore, keystoretype, keystoreurl, keypassword);
+		System.out.println(requestMethod + " " + urlString);
+
+		URL url = new URL(urlString);
+		HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
+		conn.setRequestMethod(requestMethod);
+		conn.setDoInput(true);
+		conn.setDoOutput(true);
+		conn.setUseCaches(false);
+		conn.setAllowUserInteraction(false);		
+  	conn.setSSLSocketFactory(sf);
+  	if (useHostnameVerifierHack)
+  		conn.setHostnameVerifier(new HostnameVerifierHack());
+  	try {
+			conn.connect();
+			assertTrue(shouldOk);
+			assertEquals(200, conn.getResponseCode());
+			conn.disconnect();
+  	}
+  	catch (SSLException ex) {
+  		assertFalse(shouldOk);
+  	}
+	}
+//	private byte[] readTruststore(String filename) throws IOException {
+//		if (filename == null)
+//			return null;
+//		FileInputStream in = new FileInputStream(filename);
+//		byte[] buffer = new byte[in.available()];
+//		in.read(buffer);
+//		in.close();
+//		return buffer;
+//	}
+  private class HostnameVerifierHack implements HostnameVerifier {
+    public boolean verify(String arg0, String arg1) {
+      return true;
+    }
+	}
+}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java
new file mode 100644
index 000000000..2ded896d0
--- /dev/null
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.util;
+
+import java.net.URLEncoder;
+
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.URLDecoder;
+
+import junit.framework.TestCase;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class URLDecoderTest extends TestCase {
+
+  public void test() throws Exception {
+    String s = "immerZUA0129<>%==$$%&/()@?{()=} \\\"";
+    String senc = URLEncoder.encode(s);
+    String sdec = URLDecoder.decode(senc, "ISO-8859-1");
+    assertEquals(s, sdec);
+  }
+  public void testUTF8() throws Exception {
+    String s = new String(FileUtils.readFile("data/test/xml/CreateXMLSignature/CreateXMLSignatureResponse.xml"));
+    String senc = URLEncoder.encode(s);
+    String sdec = URLDecoder.decode(senc, "UTF-8");
+    String sutf8 = FileUtils.readFile("data/test/xml/CreateXMLSignature/CreateXMLSignatureResponse.xml", "UTF-8");
+    assertEquals(sutf8, sdec);
+  }
+}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java
new file mode 100644
index 000000000..5f72c8aad
--- /dev/null
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.util;
+
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.URLDecoder;
+import at.gv.egovernment.moa.util.URLEncoder;
+import junit.framework.TestCase;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class URLEncoderTest extends TestCase {
+
+  public void testUnchangedString() throws Exception {
+    String s = "AZaz0123456789.-*_";
+    String senc = URLEncoder.encode(s, "UTF-8");
+    assertEquals(s, senc);
+  }
+  public void testAumlUTF8() throws Exception {
+    String s = "ä";
+    String senc = URLEncoder.encode(s, "UTF-8");
+    assertEquals("%C3%A4", senc);
+  }
+  public void testEncodeDecode() throws Exception {
+    String s = "AZaz09.-*_ <>%=$%&/()@?{}[]\\\"";
+    String senc = URLEncoder.encode(s, "UTF-8");
+    String sdec = URLDecoder.decode(senc, "UTF-8");
+    assertEquals(s, sdec);
+  }
+  public void testCertInfo() throws Exception {
+    String s = new String(FileUtils.readFile("data/test/xml/VerifyXMLSignature/CertInfoVerifyXMLSignatureRequest.xml", "UTF-8"));
+    String senc = URLEncoder.encode(s, "UTF-8");
+    String sdec = URLDecoder.decode(senc, "UTF-8");
+    assertEquals(s, sdec);
+  }
+  /*public void testJDK14() throws Exception {
+    String s = new String(FileUtils.readFile("data/test/xml/VerifyXMLSignature/CertInfoVerifyXMLSignatureRequest.xml", "UTF-8"));
+    String senc = URLEncoder.encode(s, "UTF-8");
+    String senc14 = java.net.URLEncoder.encode(s, "UTF-8");
+    assertEquals(senc, senc14);
+  }*/
+
+}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XMLGrammarBuilderTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XMLGrammarBuilderTest.java
new file mode 100644
index 000000000..dfe7a5358
--- /dev/null
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XMLGrammarBuilderTest.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.util;
+import java.io.FileInputStream;
+import java.io.InputStream;
+
+import org.apache.xerces.parsers.DOMParser;
+import org.apache.xerces.parsers.XMLGrammarPreparser;
+import org.apache.xerces.util.SymbolTable;
