From 5e72494c61164869fbb605a134fe224ac5d5e7d8 Mon Sep 17 00:00:00 2001
From: kstranacher_eGovL
 <kstranacher_eGovL@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Thu, 27 Dec 2012 21:25:50 +0000
Subject: Update Integration TSL Library Update MOA-SP documentation Update
 repository (for TSL integration) Update MOA-ID (Organwalter bPK from MIS)

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1302 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 spss/server/history.txt                            |  12 ++
 .../serverlib/.settings/org.eclipse.jdt.core.prefs |   2 +-
 .../org.eclipse.wst.common.project.facet.core.xml  |   2 +-
 spss/server/serverlib/pom.xml                      |  27 ++-
 .../xmlbind/VerifyCMSSignatureResponseBuilder.java |   3 +-
 .../moa/spss/server/init/SystemInitializer.java    |  30 ++--
 .../invoke/CMSSignatureVerificationInvoker.java    |  80 ++++++++-
 .../invoke/VerifyCMSSignatureResponseBuilder.java  |  27 ++-
 .../invoke/XMLSignatureVerificationInvoker.java    |  29 ++--
 .../moa/spss/tsl/config/Configurator.java          |   6 +-
 .../moa/spss/tsl/connector/TSLConnector.java       |   9 +-
 .../moa/spss/tsl/timer/TSLUpdaterTimerTask.java    | 181 ++++++++++++---------
 .../properties/spss_messages_de.properties         |   5 +-
 spss/server/serverws/.classpath                    |  46 ++++--
 .../serverws/.settings/org.eclipse.jdt.core.prefs  |  11 +-
 .../org.eclipse.wst.common.project.facet.core.xml  |   6 +-
 spss/server/tools/.classpath                       |   2 +-
 .../tools/.settings/org.eclipse.jdt.core.prefs     |   9 +-
 18 files changed, 315 insertions(+), 172 deletions(-)

(limited to 'spss/server')

diff --git a/spss/server/history.txt b/spss/server/history.txt
index 7154bd22f..7d1d3d323 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -1,3 +1,15 @@
+##############
+1.5.2
+##############
+
+- TSL Unterstützung                                                  
+- Libraries aktualisiert bzw. hinzugefügt:
+	iaik-moa:           Version 1.32 ?
+	iaik-ixsil:			Version 1.2.2.5 ? 
+	Axis:				Version 1.0_IAIK ?
+	iaik-tsl			Versio x.x
+
+
 ##############
 1.5.1
 ##############
diff --git a/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs b/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs
index 7dfadf4fe..81f1dbf57 100644
--- a/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs
+++ b/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs
@@ -1,4 +1,4 @@
-#Tue Dec 18 14:23:26 CET 2012
+#Thu Dec 27 13:40:40 CET 2012
 eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
index 3679d8190..656f15b87 100644
--- a/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -4,4 +4,4 @@
   <fixed facet="jst.utility"/>
   <installed facet="jst.utility" version="1.0"/>
   <installed facet="jst.java" version="5.0"/>
-</faceted-project>
+</faceted-project>
\ No newline at end of file
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index 481464f63..d425edb83 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -143,40 +143,33 @@
 		</dependency>
 		
 		<dependency>
-			<groupId>iaik</groupId>
+			<groupId>iaik.prod</groupId>
 			<artifactId>iaik_tsl</artifactId>
-			<!--  <version>0.0.1-SNAPSHOT</version> -->
 		</dependency>
 		<dependency>
-			<groupId>iaik</groupId>
-			<artifactId>iaik.util</artifactId>
-			<!--  <version>0.23</version> -->
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_util</artifactId>
 		</dependency>
 		<dependency>
-			<groupId>iaik</groupId>
-			<artifactId>iaik.xsect</artifactId>
-			<!--  <version>1.1709142</version> -->
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_xsect</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>javax.xml.bind</groupId>
     		<artifactId>jaxb-api</artifactId>
-    		<!--  <version>2.2.6</version>-->
-		</dependency>
+  		</dependency>
 		<dependency>
 			<groupId>com.sun.xml.bind</groupId>
 			<artifactId>jaxb-impl</artifactId>
-			<!-- <version>2.2.5</version>-->
 		</dependency>
 		<dependency>
 			<groupId>org.xerial</groupId>
 		  	<artifactId>sqlite-jdbc</artifactId>
-  			<!-- <version>3.7.8-SNAPSHOT</version>-->
-		</dependency>
+  		</dependency>
 		<dependency>
-			<groupId>iaik</groupId>
-		  	<artifactId>iaik.jsse</artifactId>
-  			<!-- <version>4.4</version>-->
-		</dependency>
+			<groupId>iaik.prod</groupId>
+		  	<artifactId>iaik_jsse</artifactId>
+  		</dependency>
 		
