From 2972ec31c2bd59434be9ac12872baa30141325df Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 25 Jan 2017 11:54:29 +0100
Subject: update QC evaluation from TSL --> if TSL support is enabled for the
 requested TrustProfile than ONLY QC information from TSL is used

---
 .../moa/spss/util/CertificateUtils.java            | 71 +++++++++++++---------
 1 file changed, 41 insertions(+), 30 deletions(-)

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
index ad64052..ce78580 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -259,26 +259,33 @@ public class CertificateUtils {
 						}
 					}
 					
-					//evaluate QC statement according previous selected information 
-					if (qcSourceTSL)					
-						Logger.debug("Certificate is QC (Source: TSL)");
-										
-					else {
-						// if TSL return no service-type identifier us information from certificate
-						if (tslServiceTypeIdentifier == null || 
-								MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) {
-							// try certificate extensions QCP and QcEuCompliance
-							Logger.debug("QC check via TSL returned false - checking certificate extensions");
-							boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
-							boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
-				        
-							if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) {
-								Logger.debug("Certificate is QC (Source: Certificate)");
-								qc = true;
-				        	
-							}
-						}						
-					}
+			/*
+			 * This block is removes with MOA-SP 3.1 because if TSL support is enabled for the requested TrustProfile 
+			 * QC evaluation is ONLY allowed from TSL information!!! Because with eIDAS regulation and July 01. 2016 
+			 * the Trust-Status List is constitutive.  
+			*/
+//					//evaluate QC statement according previous selected information 
+//					if (qcSourceTSL)					
+//						Logger.debug("Certificate is QC (Source: TSL)");
+//										
+//					else {
+//						
+//						
+//						// if TSL return no service-type identifier us information from certificate
+//						if (tslServiceTypeIdentifier == null || 
+//								MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) {
+//							// try certificate extensions QCP and QcEuCompliance
+//							Logger.debug("QC check via TSL returned false - checking certificate extensions");
+//							boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+//							boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+//				        
+//							if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) {
+//								Logger.debug("Certificate is QC (Source: Certificate)");
+//								qc = true;
+//				        	
+//							}
+//						}						
+//					}
 					
 					
 					//evaluate SSCD/QSCD results according previous selected information  
@@ -313,13 +320,14 @@ public class CertificateUtils {
 					return result;
 									
 				} else {
-					Logger.debug("Qualifier check via TSL return null - checking certificate extensions");
-					return parseInfosFromCertificate(chain);
+					Logger.debug("Qualifier check via TSL return null - checking certificate extensions without QC evaluation");
+					return parseInfosFromCertificate(chain, false);
 					
 				}
 							        	
 			} else 
-				return parseInfosFromCertificate(chain);
+				Logger.info("TSL support is not enabled - checking certificate extensions with QC evaluation ");
+				return parseInfosFromCertificate(chain, true);
 		}
 		catch (TslException e) {
 	    	MessageProvider msg = MessageProvider.getInstance();
@@ -330,19 +338,22 @@ public class CertificateUtils {
 		
 	}
 	
-	private static QCSSCDResult parseInfosFromCertificate(X509Certificate[] chain) {
+	private static QCSSCDResult parseInfosFromCertificate(X509Certificate[] chain, boolean performQCEvaluation) {
 		boolean qc = false;
 		boolean sscd = false;
 		
 		// Trustprofile is not TSL enabled - use certificate extensions only
 
-		// perform QC check
-		// try certificate extensions QCP and QcEuCompliance
-     	boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
-        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+		if (performQCEvaluation) {
+			// perform QC check
+			// try certificate extensions QCP and QcEuCompliance
+			boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+			boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
         
-        if (checkQCP || checkQcEuCompliance)
-        	qc = true;
+			if (checkQCP || checkQcEuCompliance)
+				qc = true;
+			
+		}
             	
     	// perform SSCD check
     	// try certificate extensions QCP+ and QcEuSSCD			       
-- 
cgit v1.2.3


From 22607c8b05d03e7da006e34713231f6c41ea9f1b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 1 Feb 2017 10:11:14 +0100
Subject: fix wrong readtime in TSL config

---
 .../java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index 1eb9984..295e861 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -153,7 +153,7 @@ public class SystemInitializer {
     	  TslConfigurationImpl tslConfig = new TslConfigurationImpl();
     	  tslConfig.setEuTslURL(moaSPTslConfig.getEuTSLUrl());
     	  tslConfig.setTslWorkingDirectory(moaSPTslConfig.getWorkingDirectory());
-    	  tslConfig.setNetworkReadTimeout(config.getReadTimeout());
+    	  tslConfig.setNetworkReadTimeout(config.getReadTimeout() / 1000);
     	  
     	  Logger.info(new LogMsg(msg.getMessage("config.41", null)));
     	  TSLServiceFactory.initialize(tslConfig);    	  
-- 
cgit v1.2.3