+import org.apache.xerces.util.XMLGrammarPoolImpl;
+import org.apache.xerces.xni.grammars.Grammar;
+import org.apache.xerces.xni.grammars.XMLGrammarDescription;
+import org.apache.xerces.xni.parser.XMLInputSource;
+import org.xml.sax.InputSource;
+
+import test.at.gv.egovernment.moa.MOATestCase;
+
+import at.gv.egovernment.moa.util.Constants;
+
+
+/**
+ * Experimentation with Xerces grammar caching.
+ * 
+ * Used the Xerces sample 'XMLGrammarBuilder' as a starting point. 
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLGrammarBuilderTest extends MOATestCase {
+
+  private static final String GRAMMAR_POOL =
+    org.apache.xerces.impl.Constants.XERCES_PROPERTY_PREFIX
+      + org.apache.xerces.impl.Constants.XMLGRAMMAR_POOL_PROPERTY;
+
+  protected static final String NAMESPACES_FEATURE_ID =
+    "http://xml.org/sax/features/namespaces";
+  protected static final String VALIDATION_FEATURE_ID =
+    "http://xml.org/sax/features/validation";
+  protected static final String SCHEMA_VALIDATION_FEATURE_ID =
+    "http://apache.org/xml/features/validation/schema";
+  protected static final String SCHEMA_FULL_CHECKING_FEATURE_ID =
+    "http://apache.org/xml/features/validation/schema-full-checking";
+
+  private static final int BIG_PRIME = 2039;
+  private SymbolTable symbolTable;
+  private XMLGrammarPoolImpl grammarPool;
+
+  /**
+   * Constructor for XMLGrammarBuilderTest.
+   * @param name
+   */
+  public XMLGrammarBuilderTest(String name) {
+    super(name);
+  }
+
+  protected void setUp() throws Exception {
+    XMLGrammarPreparser preparser;
+
+    // set up symbol table and grammar pool
+    symbolTable = new SymbolTable(BIG_PRIME);
+    grammarPool = new XMLGrammarPoolImpl();
+    preparser = new XMLGrammarPreparser(symbolTable);
+    preparser.registerPreparser(XMLGrammarDescription.XML_SCHEMA, null);
+    preparser.setProperty(GRAMMAR_POOL, grammarPool);
+    preparser.setFeature(NAMESPACES_FEATURE_ID, true);
+    preparser.setFeature(VALIDATION_FEATURE_ID, true);
+    // now we can still do schema features just in case, 
+    // so long as it's our configuraiton......
+    preparser.setFeature(SCHEMA_VALIDATION_FEATURE_ID, true);
+    preparseSchemaResource(
+      preparser,
+      Constants.DSIG_SCHEMA_LOCATION,
+      "/resources/schemas/xmldsig-core-schema.xsd");
+  }
+
+  private static Grammar preparseSchemaResource(
+    XMLGrammarPreparser preparser,
+    String systemId,
+    String resource)
+    throws Exception {
+
+    InputStream is = XMLGrammarBuilderTest.class.getResourceAsStream(resource);
+    return preparser.preparseGrammar(
+      XMLGrammarDescription.XML_SCHEMA,
+      new XMLInputSource(null, systemId, null, is, null));
+  }
+
+  public void testParseValidating() throws Exception {
+    DOMParser parser = new DOMParser(symbolTable, grammarPool);
+
+    parser.setFeature(NAMESPACES_FEATURE_ID, true);
+    parser.setFeature(VALIDATION_FEATURE_ID, true);
+    parser.setFeature(SCHEMA_VALIDATION_FEATURE_ID, true);
+
+    parser.parse(
+      new InputSource(
+        new FileInputStream(TESTDATA_ROOT + "xml/dsigTransform/base64.xml")));
+    parser.getDocument();
+  }
+
+}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java
new file mode 100644
index 000000000..15e6a62f3
--- /dev/null
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.util;
+import org.w3c.dom.Document;
+import org.w3c.dom.NodeList;
+
+import test.at.gv.egovernment.moa.MOATestCase;
+
+import at.gv.egovernment.moa.util.XPathUtils;
+
+
+/**
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XPathUtilsTest extends MOATestCase {
+
+  private Document doc1;
+
+  /**
+   * Constructor for XPathUtilsTest.
+   * @param name
+   */
+  public XPathUtilsTest(String name) {
+    super(name);
+  }
+
+  /**
+   * @see TestCase#setUp()
+   */
+  protected void setUp() throws Exception {
+    super.setUp();
+    doc1 =
+      parseXml(TESTDATA_ROOT + "xml/VerifyXMLSignature/Req000.xml");
+  }
+
+  public void testSelectNodeList() throws Exception {
+    NodeList nodes;
+
+    nodes =
+      XPathUtils.selectNodeList(
+        doc1.getDocumentElement(),
+        doc1.getDocumentElement(),
+        "/VerifyXMLSignatureRequest");
+    assertEquals(1, nodes.getLength());
+    nodes =
+      XPathUtils.selectNodeList(
+        doc1.getDocumentElement(),
+        "//dsig:Signature");
+    assertEquals(1, nodes.getLength());
+  }
+
+}
-- 
cgit v1.2.3