 		 
 		 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
index 1971096a8..7ad838822 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
@@ -99,7 +99,6 @@ public class VerifyCMSSignatureResponseBuilder {
     CheckResult signatureCheck = responseElement.getSignatureCheck();
     CheckResult certCheck = responseElement.getCertificateCheck();
     
-    // TODO CMS TSL check
     ResponseBuilderUtils.addSignerInfo(
       responseDoc,
       responseElem,
@@ -107,7 +106,7 @@ public class VerifyCMSSignatureResponseBuilder {
       signerInfo.isQualifiedCertificate(),
       signerInfo.isPublicAuthority(),
       signerInfo.getPublicAuhtorityID(),
-      false);
+      signerInfo.isSSCD());
 
     ResponseBuilderUtils.addCodeInfoElement(
       responseDoc,
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index c9b76dd7e..d9e20fda9 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -135,7 +135,7 @@ public class SystemInitializer {
       
       //start TSL Update
       TSLUpdaterTimerTask.tslconnector_ = tslconnector;
-      TSLUpdaterTimerTask.update();
+      //TSLUpdaterTimerTask.update();
     	
       //initialize TSL Update Task
       initTSLUpdateTask(tslconfig);
@@ -147,20 +147,20 @@ public class SystemInitializer {
     catch (TSLEngineDiedException e) {
     	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
 	} 
-    catch (TSLSearchException e) {
-    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
-    } 
-    catch (CertStoreException e) {
-    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
-    } catch (TrustStoreException e) {
-    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
-    } catch (CertificateException e) {
-    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
-    } catch (FileNotFoundException e) {
-    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
-    } catch (IOException e) {
-    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
-    }
+//    catch (TSLSearchException e) {
+//    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+//    } 
+//    catch (CertStoreException e) {
+//    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+//    } catch (TrustStoreException e) {
+//    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+//    } catch (CertificateException e) {
+//    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+//    } catch (FileNotFoundException e) {
+//    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+//    } catch (IOException e) {
+//    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+//    }
 
     // set IXSIL debug output
     IXSILInit.setPrintDebugLog(
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index ba2513d2f..2c4bbd4eb 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -30,6 +30,9 @@ import iaik.server.modules.cmsverify.CMSSignatureVerificationModule;
 import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory;
 import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
 import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
+import iaik.x509.X509Certificate;
+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
+import iaik.xml.crypto.tsl.ex.TSLSearchException;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -37,6 +40,8 @@ import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
 
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.logging.LoggingContext;
 import at.gv.egovernment.moa.logging.LoggingContextManager;
 import at.gv.egovernment.moa.spss.MOAApplicationException;
@@ -52,6 +57,8 @@ import at.gv.egovernment.moa.spss.server.logging.IaikLog;
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
 
 /**
  * A class providing an interface to the
@@ -183,7 +190,12 @@ public class CMSSignatureVerificationInvoker {
 
       for (resultIter = results.iterator(); resultIter.hasNext();) {
         result = (CMSSignatureVerificationResult) resultIter.next();
-        responseBuilder.addResult(result, trustProfile);
+        
+        // check QC and SSCD via TSL (if enabled)
+        boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());
+	    boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());;
+        
+        responseBuilder.addResult(result, trustProfile, checkQCFromTSL, checkSSCDFromTSL);
       }
     } else {
       int i;
@@ -194,7 +206,12 @@ public class CMSSignatureVerificationInvoker {
         try {
           result =
             (CMSSignatureVerificationResult) results.get(signatories[i] - 1);
-          responseBuilder.addResult(result, trustProfile);
+          // check QC and SSCD via TSL (if enabled)
+          boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());
+  	      boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());;
+
+  	    
+          responseBuilder.addResult(result, trustProfile, checkQCFromTSL, checkSSCDFromTSL);
         } catch (IndexOutOfBoundsException e) {
           throw new MOAApplicationException(
             "2249",
@@ -206,6 +223,65 @@ public class CMSSignatureVerificationInvoker {
     return responseBuilder.getResponse();
   }
 
