From bad8d3cc1051aa22c679801310f94c852821dc4d Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Tue, 23 Sep 2014 12:02:50 +0200 Subject: added Certificate Servlet --- .../server/service/CertificateProviderServlet.java | 177 +++++++++++++++++++++ .../serverws/src/main/webapp/WEB-INF/web.xml | 14 +- 2 files changed, 188 insertions(+), 3 deletions(-) create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java (limited to 'spss') diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java new file mode 100644 index 000000000..fe99bcae1 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java @@ -0,0 +1,177 @@ +package at.gv.egovernment.moa.spss.server.service; + +import iaik.server.modules.keys.KeyEntryID; +import iaik.server.modules.keys.KeyModule; +import iaik.server.modules.keys.KeyModuleFactory; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.Principal; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Set; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.server.config.ConfigurationException; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry; +import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.server.transaction.TransactionIDGenerator; + +/** + * + * @author Andreas Fitzek + * @version $Id$ + */ +public class CertificateProviderServlet extends HttpServlet { + + /** + * + */ + private static final long serialVersionUID = -6907582473072190122L; + + /** The property name for accessing the X509 client certificate chain. */ + private static final String X509_CERTIFICATE_PROPERTY = "javax.servlet.request.X509Certificate"; + + public static final String PARAM_KEYID = "id"; + + /** + * Build the set of KeyEntryIDs available to the given + * keyGroupID. + * + * @param keyGroupID + * The keygroup ID for which the available keys should be + * returned. + * @return The Set of KeyEntryIDs identifying the + * available keys. + * @throws ConfigurationException + */ + private Set buildKeySet(String keyGroupID, X509Certificate cert, KeyModule module) + throws ConfigurationException { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + Set keyGroupEntries; + + // get the KeyGroup entries from the configuration + if (cert != null) { + Principal issuer = cert.getIssuerDN(); + BigInteger serialNumber = cert.getSerialNumber(); + + keyGroupEntries = config.getKeyGroupEntries(issuer, serialNumber, + keyGroupID); + } else { + keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID); + } + + // map the KeyGroup entries to a set of KeyEntryIDs + if (keyGroupEntries == null) { + return null; + } else if (keyGroupEntries.size() == 0) { + return Collections.EMPTY_SET; + } else { + + Set keyEntryIDs = module.getPrivateKeyEntryIDs(); + Set keySet = new HashSet(); + Iterator iter; + + // filter out the keys that do not exist in the IAIK configuration + // by walking through the key entries and checking if the exist in + // the + // keyGroupEntries + for (iter = keyEntryIDs.iterator(); iter.hasNext();) { + KeyEntryID entryID = (KeyEntryID) iter.next(); + KeyGroupEntry entry = new KeyGroupEntry(entryID.getModuleID(), + entryID.getCertificateIssuer(), + entryID.getCertificateSerialNumber()); + if (keyGroupEntries.contains(entry)) { + keySet.add(entryID); + } + } + return keySet; + } + } + + private X509Certificate getClientCertificate(HttpServletRequest request) { + X509Certificate[] clientCert = (X509Certificate[]) request + .getAttribute(X509_CERTIFICATE_PROPERTY); + if(clientCert != null) { + return clientCert[0]; + } + return null; + } + + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + try { + X509Certificate cert = getClientCertificate(request); + String keyId = request.getParameter(PARAM_KEYID); + + if(keyId == null) { + Logger.warn(PARAM_KEYID + " not provided in Request. Returning: " + HttpServletResponse.SC_BAD_REQUEST); + response.sendError(HttpServletResponse.SC_BAD_REQUEST); + return; + } + + String transactionId = TransactionIDGenerator.nextID(); + + KeyModule module = KeyModuleFactory.getInstance(new TransactionId( + transactionId)); + + Set keySet = buildKeySet(keyId, cert, module); + + if(keySet == null || keySet.isEmpty()) { + Logger.warn("No keys available for Key Identifier " + keyId + " and given authentication."); + response.sendError(HttpServletResponse.SC_NOT_FOUND); + return; + } + + + if(keySet.size() != 1) { + Logger.warn("Too many keys available for Key Identifier " + keyId + " and given