From bd53025fa776091cd82d0fca57a28a5404fb4f37 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 30 Mar 2016 08:36:03 +0200
Subject: fix problem with XML parser and additional features options

---
 .../metadata/MOASPMetadataSignatureFilter.java     |  26 +++---
 .../moa/id/util/ParamValidatorUtils.java           |  30 +++++--
 .../java/at/gv/egovernment/moa/util/DOMUtils.java  |  97 +++++++++++++++++++--
 .../java/test/at/gv/egovernment/moa/AllTests.java  |   8 +-
 .../test/at/gv/egovernment/moa/MOATestCase.java    |  23 +++--
 .../at/gv/egovernment/moa/util/DOMUtilsTest.java   |   8 +-
 .../parser/CreateXMLSignatureResponseParser.java   |  14 ++-
 .../id/auth/parser/InfoboxReadResponseParser.java  |  16 +++-
 .../2.0.5/moa-spss-lib-2.0.5-javadoc.jar           | Bin 0 -> 976947 bytes
 .../moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar      | Bin 380513 -> 381412 bytes
 spss/pom.xml                                       |   6 +-
 spss/server/pom.xml                                |   2 +-
 spss/server/serverlib/pom.xml                      |  19 ++--
 .../server/config/ConfigurationPartsBuilder.java   |  23 +++--
 .../moa/spss/server/invoke/DataObjectFactory.java  |  20 ++---
 .../moa/spss/server/service/AxisHandler.java       |  19 +++-
 .../moa/spss/server/service/ServiceUtils.java      |   3 +-
 spss/server/serverws/pom.xml                       |   5 +-
 18 files changed, 234 insertions(+), 85 deletions(-)
 create mode 100644 repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar

(limited to 'id/server/moa-id-commons/src/test/java')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
index a4ab92f58..3d69b0380 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
@@ -23,14 +23,9 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
 
 import java.io.IOException;
-import java.io.StringWriter;
 
-import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
 
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.provider.FilterException;
@@ -41,6 +36,7 @@ import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
 
 /**
  * @author tlenz
@@ -69,19 +65,21 @@ public class MOASPMetadataSignatureFilter implements MetadataFilter {
 				EntityDescriptor entityDes = (EntityDescriptor) metadata;
 				//check signature;
 				try {
-					Transformer transformer = TransformerFactory.newInstance()
-							.newTransformer();	
-					StringWriter sw = new StringWriter();
-					StreamResult sr = new StreamResult(sw);
-					DOMSource source = new DOMSource(metadata.getDOM());
-					transformer.transform(source, sr);
-					sw.close();
-					String metadataXML = sw.toString();
+					byte[] serialized = DOMUtils.serializeNode(metadata.getDOM(), "UTF-8");
+					
+//					Transformer transformer = TransformerFactory.newInstance()
+//							.newTransformer();	
+//					StringWriter sw = new StringWriter();
+//					StreamResult sr = new StreamResult(sw);
+//					DOMSource source = new DOMSource(metadata.getDOM());
+//					transformer.transform(source, sr);
+//					sw.close();
+//					String metadataXML = sw.toString();
 					
 					SignatureVerificationUtils sigVerify = 
 							new SignatureVerificationUtils();
 					VerifyXMLSignatureResponse result = sigVerify.verify(
-							metadataXML.getBytes(), trustProfileID);
+							serialized, trustProfileID);
 					