+  private boolean checkQC(boolean tslEnabledTrustProfile, List chainlist) {
+	  boolean checkQCFromTSL = false;
+	  try {
+          if (tslEnabledTrustProfile) {
+            if (chainlist != null) {
+    	        X509Certificate[] chain = new X509Certificate[chainlist.size()];
+    	              	        
+    	        Iterator it = chainlist.iterator();
+    	        int i = 0;
+    	        while(it.hasNext()) {
+    	        	chain[i] = (X509Certificate)it.next();
+    	        	i++;
+    	        }
+    	        
+    	        checkQCFromTSL =  TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
+    	        //checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
+            }
+          } 
+        }
+       catch (TSLEngineDiedException e) {
+        	MessageProvider msg = MessageProvider.getInstance();
+            Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
+    	} catch (TSLSearchException e) {
+        	MessageProvider msg = MessageProvider.getInstance();
+            Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
+    	}
+    	
+    	return checkQCFromTSL;
+  }
+  
+  private boolean checkSSCD(boolean tslEnabledTrustProfile, List chainlist) {
+	  boolean checkSSCDFromTSL = false;
+	  try {
+          if (tslEnabledTrustProfile) {
+            if (chainlist != null) {
+    	        X509Certificate[] chain = new X509Certificate[chainlist.size()];
+    	              	        
+    	        Iterator it = chainlist.iterator();
+    	        int i = 0;
+    	        while(it.hasNext()) {
+    	        	chain[i] = (X509Certificate)it.next();
+    	        	i++;
+    	        }
+    	        
+    	        checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
+            }
+          } 
+        }
+       catch (TSLEngineDiedException e) {
+        	MessageProvider msg = MessageProvider.getInstance();
+            Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
+    	} catch (TSLSearchException e) {
+        	MessageProvider msg = MessageProvider.getInstance();
+            Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
+    	}
+    	
+    	return checkSSCDFromTSL;    	
+  }
+  
   /**
    * Get the signed content contained either in the request itself or given as a
    * reference to external data.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index fcd5ae0e7..3b82c6caf 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -71,9 +71,13 @@ public class VerifyCMSSignatureResponseBuilder {
    * 
    * @param result The result to add.
    * @param trustprofile The actual trustprofile
+   * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the 
+   * 		certificate as qualified, otherwise <code>false</code>.
+   * @param checkSSCDFromTSL <code>true</code>, if the TSL check verifies the 
+   * 		signature based on a SSDC, otherwise <code>false</code>.
  * @throws MOAException 
    */
-  public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile)
+  public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQCFromTSL, boolean checkSSCDFromTSL)
     throws MOAException {
 
     CertificateValidationResult certResult =
@@ -86,16 +90,28 @@ public class VerifyCMSSignatureResponseBuilder {
     SignerInfo signerInfo;
     CheckResult signatureCheck;
     CheckResult certificateCheck;
-        
-    // TODO Check TSL check
+    
+    
+    boolean qualifiedCertificate = false;
+    
+    // verify qualified certificate checks (certificate or TSL)
+    if (trustProfile.isTSLEnabled()) {
+    	// take TSL result
+    	qualifiedCertificate = checkQCFromTSL;  
+    }
+    else {
+    	// take result from certificate
+    	qualifiedCertificate = certResult.isQualifiedCertificate();
+    }
+    
     // add SignerInfo element
     signerInfo =
       factory.createSignerInfo(
         (X509Certificate) certResult.getCertificateChain().get(0),
-        certResult.isQualifiedCertificate(),
+        qualifiedCertificate,
         certResult.isPublicAuthorityCertificate(),
         certResult.getPublicAuthorityID(),
-        false);
+        checkSSCDFromTSL);
 
     // add SignatureCheck element
     signatureCheck = factory.createCheckResult(signatureCheckCode, null);
@@ -103,6 +119,7 @@ public class VerifyCMSSignatureResponseBuilder {
     // add CertificateCheck element
     certificateCheck = factory.createCheckResult(certificateCheckCode, null);
     