authentication."); + response.sendError(HttpServletResponse.SC_CONFLICT); + return; + } + + Iterator iter; + + // filter out the keys that do not exist in the IAIK configuration + // by walking through the key entries and checking if the exist in + // the + // keyGroupEntries + for (iter = keySet.iterator(); iter.hasNext();) { + KeyEntryID entryID = (KeyEntryID) iter.next(); + + List certChain = module.getPrivateKeyEntry(entryID).getCertificateChain(); + + if(certChain != null && !certChain.isEmpty()) { + Logger.trace("Returning Certificate!"); + Certificate keyCert = ((Certificate)certChain.get(0)); + byte[] certData = keyCert.getEncoded(); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentType("application/pkix-cert"); + response.setHeader("Content-disposition","attachment; filename=\"" + keyId + ".cer\""); + response.getOutputStream().write(certData); + response.getOutputStream().close(); + return; + } + + break; + } + + // No Certificate could be found! + Logger.warn("Failed to find keys available for Key Identifier " + keyId + " and given authentication."); + response.sendError(HttpServletResponse.SC_NOT_FOUND); + return; + } catch(Throwable e) { + + } + } +} diff --git a/spss/server/serverws/src/main/webapp/WEB-INF/web.xml b/spss/server/serverws/src/main/webapp/WEB-INF/web.xml index b68ee850e..5de9f1d9c 100644 --- a/spss/server/serverws/src/main/webapp/WEB-INF/web.xml +++ b/spss/server/serverws/src/main/webapp/WEB-INF/web.xml @@ -10,9 +10,7 @@ ConfigurationServlet MOA Configuration Servlet - - at.gv.egovernment.moa.spss.server.service.ConfigurationServlet - + at.gv.egovernment.moa.spss.server.service.ConfigurationServlet 0 @@ -22,6 +20,12 @@ org.apache.axis.transport.http.AxisServlet + + CertificateProviderServlet + MOA Certificate Provider Servlet + at.gv.egovernment.moa.spss.server.service.CertificateProviderServlet + 0 + AxisServlet /services/* @@ -30,6 +34,10 @@ ConfigurationServlet /ConfigurationUpdate + + CertificateProviderServlet + /Certificate + -- cgit v1.2.3 From 08f30a3dad9cef45d6fea0ce7a6dcb90b6b6ccde Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Tue, 23 Sep 2014 12:16:02 +0200 Subject: filled error handler in certificate servlet --- .../moa/spss/server/service/CertificateProviderServlet.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'spss') diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java index fe99bcae1..c8a0f68bf 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java @@ -171,7 +171,8 @@ public class CertificateProviderServlet extends HttpServlet { response.sendError(HttpServletResponse.SC_NOT_FOUND); return; } catch(Throwable e) { - + Logger.error("Unhandled Exception when providing certificate", e); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } } } -- cgit v1.2.3 From 53c6beba7017b74955818f4768b76133f08e784e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 Oct 2014 12:06:22 +0100 Subject: Update third-party libs - some implementation updates was required --- id/server/auth/pom.xml | 4 + id/server/idserverlib/pom.xml | 39 ++- .../gv/egovernment/moa/id/client/SZRGWClient.java | 26 +- .../stork2/CorporateBodyMandateContainer.java | 7 - .../moa/id/protocols/stork2/MandateContainer.java | 2 +- .../stork2/PhyPersonMandateContainer.java | 4 - .../protocols/stork2/SimpleNamespaceContext.java | 83 +++++++ .../properties/pvp-stork_role_mapping.properties | 2 + .../resources/resources/wsdl/szrgw/W3C-XMLDSig.xsd | 265 +++++++++++++++++++++ .../wsdl/szrgw/cs-sstc-schema-assertion-01.xsd | 194 +++++++++++++++ .../wsdl/szrgw/cs-sstc-schema-protocol-01.xsd | 127 ++++++++++ .../resources/wsdl/szrgw/mis/mis-1.0.3.xsd | 98 ++++++++ .../resources/wsdl/szrgw/szr-gw-0.0.3.xsd | 4 - id/server/moa-id-commons/pom.xml | 4 +- .../moa/id/commons/db/ConfigurationDBRead.java | 6 +- pom.xml | 10 +- spss/server/serverlib/pom.xml | 6 + 17 files changed, 849 insertions(+), 32 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java create mode 100644 id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties create mode 100644 id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/W3C-XMLDSig.xsd create mode 100644 id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-assertion-01.xsd create mode 100644 id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-protocol-01.xsd create mode 100644 id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/mis/mis-1.0.3.xsd (limited to 'spss') diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index