 					//check signature-verification result
 					if (result.getSignatureCheckCode() != 0) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index f97d646b6..47ea91753 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -46,20 +46,20 @@
 
 package at.gv.egovernment.moa.id.util;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
-import java.io.StringReader;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
-import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -68,12 +68,22 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 
 
 public class ParamValidatorUtils extends MOAIDAuthConstants{
    
+	  private static final Map<String, Object> parserFeatures =
+			  Collections.unmodifiableMap(new HashMap<String, Object>() {
+					private static final long serialVersionUID = 1L;
+					{	
+						put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+						
+					}
+			  });
+	
    /**
     * Checks if the given target is valid
     * @param target HTTP parameter from request
@@ -482,11 +492,13 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{
 		   return false;
 	   
 	   Logger.debug("Ueberpruefe Parameter XMLDocument");
-	   try {   
-		   DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-		   DocumentBuilder builder = factory.newDocumentBuilder();
-		   InputSource is = new InputSource(new StringReader(document));
-		   builder.parse(is);
+	   try {
+		   DOMUtils.parseXmlValidating(new ByteArrayInputStream(document.getBytes()), parserFeatures);
+		   
+//		   DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+//		   DocumentBuilder builder = factory.newDocumentBuilder();
+//		   InputSource is = new InputSource(new StringReader(document));
+//		   builder.parse(is);
 		   
 		   Logger.debug("Parameter XMLDocument erfolgreich ueberprueft");
 		   return true;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index 0a07fc4a7..95cd63643 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -33,6 +33,7 @@ import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.Set;
 import java.util.Vector;
 
@@ -115,7 +116,7 @@ public class DOMUtils {
   private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE =
 	  "http://xml.org/sax/features/external-parameter-entities";
   
-  private static final String DISALLOW_DOCTYPE_FEATURE =
+  public static final String DISALLOW_DOCTYPE_FEATURE =
 		  "http://apache.org/xml/features/disallow-doctype-decl";
   
   
@@ -205,7 +206,8 @@ public class DOMUtils {
     String externalSchemaLocations,
     String externalNoNamespaceSchemaLocation,
     EntityResolver entityResolver,
-    ErrorHandler errorHandler)
+    ErrorHandler errorHandler,
+    Map<String, Object> parserFeatures)
     throws  SAXException, IOException, ParserConfigurationException {
 
     DOMParser parser;
@@ -247,8 +249,25 @@ public class DOMUtils {
 	    parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
 	    parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
 	    
+	    //set external added parser features
+	    if (parserFeatures != null) {
+	    	for (Entry<String, Object> el : parserFeatures.entrySet()) {
+	    		String key = el.getKey();
+	    		if (MiscUtil.isNotEmpty(key)) {
+	    			Object value = el.getValue();
+	    			if (value != null && value instanceof Boolean)	    		
+	    				parser.setFeature(key, (boolean)value);
+	    			
+	    			else
+	    				Logger.warn("This XML parser only allows features with 'boolean' values");
+	    			
+	    		} else 
+	    			Logger.warn("Can not set 'null' feature to XML parser");
+	    	}
+	    }
+	    
 	    //fix XXE problem
-	    parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+	    //parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
 	    
 	
 	    if (validating) {
@@ -346,6 +365,7 @@ public class DOMUtils {
    * @param externalNoNamespaceSchemaLocation The schema location of the
    * schema for elements without a namespace, the same way it is accepted by the
    * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+ * @param parserFeatures 
    * @return The parsed XML document as a DOM tree.
    * @throws SAXException An error occurred parsing the document.
    * @throws IOException An error occurred reading the document.
@@ -356,7 +376,7 @@ public class DOMUtils {
     InputStream inputStream,
     boolean validating,
     String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation)
+    String externalNoNamespaceSchemaLocation, Map<String, Object> parserFeatures)
     throws SAXException, IOException, ParserConfigurationException {
 
   
@@ -367,9 +387,50 @@ public class DOMUtils {
       externalSchemaLocations,
       externalNoNamespaceSchemaLocation,
       new MOAEntityResolver(),
-      new MOAErrorHandler());
+      new MOAErrorHandler(),
+      parserFeatures);
   }
 