+    
    
 
     // build the response element
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index 290841c66..8a5b6f5b7 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -229,6 +229,14 @@ public class XMLSignatureVerificationInvoker {
           profile,
           signingTime,
           new TransactionId(context.getTransactionID()));
+    } catch (IAIKException e) {
+    	MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+        throw moaException;
+    } catch (IAIKRuntimeException e) {
+        MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+        throw moaException;
+    } 
+    try {
       if (tp.isTSLEnabled()) {
         List list = result.getCertificateValidationResult().getCertificateChain();
         if (list != null) {
@@ -245,21 +253,14 @@ public class XMLSignatureVerificationInvoker {
 	        checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
 	        checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
         }
-        
-      }
-      
-    } catch (IAIKException e) {
-      MOAException moaException = IaikExceptionMapper.getInstance().map(e);
-      throw moaException;
-    } catch (IAIKRuntimeException e) {
-      MOAException moaException = IaikExceptionMapper.getInstance().map(e);
-      throw moaException;
-    } catch (TSLEngineDiedException e) {
-    	MOAException moaException = IaikExceptionMapper.getInstance().map(e);
-        throw moaException;
+      } 
+    }
+   catch (TSLEngineDiedException e) {
+    	MessageProvider msg = MessageProvider.getInstance();
+        Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
 	} catch (TSLSearchException e) {
-		MOAException moaException = IaikExceptionMapper.getInstance().map(e);
-	      throw moaException;
+    	MessageProvider msg = MessageProvider.getInstance();
+        Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
 	}
 
     // swap back in the request as root document
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java
index 7e8dcf0c4..defaedd86 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java
@@ -41,8 +41,10 @@ public class Configurator {
 				throw new TSLEngineDiedException(e);
 			}
 			
-			//@TODO  Check "/"
-			Configurator._TSLWorkingDirectoryPath = TSLWorkingDirectoryPath + "/";
+			if (!TSLWorkingDirectoryPath.endsWith("/"))
+				TSLWorkingDirectoryPath += "/";
+			
+			Configurator._TSLWorkingDirectoryPath = TSLWorkingDirectoryPath;
 			
 			initialDefaultConfig();
 			
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
index b88255115..2e4af2817 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
@@ -92,17 +92,12 @@ public class TSLConnector implements TSLConnectorInterface {
 		//TODO: clean hascash and TLS Download folder	
 		String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
 		
-		System.out.println("hashcachedir: " + hashcachedir);
-		
 		if (hashcachedir==null)
 			hashcachedir = DEFAULT_HASHCACHE_DIR;
 				
 		String tsldownloaddir = Configurator.get_TSLWorkingDirectoryPath() + "TslDownload";
 		
-		System.out.println("hashcachedir: " + hashcachedir);
-		
 		File hashcachefile = new File(hashcachedir);
-		System.out.println("Hashcache: " + hashcachefile.getAbsolutePath());
 				
 			
 		File[] filelist = hashcachefile.listFiles();
@@ -247,8 +242,8 @@ public class TSLConnector implements TSLConnectorInterface {
 			Countries expectedTerritory = entry.getValue().getSchemeTerritory();
 			try {
 				
-				if (expectedTerritory.equals("RO"))
-					System.out.println("Stop");
+//				if (expectedTerritory.equals("RO"))
+//					System.out.println("Stop");
 				
 				Number otpId = entry.getKey();
 				LocationAndCertHash lac = entry.getValue();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
index 6798a5db1..c365a1121 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
@@ -1,21 +1,40 @@
 package at.gv.egovernment.moa.spss.tsl.timer;
 
 import iaik.pki.store.certstore.CertStoreException;
+import iaik.pki.store.certstore.CertStoreParameters;
 import iaik.pki.store.truststore.TrustStoreException;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.utils.StoreUpdater;
+import iaik.server.ConfigurationData;
+import iaik.x509.X509Certificate;
 import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
 import iaik.xml.crypto.tsl.ex.TSLSearchException;
 
+import java.io.File;
+import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.Map;
 import java.util.TimerTask;
 
 import at.gv.egovernment.moa.logging.LogMsg;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
 import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
 import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;
 import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.StringUtils;
+
 
 public class TSLUpdaterTimerTask extends TimerTask {
 	
@@ -31,7 +50,7 @@ public class TSLUpdaterTimerTask extends TimerTask {
 			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
 
 			// 		TODO wenn update nicht erfolgreich, dann soll TSL-Trustprofil nicht zur 
-			// Verfügung stehen.
+			// Verfügung stehen?
 			