b43a0e736..dd75ee6aa 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -108,6 +108,10 @@ iaik_pki_module iaik + + axis-wsdl4j + axis + diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 833f869e5..32c8f5705 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -71,6 +71,10 @@ javax.servlet servlet-api + + axis-wsdl4j + axis + @@ -92,7 +96,8 @@ at.gv.util egovutils - 1.0.7 + + 2.0.0 com.sun @@ -102,6 +107,14 @@ org.slf4j * + + xalan + * + + + bcprov-jdk16 + bouncycastle + @@ -247,6 +260,14 @@ org.slf4j log4j-over-slf4j + + org.apache.xerces + * + + + xalan + * + @@ -257,6 +278,22 @@ org.slf4j log4j-over-slf4j + + org.slf4j + log4j-over-slf4j + + + org.apache.xerces + * + + + xalan + * + + + bcprov-jdk15on + org.bouncycastle + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java index c675885c9..9e4f3fa36 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java @@ -38,9 +38,14 @@ import at.gv.util.wsdl.szrgw.SZRGWType; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import com.sun.xml.ws.developer.JAXWSProperties; import javax.xml.ws.BindingProvider; +import org.apache.cxf.configuration.jsse.TLSClientParameters; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.transport.http.HTTPConduit; +import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; + public class SZRGWClient { private SSLSocketFactory sslContext = null; @@ -57,9 +62,6 @@ public class SZRGWClient { SZRGWService service = new SZRGWService(url, new QName("http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl", "SZRGWService")); SZRGWType port = service.getSZRGWPort(); - - - BindingProvider bindingProvider = (BindingProvider) port; Map requestContext = bindingProvider.getRequestContext(); requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, serviceUrl); @@ -72,12 +74,24 @@ public class SZRGWClient { throw new SZRGWClientException(); } - requestContext.put(JAXWSProperties.SSL_SOCKET_FACTORY, sslContext); + Client client = ClientProxy.getClient(port); + HTTPConduit http = (HTTPConduit) client.getConduit(); + HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); + + httpClientPolicy.setConnectionTimeout(36000); + httpClientPolicy.setReceiveTimeout(32000); + + http.setClient(httpClientPolicy); + TLSClientParameters tlsParams = new TLSClientParameters(); + tlsParams.setSSLSocketFactory(sslContext); + + http.setTlsClientParameters(tlsParams ); + // check for lax hostname if (true) { Logger.trace("LaxHostnameVerifier enabled. This setting is not recommended to use."); - requestContext.put(JAXWSProperties.HOSTNAME_VERIFIER, new LaxHostNameVerifier()); + tlsParams.setHostnameVerifier(new LaxHostNameVerifier()); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java index b358436ae..3e16db7d2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java @@ -24,17 +24,10 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.logging.Logger; -import javanet.staxutils.SimpleNamespaceContext; import org.xml.sax.InputSource; -import javax.xml.xpath.XPath; import javax.xml.xpath.XPathExpressionException; -import javax.xml.xpath.XPathFactory; import java.io.StringReader; -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import java.util.HashMap; - /** * Physical person representing corporate body * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java index 25350e686..e6c58b503 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java @@ -24,11 +24,11 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.logging.Logger; -import javanet.staxutils.SimpleNamespaceContext; import javax.xml.xpath.XPath; import javax.xml.xpath.XPathExpressionException; import javax.xml.xpath.XPathFactory; + import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.util.HashMap; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java index 853d17318..ba89663ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java @@ -24,14 +24,10 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.logging.Logger; -import javanet.staxutils.SimpleNamespaceContext; import org.xml.sax.InputSource; -import javax.xml.xpath.XPath; import javax.xml.xpath.XPathExpressionException; -import javax.xml.xpath.XPathFactory; import java.io.StringReader; -import java.util.HashMap; /** * Physical person representing physical person diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java new file mode 100644 index 000000000..2c2df3e54 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java @@ -0,0 +1,83 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map.Entry; +import java.util.Set; + +import javax.xml.namespace.NamespaceContext; + +/** + * @author tlenz + * + */ +public class SimpleNamespaceContext implements NamespaceContext { + + HashMap prefMap = null; + /** + * @param prefMap + */ + SimpleNamespaceContext(HashMap prefMap) { + this.prefMap = prefMap; + } + + /* (non-Javadoc) + * @see javax.xml.namespace.NamespaceContext#getNamespaceURI(java.lang.String) + */ + @Override + public String getNamespaceURI(String prefix) { + if (prefMap.containsKey(prefix)) + return prefMap.get(prefix); + else + return null; + } + + /* (non-Javadoc) + * @see javax.xml.namespace.NamespaceContext#getPrefix(java.lang.String) + */ + @Override + public String getPrefix(String namespaceURI) { + if (prefMap.containsValue(namespaceURI)) { + Set> set = prefMap.entrySet(); + for (Entry el : set) { + if (el.getValue().equals(namespaceURI)) + return el.getKey(); + + } + } + + return null; + } + + /* (non-Javadoc) + * @see javax.xml.namespace.NamespaceContext#getPrefixes(java.lang.String) + */ + @Override + public Iterator getPrefixes(String namespaceURI) { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties new file mode 100644 index 000000000..5bcfc7bd2 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties @@ -0,0 +1,2 @@ +xxpvprole=CIRCABC/viewer +yypvprole=CIRCABC/admin \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/W3C-XMLDSig.xsd b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/W3C-XMLDSig.xsd new file mode 100644 index 000000000..522cae082 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/W3C-XMLDSig.xsd @@ -0,0 +1,265 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-assertion-01.xsd b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-assertion-01.xsd new file mode 100644 index 000000000..8ef08727d --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-assertion-01.xsd @@ -0,0 +1,194 @@ + + + + + + + Document identifier: cs-sstc-schema-assertion-01 + Location: http://www.oasis-open.org/committees/security/docs/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-protocol-01.xsd b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-protocol-01.xsd new file mode 100644 index 000000000..eeb9bef9f --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/cs-sstc-schema-protocol-01.xsd @@ -0,0 +1,127 @@ + + + + + + + + Document identifier: cs-sstc-schema-protocol-01 + Location: http://www.oasis-open.org/committees/security/docs/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/mis/mis-1.0.3.xsd b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/mis/mis-1.0.3.xsd new file mode 100644 index 000000000..48ef60187 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/mis/mis-1.0.3.xsd @@ -0,0 +1,98 @@ + + + + + + + Request to MIS + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Response from MIS + + + + + + + + + + + + + + + + + + Organwalter oder berufsm. Parteienvertreter + + + + + bPK des Organwalters + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/szr-gw-0.0.3.xsd b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/szr-gw-0.0.3.xsd index c97822427..211e59d53 100644 --- a/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/szr-gw-0.0.3.xsd +++ b/id/server/idserverlib/src/main/resources/resources/wsdl/szrgw/szr-gw-0.0.3.xsd @@ -1,9 +1,5 @@ - - - - diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index e6d708eca..ebda03801 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -82,7 +82,7 @@ com.sun.xml.bind jaxb-xjc - 2.2.7 + 2.2.11 @@ -118,7 +118,7 @@ mysql mysql-connector-java - 5.1.32 + 5.1.33 diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java index 46d3ca558..a3f445fcf 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java @@ -27,11 +27,13 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -import org.apache.commons.lang.StringEscapeUtils; +//import org.apache.commons.lang.StringEscapeUtils; import javax.persistence.EntityManager; import javax.persistence.PersistenceException; +import org.apache.commons.lang3.StringEscapeUtils; + import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -70,7 +72,7 @@ public class ConfigurationDBRead { javax.persistence.Query query = session.createQuery(QUERIES.get("getActiveOnlineApplicationWithID")); //query.setParameter("id", id+"%"); - query.setParameter("id", StringEscapeUtils.escapeHtml(id)); + query.setParameter("id", StringEscapeUtils.escapeHtml4(id)); result = query.getResultList(); Logger.trace("Found entries: " + result.size()); diff --git a/pom.xml b/pom.xml index bed1565c6..89f710a4c 100644 --- a/pom.xml +++ b/pom.xml @@ -406,7 +406,7 @@ javax.xml.bind jaxb-api - 2.2.11 + 2.2.12 @@ -445,7 +445,7 @@ xerces xercesImpl - 2.9.1 + 2.11.0 compile + 2.11.0 runtime xalan-bin-dist serializer - 2.7.1 + 2.7.2 runtime diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index 3cf8d0bd7..7c11659e1 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -161,6 +161,12 @@ + + com.sun.xml.bind + jaxb-impl + 2.2.11 + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd deleted file mode 100644 index cc0a7c882..000000000 --- a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.5.2.xsd +++ /dev/null @@ -1,564 +0,0 @@ - - - - - - - - - - - - - - - - - - - - Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements - - - - - - - - - - - - - - - - - - - - - - Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage - - - - Resultat, falls die Signaturerstellung erfolgreich war - - - - - - - - - - - - - - - - - - - - Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements - - - - - - - - - - - - - - - - - - - Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil - - - - - - - - - - - - - - - - - - Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage - - - - Resultat, falls die Signaturerstellung erfolgreich war - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert - - - - - - - - - - - only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. - - - - - - - - - - mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert - - - - - - - - - - - only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Resultat, falls die Signaturerstellung gescheitert ist - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. - - - - - Profilbezeichner für einen Transformationsweg - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. - - - - Der Transformationsparameter explizit angegeben. - - - - - Der Hashwert des Transformationsparameters. - - - - - - - - - - - - - - - - - - - - - - Explizite Angabe des Transformationswegs - - - - - - - Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. - - - - - - - - - - - - - - - - diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-2.0.0.wsdl b/spss/server/serverws/resources/wsdl/MOA-SPSS-2.0.0.wsdl new file mode 100644 index 000000000..4f9deee38 --- /dev/null +++ b/spss/server/serverws/resources/wsdl/MOA-SPSS-2.0.0.wsdl @@ -0,0 +1,128 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-2.0.0.xsd b/spss/server/serverws/resources/wsdl/MOA-SPSS-2.0.0.xsd new file mode 100644 index 000000000..cc0a7c882 --- /dev/null +++ b/spss/server/serverws/resources/wsdl/MOA-SPSS-2.0.0.xsd @@ -0,0 +1,564 @@ + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung gescheitert ist + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. + + + + + Profilbezeichner für einen Transformationsweg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. + + + + Der Transformationsparameter explizit angegeben. + + + + + Der Hashwert des Transformationsparameters. + + + + + + + + + + + + + + + + + + + + + + Explizite Angabe des Transformationswegs + + + + + + + Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. + + + + + + + + + + + + + + + + -- cgit v1.2.3 From b04fbacb74bfcf4addaf16d72a819afd7161fd6f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 31 Oct 2014 07:10:11 +0100 Subject: add .gitignore files --- .gitignore | 5 +++++ DocumentService/.gitignore | 1 + common/.gitignore | 1 + id/ConfigWebTool/.gitignore | 2 ++ id/oa/.gitignore | 2 ++ id/server/auth/.gitignore | 2 ++ id/server/idserverlib/.gitignore | 1 + id/server/idserverlib/bin/.gitignore | 2 ++ id/server/moa-id-commons/.gitignore | 1 + id/server/proxy/.gitignore | 2 ++ id/server/stork2-commons/.gitignore | 1 + id/server/stork2-saml-engine/.gitignore | 1 + spss/handbook/clients/api/.gitignore | 2 ++ spss/handbook/clients/referencedData/.gitignore | 2 ++ spss/handbook/clients/webservice/.gitignore | 2 ++ spss/server/serverlib/.gitignore | 1 + spss/server/serverws/.gitignore | 2 ++ spss/server/tools/.gitignore | 1 + 18 files changed, 31 insertions(+) create mode 100644 .gitignore create mode 100644 DocumentService/.gitignore create mode 100644 common/.gitignore create mode 100644 id/ConfigWebTool/.gitignore create mode 100644 id/oa/.gitignore create mode 100644 id/server/auth/.gitignore