+  /**
+   * Parse an XML document from a <code>String</code>.
+   * 
+   * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code>
+   * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>.
+   * 
+   * @param xmlString The <code>String</code> containing the XML document.
+   * @param encoding The encoding of the XML document.
+   * @param validating If <code>true</code>, parse validating.
+   * @param externalSchemaLocations A <code>String</code> containing namespace
+   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
+   * schemaLocation</code> attribute. 
+   * @param externalNoNamespaceSchemaLocation The schema location of the
+   * schema for elements without a namespace, the same way it is accepted by the
+   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+   * @return The parsed XML document as a DOM tree.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * parser.
+   */
+  public static Document parseDocument(
+    String xmlString,
+    String encoding,
+    boolean validating,
+    String externalSchemaLocations,
+    String externalNoNamespaceSchemaLocation,
+    Map<String, Object> parserFeatures)
+    throws SAXException, IOException, ParserConfigurationException {
+
+    InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding));
+    return parseDocument(
+      in,
+      validating,
+      externalSchemaLocations,
+      externalNoNamespaceSchemaLocation,
+      parserFeatures);
+  }
+  
+  
   /**
    * Parse an XML document from a <code>String</code>.
    * 
@@ -404,7 +465,8 @@ public class DOMUtils {
       in,
       validating,
       externalSchemaLocations,
-      externalNoNamespaceSchemaLocation);
+      externalNoNamespaceSchemaLocation,
+      null);
   }
 
   /**
@@ -453,7 +515,26 @@ public class DOMUtils {
   public static Element parseXmlValidating(InputStream inputStream)
     throws ParserConfigurationException, SAXException, IOException {
     return DOMUtils
-      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null)
+      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, null)
+      .getDocumentElement();
+  }
+  
+  /**
+   * A convenience method to parse an XML document validating.
+   * 
+   * @param inputStream The <code>InputStream</code> containing the XML
+   * document.
+   * @param parserFeatures Set additional features to XML parser
+   * @return The root element of the parsed XML document.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * parser.
+   */
+  public static Element parseXmlValidating(InputStream inputStream, Map<String, Object> parserFeatures)
+    throws ParserConfigurationException, SAXException, IOException {
+    return DOMUtils
+      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, parserFeatures)
       .getDocumentElement();
   }
   
@@ -471,7 +552,7 @@ public class DOMUtils {
   public static Element parseXmlNonValidating(InputStream inputStream)
     throws ParserConfigurationException, SAXException, IOException {
     return DOMUtils
-      .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null)
+      .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null, null)
       .getDocumentElement();
   }
 
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
index ba7a0edc4..c0a93bf03 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
@@ -24,16 +24,10 @@
 
 package test.at.gv.egovernment.moa;
 
-import test.at.gv.egovernment.moa.util.DOMUtilsTest;
-import test.at.gv.egovernment.moa.util.DateTimeUtilsTest;
-import test.at.gv.egovernment.moa.util.KeyStoreUtilsTest;
-import test.at.gv.egovernment.moa.util.SSLUtilsTest;
-import test.at.gv.egovernment.moa.util.XPathUtilsTest;
-
 import junit.awtui.TestRunner;
 import junit.framework.Test;
 import junit.framework.TestSuite;
-
+ 
 /**
  * @author patrick
  * @version $Id$
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
index 5d1c5371a..66bf1faff 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
@@ -26,18 +26,19 @@ package test.at.gv.egovernment.moa;
 
 import java.io.FileInputStream;
 import java.io.StringReader;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 
 import org.w3c.dom.Document;
-
 import org.xml.sax.InputSource;
 
-import junit.framework.TestCase;
-
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
+import junit.framework.TestCase;
 
 /**
  * Base class for MOA test cases.
@@ -51,6 +52,16 @@ public class MOATestCase extends TestCase {
 
   protected static final String TESTDATA_ROOT = "data/test/";
 
+  protected static final Map<String, Object> parserFeatures =
+		  Collections.unmodifiableMap(new HashMap<String, Object>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+					
+				}
+		  });
+  
+  
   /**
    * Constructor for MOATestCase.
    * @param arg0
@@ -67,7 +78,8 @@ public class MOATestCase extends TestCase {
       new FileInputStream(fileName),
       false,
       null,
-      null);
+      null,
+      parserFeatures);
   }
 
   /**
@@ -80,7 +92,8 @@ public class MOATestCase extends TestCase {
       new FileInputStream(fileName),
       true,
       Constants.ALL_SCHEMA_LOCATIONS,
-      null);
+      null,
+      parserFeatures);
   }
 
   /**
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
index 1a2b6904d..7b1c0cb67 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
@@ -23,6 +23,7 @@
 
 
 package test.at.gv.egovernment.moa.util;
+
 import java.io.FileInputStream;
 import java.util.Map;
 
@@ -30,10 +31,9 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
-import test.at.gv.egovernment.moa.*;
-
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
+import test.at.gv.egovernment.moa.MOATestCase;
 