 		} catch (TSLSearchException e) {
 			MessageProvider msg = MessageProvider.getInstance();
@@ -62,86 +81,86 @@ public class TSLUpdaterTimerTask extends TimerTask {
 	}
 	
 	public static void update() throws TSLEngineDiedException, TSLSearchException, ConfigurationException, MOAApplicationException, CertStoreException, TrustStoreException, CertificateException, FileNotFoundException, IOException {
-//		MessageProvider msg = MessageProvider.getInstance();
-//		
-//		//get TSl configuration
-//		ConfigurationProvider config = ConfigurationProvider.getInstance();
-//		ConfigurationData configData = new IaikConfigurator().configure(config);
-//		TSLConfiguration tslconfig = config.getTSLConfiguration();
-//		if (tslconfig != null) {
-//			
-//			Logger.info(new LogMsg(msg.getMessage("config.42", null)));
-//			
-//			// get certstore parameters
-//			CertStoreParameters[] certStoreParameters = configData.getPKIConfiguration().getCertStoreConfiguration().getParameters();
-//				
-//			// iterate over all truststores
-//			Map mapTrustProfiles = config.getTrustProfiles();
-//			Iterator it = mapTrustProfiles.entrySet().iterator();
-//			while (it.hasNext()) {
-//				Map.Entry pairs = (Map.Entry)it.next();
-//				TrustProfile tp = (TrustProfile) pairs.getValue();
-//				if (tp.isTSLEnabled()) {
-//					TrustStoreProfile tsp = new TrustStoreProfileImpl(config, tp.getId());
-//					TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
-//					trustStoreProfiles[0] = tsp;
-//					
-//					Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
-//		         
-//					TransactionId tid = new TransactionId("TSLConfigurator-" + tp.getId());
-//					ArrayList tsl_certs = null;
-//					if (StringUtils.isEmpty(tp.getCountries())) {
-//						Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-//
-//						// get certificates from TSL from all countries
-//						tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
-//					}
-//					else {
-//						Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-//						// get selected countries as array
-//						String countries = tp.getCountries();
-//						String[] array = countries.split(",");
-//						for (int i = 0; i < array.length; i++)
-//							array[i] = array[i].trim();
-//		                	  
-//						// get certificates from TSL from given countries
-//						tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
-//					}
-//					
-//					// create store updater for each TSL enabled truststore 
-//					Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
-//					StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
-//		            
-//					// convert ArrayList<File> to X509Certificate[]										
-//					X509Certificate[] addCertificates = new X509Certificate[tsl_certs.size()];
-//					Iterator itcert = tsl_certs.iterator();
-//					int i = 0;
-//					while(itcert.hasNext()) {
-//						File f = (File)itcert.next();
-//						X509Certificate cert = new X509Certificate(new FileInputStream(f));
-//						addCertificates[i] = cert;
-//						
-//						i++;
-//					}
-//					
-//					// get certificates to be removed
-//					X509Certificate[] removeCertificates = tp.getCertficatesToBeRemoved();
-//					
-//										
-//					//Logger.debug(new LogMsg(msg.getMessage("config.44", null)));	
-//					Logger.debug(new LogMsg("Remove " + removeCertificates.length + " certificates."));
-//					storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
-//					
-//					
-//					Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
-//					storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
-//		
-//					// set the certifcates to be removed for the next TSL update
-//					tp.setCertificatesToBeRemoved(addCertificates);
-//		            
-//				}
-//			}
-//		}
+		MessageProvider msg = MessageProvider.getInstance();
+		
+		//get TSl configuration
+		ConfigurationProvider config = ConfigurationProvider.getInstance();
+		ConfigurationData configData = new IaikConfigurator().configure(config);
+		TSLConfiguration tslconfig = config.getTSLConfiguration();
+		if (tslconfig != null) {
+			
+			Logger.info(new LogMsg(msg.getMessage("config.42", null)));
+			
+			// get certstore parameters
+			CertStoreParameters[] certStoreParameters = configData.getPKIConfiguration().getCertStoreConfiguration().getParameters();
+				
+			// iterate over all truststores
+			Map mapTrustProfiles = config.getTrustProfiles();
+			Iterator it = mapTrustProfiles.entrySet().iterator();
+			while (it.hasNext()) {
+				Map.Entry pairs = (Map.Entry)it.next();
+				TrustProfile tp = (TrustProfile) pairs.getValue();
+				if (tp.isTSLEnabled()) {
+					TrustStoreProfile tsp = new TrustStoreProfileImpl(config, tp.getId());
+					TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
+					trustStoreProfiles[0] = tsp;
+					
+					Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
+		         
+					TransactionId tid = new TransactionId("TSLConfigurator-" + tp.getId());
+					ArrayList tsl_certs = null;
+					if (StringUtils.isEmpty(tp.getCountries())) {
+						Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+
+						// get certificates from TSL from all countries
+						tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
+					}
+					else {
+						Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+						// get selected countries as array
+						String countries = tp.getCountries();
+						String[] array = countries.split(",");
+						for (int i = 0; i < array.length; i++)
+							array[i] = array[i].trim();
+		                	  
+						// get certificates from TSL from given countries
+						tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
+					}
+					
+					// create store updater for each TSL enabled truststore 
+					Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
+					StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
+		            
+					// convert ArrayList<File> to X509Certificate[]										
+					X509Certificate[] addCertificates = new X509Certificate[tsl_certs.size()];
+					Iterator itcert = tsl_certs.iterator();
+					int i = 0;
+					while(itcert.hasNext()) {
+						File f = (File)itcert.next();
+						X509Certificate cert = new X509Certificate(new FileInputStream(f));
+						addCertificates[i] = cert;
+						
+						i++;
+					}
+					
+					// get certificates to be removed
+					X509Certificate[] removeCertificates = tp.getCertficatesToBeRemoved();
+					
+										
+					//Logger.debug(new LogMsg(msg.getMessage("config.44", null)));	
+					Logger.debug(new LogMsg("Remove " + removeCertificates.length + " certificates."));
+					storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
+					
+					
+					Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
+					storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+		
+					// set the certifcates to be removed for the next TSL update
+					tp.setCertificatesToBeRemoved(addCertificates);
+		            
+				}
+			}
+		}
 		