create mode 100644 id/server/idserverlib/.gitignore create mode 100644 id/server/idserverlib/bin/.gitignore create mode 100644 id/server/moa-id-commons/.gitignore create mode 100644 id/server/proxy/.gitignore create mode 100644 id/server/stork2-commons/.gitignore create mode 100644 id/server/stork2-saml-engine/.gitignore create mode 100644 spss/handbook/clients/api/.gitignore create mode 100644 spss/handbook/clients/referencedData/.gitignore create mode 100644 spss/handbook/clients/webservice/.gitignore create mode 100644 spss/server/serverlib/.gitignore create mode 100644 spss/server/serverws/.gitignore create mode 100644 spss/server/tools/.gitignore (limited to 'spss') diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000..bb7e57f31 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +/target +/bin +.settings +.project +.classpath \ No newline at end of file diff --git a/DocumentService/.gitignore b/DocumentService/.gitignore new file mode 100644 index 000000000..ea8c4bf7f --- /dev/null +++ b/DocumentService/.gitignore @@ -0,0 +1 @@ +/target diff --git a/common/.gitignore b/common/.gitignore new file mode 100644 index 000000000..ea8c4bf7f --- /dev/null +++ b/common/.gitignore @@ -0,0 +1 @@ +/target diff --git a/id/ConfigWebTool/.gitignore b/id/ConfigWebTool/.gitignore new file mode 100644 index 000000000..4dc009173 --- /dev/null +++ b/id/ConfigWebTool/.gitignore @@ -0,0 +1,2 @@ +/target +/bin diff --git a/id/oa/.gitignore b/id/oa/.gitignore new file mode 100644 index 000000000..4dc009173 --- /dev/null +++ b/id/oa/.gitignore @@ -0,0 +1,2 @@ +/target +/bin diff --git a/id/server/auth/.gitignore b/id/server/auth/.gitignore new file mode 100644 index 000000000..4dc009173 --- /dev/null +++ b/id/server/auth/.gitignore @@ -0,0 +1,2 @@ +/target +/bin diff --git a/id/server/idserverlib/.gitignore b/id/server/idserverlib/.gitignore new file mode 100644 index 000000000..ea8c4bf7f --- /dev/null +++ b/id/server/idserverlib/.gitignore @@ -0,0 +1 @@ +/target diff --git a/id/server/idserverlib/bin/.gitignore b/id/server/idserverlib/bin/.gitignore new file mode 100644 index 000000000..e2c1dc811 --- /dev/null +++ b/id/server/idserverlib/bin/.gitignore @@ -0,0 +1,2 @@ +/src +/src diff --git a/id/server/moa-id-commons/.gitignore b/id/server/moa-id-commons/.gitignore new file mode 100644 index 000000000..ea8c4bf7f --- /dev/null +++ b/id/server/moa-id-commons/.gitignore @@ -0,0 +1 @@ +/target diff --git a/id/server/proxy/.gitignore b/id/server/proxy/.gitignore new file mode 100644 index 000000000..4dc009173 --- /dev/null +++ b/id/server/proxy/.gitignore @@ -0,0 +1,2 @@ +/target +/bin diff --git a/id/server/stork2-commons/.gitignore b/id/server/stork2-commons/.gitignore new file mode 100644 index 000000000..ea8c4bf7f --- /dev/null +++ b/id/server/stork2-commons/.gitignore @@ -0,0 +1 @@ +/target diff --git a/id/server/stork2-saml-engine/.gitignore b/id/server/stork2-saml-engine/.gitignore new file mode 100644 index 000000000..ea8c4bf7f --- /dev/null +++ b/id/server/stork2-saml-engine/.gitignore @@ -0,0 +1 @@ +/target diff --git a/spss/handbook/clients/api/.gitignore b/spss/handbook/clients/api/.gitignore new file mode 100644 index 000000000..934e0e06f --- /dev/null +++ b/spss/handbook/clients/api/.gitignore @@ -0,0 +1,2 @@ +/bin +/target diff --git a/spss/handbook/clients/referencedData/.gitignore b/spss/handbook/clients/referencedData/.gitignore new file mode 100644 index 000000000..934e0e06f --- /dev/null +++ b/spss/handbook/clients/referencedData/.gitignore @@ -0,0 +1,2 @@ +/bin +/target diff --git a/spss/handbook/clients/webservice/.gitignore b/spss/handbook/clients/webservice/.gitignore new file mode 100644 index 000000000..934e0e06f --- /dev/null +++ b/spss/handbook/clients/webservice/.gitignore @@ -0,0 +1,2 @@ +/bin +/target diff --git a/spss/server/serverlib/.gitignore b/spss/server/serverlib/.gitignore new file mode 100644 index 000000000..ea8c4bf7f --- /dev/null +++ b/spss/server/serverlib/.gitignore @@ -0,0 +1 @@ +/target diff --git a/spss/server/serverws/.gitignore b/spss/server/serverws/.gitignore new file mode 100644 index 000000000..4dc009173 --- /dev/null +++ b/spss/server/serverws/.gitignore @@ -0,0 +1,2 @@ +/target +/bin diff --git a/spss/server/tools/.gitignore b/spss/server/tools/.gitignore new file mode 100644 index 000000000..ea8c4bf7f --- /dev/null +++ b/spss/server/tools/.gitignore @@ -0,0 +1 @@ +/target -- cgit v1.2.3