 /**
  * @author Patrick Peck
@@ -78,7 +78,8 @@ public class DOMUtilsTest extends MOATestCase {
       new FileInputStream(fileName),
       true,
       Constants.ALL_SCHEMA_LOCATIONS,
-      null);
+      null,
+      parserFeatures);
   }
 
   public void testParseCreateXMLSignature() throws Exception {
@@ -113,6 +114,7 @@ public class DOMUtilsTest extends MOATestCase {
       new FileInputStream(fileName),
       false,
       null,
+      null, 
       null);
   }
 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index b39cf9e9b..eca231094 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -49,7 +49,10 @@ package at.gv.egovernment.moa.id.auth.parser;
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
@@ -96,6 +99,15 @@ public class CreateXMLSignatureResponseParser {
   /** This is the root element of the CreateXMLsignatureResponse */
   private Element sigResponse_;
 
+  private static final Map<String, Object> parserFeatures =
+		  Collections.unmodifiableMap(new HashMap<String, Object>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+					
+				}
+		  });
+  
   /**
    * Parses and validates the document given as string and extracts the 
    * root element.
@@ -156,7 +168,7 @@ public class CreateXMLSignatureResponseParser {
   private void init(InputStream is) throws AuthenticationException, ParseException, BKUException {
     try {
       
-      Element responseElem = DOMUtils.parseXmlValidating(is);
+      Element responseElem = DOMUtils.parseXmlValidating(is, parserFeatures);
       
       if ("CreateXMLSignatureResponse".equals(responseElem.getLocalName())) {
         sigResponse_ = responseElem;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
index 31c91cd40..90fd7e1c7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -50,6 +50,9 @@ import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.cert.CertificateException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
@@ -82,6 +85,16 @@ public class InfoboxReadResponseParser {
   /** This is the root element of the XML-Document provided by the Security Layer Card*/
   private Element infoBoxElem_;
 
+  private static final Map<String, Object> parserFeatures =
+		  Collections.unmodifiableMap(new HashMap<String, Object>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+					
+				}
+		  });
+
+  
   /**
    * Parses and validates the document given as string and extracts the 
    * root element.
@@ -132,7 +145,8 @@ public class InfoboxReadResponseParser {
   private void init(InputStream is) throws AuthenticationException, ParseException, BKUException {
     try {
       
-      Element responseElem = DOMUtils.parseXmlValidating(is);
+    	
+      Element responseElem = DOMUtils.parseXmlValidating(is, parserFeatures);
       
       if ("InfoboxReadResponse".equals(responseElem.getLocalName())) {
         infoBoxElem_ = responseElem;
diff --git a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar
new file mode 100644
index 000000000..f166efece
Binary files /dev/null and b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar differ
diff --git a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar
index 5097e2f28..f57276444 100644
Binary files a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar and b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar differ
diff --git a/spss/pom.xml b/spss/pom.xml
index 1c2a3fbfa..9780bc5b5 100644
--- a/spss/pom.xml
+++ b/spss/pom.xml
@@ -1,10 +1,10 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-<!--     <parent>
+    <parent>
         <groupId>MOA</groupId>
         <artifactId>MOA</artifactId>
         <version>2.x</version>
-    </parent> -->
+    </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>spss</artifactId>
@@ -18,7 +18,7 @@
 
     <modules>
         <module>server</module>
-        <module>handbook</module>
+        <!-- <module>handbook</module> -->
     </modules>
 
     <build>
diff --git a/spss/server/pom.xml b/spss/server/pom.xml
index eb37775c1..362f2e1b2 100644
--- a/spss/server/pom.xml
+++ b/spss/server/pom.xml
@@ -13,7 +13,7 @@
     <name>MOA SP/SS Server</name>
 
     <modules>
-        <module>tools</module>
+        <!-- <module>tools</module> -->
         <module>serverlib</module>
         <module>serverws</module>
     </modules>
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index cafd8341b..3437f84db 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -9,29 +9,33 @@
 	<groupId>MOA.spss.server</groupId>
 	<artifactId>moa-spss-lib</artifactId>
 	<packaging>jar</packaging>
-	<version>${moa-spss-version}</version>
+	<version>2.0.5</version>
 	<name>MOA SP/SS API</name>
 
 	<properties>
 		<repositoryPath>${basedir}/../../../repository</repositoryPath>
 	</properties>
 