 
 		
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
index 60786dc8a..645ff9f6d 100644
--- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
+++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
@@ -145,7 +145,7 @@ config.34=Blacklisted URI: {0}.
 config.35=External URIs not allowed.
 config.36=No blacklisted URIs given.
 config.37=Fehler beim Erstellen der TSL Konfiguration: Name des TSL Arbeits-Verzeichnisses konnte nicht in eine URL umgewandet werden (Wert="{0}")
-config.38=Fehler beim Erstellen der TSL Konfiguration: Das TSL Arbeits-Verzeichnis zeigt nicht auf ein existierendes Objekt, das kein Verzeichnis ist (Wert="{0}")
+config.38=Fehler beim Erstellen der TSL Konfiguration: Das TSL Arbeits-Verzeichnis ist kein Verzeichnis (Wert="{0}")
 config.39=TSL Konfguration: Kein Attribut "{0}" angegeben oder Attribut konnte nicht ausgewertet werden. Verwenden Default-Wert ("{1}")
 config.40=Fehler beim Erstellen der TSL Konfiguration: Es wurde mindestens ein TrustProfile mit aktivierter TSL-Unterstützung konfiguriert. Die allgemeine TSL-Konfiguration ist jedoch fehlerhaft.  
 config.41=Initialisiere TSL Bibliothek
@@ -169,4 +169,5 @@ invoker.01=Keine passende Transformationskette gefunden (Index={0})
 invoker.02=Der Hashwert der Transformation stimmt nicht überein (Index={0})
 invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1})
 