From 45819f5a12b1942d5c942ec909e22536b16aa56c Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 1 Feb 2017 10:11:47 +0100
Subject: fix wrong result in VerifyPDFSignatureResponse

---
 .../moa/spss/api/xmlbind/ResponseBuilderUtils.java       | 16 ++++++++++++++++
 .../api/xmlbind/VerifyPDFSignatureResponseBuilder.java   | 14 +++++++++-----
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index fafbc16..91dc6b9 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -68,6 +68,22 @@ public class ResponseBuilderUtils {
   private static final String DSIG_NS_URI = Constants.DSIG_NS_URI;
   private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
 
+  /**
+   * Add an DOM element with a specific name as child to a root element
+   * 
+   * @param elementName Name of the DOM element
+   * @param response Full document with namespace information
+   * @param rootElement Root element
+   * @return new child DOM element
+   */
+  public static Element addChildElement(String elementName, Document response,
+		    Element rootElement) {
+	  Element childElement = response.createElementNS(MOA_NS_URI, elementName);
+	  rootElement.appendChild(childElement);
+	  return childElement;	  
+	  
+  }
+  
   /**
    * Create a response element with all the namespaces set.
    * 
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java
index f58b68a..98b54a3 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java
@@ -48,7 +48,7 @@ public class VerifyPDFSignatureResponseBuilder {
   /** The XML document containing the response element. */
   private Document responseDoc;
   /** The response <code>VerifyCMSSignatureResponse</code> DOM element. */
-  private Element responseElem;
+  private Element responseRootElem;
 
   /**
    * Create a new <code>VerifyCMSSignatureResponseBuilder</code>:
@@ -59,7 +59,7 @@ public class VerifyPDFSignatureResponseBuilder {
   public VerifyPDFSignatureResponseBuilder() throws MOASystemException {
     responseDoc =
       ResponseBuilderUtils.createResponse("VerifyPDFSignatureResponse");
-    responseElem = responseDoc.getDocumentElement();
+    responseRootElem = responseDoc.getDocumentElement();
   }
   
   /**
@@ -78,10 +78,13 @@ public class VerifyPDFSignatureResponseBuilder {
 
     Iterator iter;
 
+   
     for (iter = response.getResponseElements().iterator(); iter.hasNext();) {
       VerifyCMSSignatureResponseElement responseElement =
-        (VerifyCMSSignatureResponseElement) iter.next();
-      addResponseElement(responseElement);
+        (VerifyCMSSignatureResponseElement) iter.next();      
+      Element signatureResult = ResponseBuilderUtils.addChildElement("SignatureResult", responseDoc, responseRootElem);
+      addResponseElement(responseElement, signatureResult);
+      
     }
     
     return responseDoc;
@@ -91,9 +94,10 @@ public class VerifyPDFSignatureResponseBuilder {
    * Add an element to the response.
    * 
    * @param responseElement The element to add to the response.
+ * @param signatureResult 
    * @throws MOAApplicationException An error occurred adding the element.
    */
-  private void addResponseElement(VerifyCMSSignatureResponseElement responseElement)
+  private void addResponseElement(VerifyCMSSignatureResponseElement responseElement, Element responseElem)
     throws MOAApplicationException {
 
     SignerInfo signerInfo = responseElement.getSignerInfo();
-- 
cgit v1.2.3


From 5159762bea80c8e09a448859d62868f010de7d3a Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 1 Feb 2017 10:12:25 +0100
Subject: switch version to 3.1.0-RC3

---
 .gitignore                  | 2 +-
 moaSig/build.gradle         | 2 +-
 moaSig/moa-sig/build.gradle | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 4c72bde..77f0f9b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -191,7 +191,7 @@ buildNumber.properties
 .mtj.tmp/
 
 # Package Files #
-*.jar
+#*.jar
 *.war
 *.ear
 
diff --git a/moaSig/build.gradle b/moaSig/build.gradle
index 52a61bb..808a960 100644
--- a/moaSig/build.gradle
+++ b/moaSig/build.gradle
@@ -21,7 +21,7 @@ subprojects {
         testCompile 'junit:junit:4.8.2'
     }
 
-    version = '3.0.1'
+    version = '3.1.0-RC3'
 
     jar { manifest.attributes provider: 'EGIZ', 'Specification-Version': getCheckedOutGitCommitHash(), 'Implementation-Version': project.version  }
 }
diff --git a/moaSig/moa-sig/build.gradle b/moaSig/moa-sig/build.gradle
index 0ddd479..016eebd 100644
--- a/moaSig/moa-sig/build.gradle
+++ b/moaSig/moa-sig/build.gradle
@@ -1,4 +1,5 @@
 apply plugin: 'war'
+apply plugin: 'eclipse'
 apply plugin: 'eclipse-wtp'
 apply from: 'https://raw.github.com/akhikhl/gretty/master/pluginScripts/gretty.plugin'
 
-- 
cgit v1.2.3