-	<dependencies>
+	<dependencies> 
 		<dependency>
 			<groupId>axis</groupId>
 			<artifactId>axis</artifactId>
+			<version>1.0_IAIK_1.2</version>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.axis</groupId>
 			<artifactId>axis-jaxrpc</artifactId>
+			<version>1.4</version>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.axis</groupId>
 			<artifactId>axis-saaj</artifactId>
+			<version>1.4</version>
 		</dependency>
 		<dependency>
 			<groupId>axis</groupId>
 			<artifactId>axis-wsdl4j</artifactId>
+			<version>1.5.1</version>
 		</dependency>
 		<dependency>
 			<groupId>commons-discovery</groupId>
@@ -56,6 +60,7 @@
 		<dependency>
 			<groupId>log4j</groupId>
 			<artifactId>log4j</artifactId>
+			<version>1.2.17</version>
 		</dependency>
 		<dependency>
 			<groupId>org.postgresql</groupId>
@@ -63,7 +68,7 @@
 		</dependency>
 		<dependency>
 			<groupId>javax.servlet</groupId>
-			<artifactId>servlet-api</artifactId>
+			<artifactId>javax.servlet-api</artifactId>
 			<scope>provided</scope>
 		</dependency>
 		<dependency>
@@ -127,8 +132,8 @@
 			<optional>true</optional>
 		</dependency>
 		<dependency>
-			<groupId>MOA</groupId>
-			<artifactId>moa-common</artifactId>
+			<groupId>MOA.id.server</groupId>
+			<artifactId>moa-id-commons</artifactId>
 			<type>jar</type>
 		</dependency>
 <!--
@@ -141,8 +146,8 @@
 
 
 		<dependency>
-			<groupId>MOA</groupId>
-			<artifactId>moa-common</artifactId>
+			<groupId>MOA.id.server</groupId>
+			<artifactId>moa-id-commons</artifactId>
 			<type>test-jar</type>
 			<scope>test</scope>
 		</dependency>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 3d2da8384..3c67ca3ca 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -23,17 +23,6 @@
 
 package at.gv.egovernment.moa.spss.server.config;
 
-import iaik.asn1.structures.Name;
-import iaik.ixsil.exceptions.URIException;
-import iaik.ixsil.util.URI;
-import iaik.pki.pathvalidation.ChainingModes;
-import iaik.pki.revocation.RevocationSourceTypes;
-import iaik.server.modules.xml.BlackListEntry;
-import iaik.server.modules.xml.ExternalReferenceChecker;
-import iaik.server.modules.xml.WhiteListEntry;
-import iaik.utils.RFC2253NameParser;
-import iaik.utils.RFC2253NameParserException;
-
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
@@ -70,6 +59,16 @@ import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 import at.gv.egovernment.moa.util.XPathUtils;
+import iaik.asn1.structures.Name;
+import iaik.ixsil.exceptions.URIException;
+import iaik.ixsil.util.URI;
+import iaik.pki.pathvalidation.ChainingModes;
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.server.modules.xml.BlackListEntry;
+import iaik.server.modules.xml.ExternalReferenceChecker;
+import iaik.server.modules.xml.WhiteListEntry;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
 
 /**
  * A class that builds configuration data from a DOM based representation.
@@ -1429,7 +1428,7 @@ public class ConfigurationPartsBuilder {
   private static Element parseXml(InputStream inputStream)
     throws ParserConfigurationException, SAXException, IOException {
     return DOMUtils
-      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null)
+      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, null)
       .getDocumentElement();
   }
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
index 148be664b..fd7ef8cb2 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
@@ -24,11 +24,6 @@
 
 package at.gv.egovernment.moa.spss.server.invoke;
 
-import iaik.ixsil.util.URI;
-import iaik.ixsil.util.XPointerReferenceResolver;
-import iaik.server.modules.xml.DataObject;
-import iaik.server.modules.xml.XMLDataObject;
-
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -76,6 +71,10 @@ import at.gv.egovernment.moa.util.MOAErrorHandler;
 import at.gv.egovernment.moa.util.StreamEntityResolver;
 import at.gv.egovernment.moa.util.StreamUtils;
 import at.gv.egovernment.moa.util.XPathUtils;
+import iaik.ixsil.util.URI;
+import iaik.ixsil.util.XPointerReferenceResolver;
+import iaik.server.modules.xml.DataObject;
+import iaik.server.modules.xml.XMLDataObject;
 