-tsl.00=Aktulisierung der TSL konnte nicht durchgeführt werden. TrustProfile mit aktiviertem TSL-Support stehen nicht zur Verfügung.
\ No newline at end of file
+tsl.00=Aktulisierung der TSL konnte nicht durchgeführt werden. TrustProfile mit aktiviertem TSL-Support stehen nicht zur Verfügung.
+tsl.01=Fehler bei der QC (qualifiziertes Zertifikat) bzw. SSCD (sichere Signaturerstellungseinheit) Überprüfung via TSL.
\ No newline at end of file
diff --git a/spss/server/serverws/.classpath b/spss/server/serverws/.classpath
index af4743f8a..bd0d802c7 100644
--- a/spss/server/serverws/.classpath
+++ b/spss/server/serverws/.classpath
@@ -1,12 +1,38 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <classpath>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
-	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
-	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
-	<classpathentry kind="output" path="target/classes"/>
-</classpath>
+  <classpathentry kind="output" path="target/classes"/>
+  <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
+  <classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
+  <classpathentry kind="var" path="M2_REPO/javax/xml/bind/jaxb-api/2.2.6/jaxb-api-2.2.6.jar"/>
+  <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
+  <classpathentry kind="src" path="/moa-spss-lib"/>
+  <classpathentry kind="var" path="M2_REPO/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar"/>
+  <classpathentry kind="var" path="M2_REPO/axis/axis-wsdl4j/1.5.1/axis-wsdl4j-1.5.1.jar"/>
+  <classpathentry kind="var" path="M2_REPO/commons-discovery/commons-discovery/0.2/commons-discovery-0.2.jar"/>
+  <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
+  <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+  <classpathentry kind="var" path="M2_REPO/postgresql/postgresql/7.2/postgresql-7.2.jar"/>
+  <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xalan/2.7.0/xalan-2.7.0.jar"/>
+  <classpathentry kind="var" path="M2_REPO/xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar"/>
+  <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xml-apis/2.7.0/xml-apis-2.7.0.jar"/>
+  <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/serializer/2.7.0/serializer-2.7.0.jar"/>
+  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar"/>
+  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar"/>
+  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar"/>
+  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar"/>
+  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar"/>
+  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Provider/1.2.4/iaik_Pkcs11Provider-1.2.4.jar"/>
+  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Wrapper/1.2.17/iaik_Pkcs11Wrapper-1.2.17.jar"/>
+  <classpathentry kind="src" path="/moa-common"/>
+  <classpathentry kind="var" path="M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar"/>
+  <classpathentry kind="var" path="M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar"/>
+  <classpathentry kind="var" path="M2_REPO/joda-time/joda-time/1.6.2/joda-time-1.6.2.jar"/>
+  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar"/>
+  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_util/0.23/iaik_util-0.23.jar"/>
+  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_xsect/1.1709142/iaik_xsect-1.1709142.jar"/>
+  <classpathentry kind="var" path="M2_REPO/com/sun/xml/bind/jaxb-impl/2.2.5/jaxb-impl-2.2.5.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar"/>
+  <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jsse/4.4/iaik_jsse-4.4.jar"/>
+</classpath>
\ No newline at end of file
diff --git a/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
index 7e3b7e969..0e32dbb18 100644
--- a/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
+++ b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
@@ -1,7 +1,8 @@
-eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
-org.eclipse.jdt.core.compiler.compliance=1.4
-org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+#Thu Dec 27 15:45:22 CET 2012
 org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
 org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.compliance=1.5
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml
index df66dd21b..564572b10 100644
--- a/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -2,6 +2,6 @@
 <faceted-project>
   <fixed facet="jst.java"/>
   <fixed facet="jst.web"/>
-  <installed facet="jst.java" version="1.4"/>
-  <installed facet="jst.web" version="2.3"/>
-</faceted-project>
+  <installed facet="jst.web" version="2.4"/>
+  <installed facet="jst.java" version="5.0"/>
+</faceted-project>
\ No newline at end of file
diff --git a/spss/server/tools/.classpath b/spss/server/tools/.classpath
index a9bfad977..65abf443d 100644
--- a/spss/server/tools/.classpath
+++ b/spss/server/tools/.classpath
@@ -3,7 +3,7 @@
   <classpathentry kind="src" path="src/main/java" including="**/*.java"/>
   <classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/>
   <classpathentry kind="output" path="target/classes"/>
-  <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+  <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
   <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar"/>
   <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar"/>
   <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar"/>
diff --git a/spss/server/tools/.settings/org.eclipse.jdt.core.prefs b/spss/server/tools/.settings/org.eclipse.jdt.core.prefs
index a519d2f62..3bfb290ea 100644
--- a/spss/server/tools/.settings/org.eclipse.jdt.core.prefs
+++ b/spss/server/tools/.settings/org.eclipse.jdt.core.prefs
@@ -1,5 +1,6 @@
-eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
-org.eclipse.jdt.core.compiler.compliance=1.4
+#Thu Dec 27 15:45:21 CET 2012
 org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
-- 
cgit v1.2.3