 /**
  * A class to create <code>DataObject</code>s contained in different
@@ -259,7 +258,8 @@ public class DataObjectFactory {
           Constants.ALL_SCHEMA_LOCATIONS,
           null,
           entityResolver,
-          new MOAErrorHandler());
+          new MOAErrorHandler(),
+          null);
       Logger.trace("<<< parsed");
 
       return new XMLDataObjectImpl(doc.getDocumentElement());
@@ -272,7 +272,7 @@ public class DataObjectFactory {
     // try to parse non-validating
     try {
       ByteArrayInputStream is = new ByteArrayInputStream(contentBytes);
-      Document doc = DOMUtils.parseDocument(is, false, null, null);
+      Document doc = DOMUtils.parseDocument(is, false, null, null, null);
       // Since the parse tree will not contain any post schema validation information,
       // we need to register any attributes known to be of type xsd:Id manually.
       NodeList idAttributes = XPathUtils.selectNodeList(doc.getDocumentElement(), XPATH);
@@ -765,7 +765,7 @@ public class DataObjectFactory {
           // try parsing non-validating: this has to succeed or we
           // bail out by throwing an exception
           is = resolver.resolve(uri);
-          doc = DOMUtils.parseDocument(is, false, null, null);
+          doc = DOMUtils.parseDocument(is, false, null, null, null);
           dataObject = new XMLDataObjectImpl(doc.getDocumentElement());
         } catch (ParserConfigurationException e) {
           throw new MOASystemException("1106", null, e);
@@ -782,7 +782,7 @@ public class DataObjectFactory {
         try {
           // try parsing non-validating: need not succeed
           is = resolver.resolve(uri);
-          doc = DOMUtils.parseDocument(is, false, null, null);
+          doc = DOMUtils.parseDocument(is, false, null, null, null);
           closeInputStream(is);
           dataObject = new XMLDataObjectImpl(doc.getDocumentElement());
         } catch (Exception e) {
@@ -981,7 +981,7 @@ public class DataObjectFactory {
       Document doc;
 
       try {
-        doc = DOMUtils.parseDocument(byteStream, false, null, null);
+        doc = DOMUtils.parseDocument(byteStream, false, null, null, null);
         dataObject = new XMLDataObjectImpl(doc.getDocumentElement());
       } catch (ParserConfigurationException e) {
         throw new MOASystemException("1106", null, e);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
index 639a75ab1..b7ce0fa7d 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
@@ -30,7 +30,10 @@ import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.Iterator;
+import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -100,6 +103,15 @@ public class AxisHandler extends BasicHandler {
   /** Simple string contains the post part of the enveloping SOAP wrapping */
   private static final String SOAP_PART_POST = "</soapenv:Body></soapenv:Envelope>";
   
+  private static final Map<String, Object> parserFeatures =
+		  Collections.unmodifiableMap(new HashMap<String, Object>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+					
+				}
+		  });
+  
   /**
    * Handle an invocation of this handler. 
    * 
@@ -146,7 +158,12 @@ public class AxisHandler extends BasicHandler {
 
       Element xmlRequest = null;
       //log.info(soapMessage.getSOAPPartAsString());
-      Element soapPart = DOMUtils.parseDocument(new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()), false, null, null).getDocumentElement();
+      Element soapPart = DOMUtils.parseDocument(
+    		  new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()), 
+    		  false, 
+    		  null, 
+    		  null,
+    		  parserFeatures).getDocumentElement();
       if (soapPart!=null) {
         //TODO: check  if DOM Version is intolerant when white spaces are between tags (preceding normalization would be necessary)
         NodeList soapBodies = soapPart.getElementsByTagNameNS(SOAP_NS_URI, "Body");
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
index d986f7a1b..1114cb7b0 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
@@ -85,7 +85,8 @@ public class ServiceUtils {
     	          Constants.ALL_SCHEMA_LOCATIONS,
     	          null,
     		      new MOASPSSEntityResolver(),
-    		      new MOAErrorHandler());
+    		      new MOAErrorHandler(),
+    		      null);
     	  
 //        DOMUtils.parseDocument(
 //          new ByteArrayInputStream(requestBytes),
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml
index b90026252..ce665cad0 100644
--- a/spss/server/serverws/pom.xml
+++ b/spss/server/serverws/pom.xml
@@ -94,8 +94,8 @@
             <!--version>${pom.version}</version-->            
         </dependency>
         <dependency>
-            <groupId>MOA</groupId>
-            <artifactId>moa-common</artifactId>
+            <groupId>MOA.id.server</groupId>
+            <artifactId>moa-id-commons</artifactId>
         </dependency>
         <dependency>
 			<groupId>iaik.prod</groupId>
@@ -118,6 +118,7 @@
 		<dependency>
 			<groupId>log4j</groupId>
 			<artifactId>log4j</artifactId>
+			<version>1.2.17</version>
 		</dependency>
 <!-- 		<dependency>
 			<groupId>iaik</groupId>
-- 
cgit v1.2.3