summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorwbauer <wbauer@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2008-10-08 08:39:17 +0000
committerwbauer <wbauer@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2008-10-08 08:39:17 +0000
commit27d91275555207f9e152c2867d52fbbf83f92ba7 (patch)
tree27798cbea71918278dc04c9a3e4e309f05956888
parent35364f7492308692bd690c17f5527f4157eb583a (diff)
downloadmocca-27d91275555207f9e152c2867d52fbbf83f92ba7.tar.gz
mocca-27d91275555207f9e152c2867d52fbbf83f92ba7.tar.bz2
mocca-27d91275555207f9e152c2867d52fbbf83f92ba7.zip
changed ssl certificate validation, now using iaik_pki
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@83 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
-rw-r--r--BKULocal/src/main/webapp/WEB-INF/applicationContext.xml2
-rw-r--r--BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zipbin17759 -> 23517 bytes
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java4
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/HashDataInputServlet.java96
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java6
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-01a.cerbin0 -> 1111 bytes
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-02a.cerbin0 -> 975 bytes
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-03a.cerbin0 -> 975 bytes
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-01a.cerbin0 -> 865 bytes
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-03.cerbin0 -> 979 bytes
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-SSL-03.cer (renamed from BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-SSL-03.cer)0
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-03.cer (renamed from BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-03.cer)0
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-01a.cer (renamed from BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-01a.cer)0
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-02a.cer (renamed from BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-02a.cer)0
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-03.cer (renamed from BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-03.cer)0
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-01a.cer (renamed from BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-01a.cer)0
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-02a.cer (renamed from BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-02a.cer)0
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties10
-rw-r--r--BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml4
-rw-r--r--BKUOnline/src/main/webapp/WEB-INF/web.xml191
-rw-r--r--BKUOnline/src/test/resources/applicationContext.xml2
-rw-r--r--STALService/pom.xml5
-rw-r--r--STALService/src/main/java/at/gv/egiz/stal/util/HashDataInputProxy.java67
-rw-r--r--bkucommon/pom.xml159
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java13
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java83
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java140
-rw-r--r--bkucommon/src/test/java/at/gv/egiz/bku/conf/CertValidatorTest.java32
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-01a.cerbin0 -> 1111 bytes
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-02a.cerbin0 -> 975 bytes
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-03a.cerbin0 -> 975 bytes
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-01a.cerbin0 -> 865 bytes
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-03.cerbin0 -> 979 bytes
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-01a.cerbin0 -> 1111 bytes
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-02a.cerbin0 -> 975 bytes
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-03a.cerbin0 -> 975 bytes
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-01a.cerbin0 -> 865 bytes
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-03.cerbin0 -> 979 bytes
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-SSL-03.cer26
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-03.cer27
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-01a.cer21
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-02a.cer27
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-03.cer27
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-01a.cer21
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-02a.cer27
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/testCerts/www.a-trust.at.derbin0 -> 1230 bytes
-rw-r--r--pom.xml424
47 files changed, 966 insertions, 448 deletions
diff --git a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml
index a4003a2a..a951f056 100644
--- a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml
@@ -48,11 +48,13 @@
</bean>
<!-- Configure Configuration -->
+ <bean id="certValidator" class="at.gv.egiz.bku.conf.CertValidatorImpl"></bean>
<bean id="configurator" class="at.gv.egiz.bku.local.conf.SpringConfigurator"
init-method="configure">
<!-- <property name="resource" value="classpath:at/gv/egiz/bku/local/conf/defaultConf.properties"/> -->
<property name="resource" value="file:${user.home}/.mocca/conf/defaultConf.properties"/>
+ <property name="certValidator" ref="certValidator"></property>
</bean>
diff --git a/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip
index f57e8930..8bdcbb0d 100644
--- a/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip
+++ b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip
Binary files differ
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java
index 20320d8e..544bbc99 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java
@@ -31,6 +31,7 @@ import org.apache.commons.logging.LogFactory;
import at.gv.egiz.bku.binding.HTTPBindingProcessor;
import at.gv.egiz.bku.binding.HttpUtil;
+import at.gv.egiz.bku.binding.IdFactory;
import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage;
/**
@@ -51,7 +52,8 @@ public class BKURequestHandler extends SpringBKUServlet {
log.debug("Using locale: " + locale);
HttpSession session = req.getSession();
if (session != null) {
- session.invalidate();
+ log.warn("Already a session with id: "+session.getId()+ " active, deleting this one");
+ getBindingProcessorManager().removeBindingProcessor(IdFactory.getInstance().createId(session.getId()));
}
String id = req.getSession(true).getId();
log.debug("Using session id: " + id);
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/HashDataInputServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/HashDataInputServlet.java
new file mode 100644
index 00000000..59766586
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/HashDataInputServlet.java
@@ -0,0 +1,96 @@
+package at.gv.egiz.bku.online.webapp;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.io.Reader;
+import java.io.Writer;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.binding.BindingProcessor;
+import at.gv.egiz.bku.binding.Id;
+import at.gv.egiz.bku.binding.IdFactory;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import at.gv.egiz.bku.utils.StreamUtil;
+import at.gv.egiz.stal.HashDataInput;
+import at.gv.egiz.stal.STAL;
+import at.gv.egiz.stal.service.impl.STALRequestBroker;
+import at.gv.egiz.stal.service.impl.STALRequestBrokerImpl;
+import at.gv.egiz.stal.service.impl.STALServiceImpl;
+
+public class HashDataInputServlet extends SpringBKUServlet {
+
+ private static Log log = LogFactory.getLog(HashDataInputServlet.class);
+
+ public HashDataInputServlet() {
+ }
+
+ private STALRequestBroker getSTAL(Id id) {
+ BindingProcessor bp = getBindingProcessorManager().getBindingProcessor(id);
+ if (bp == null) {
+ return null;
+ }
+ STAL stal = bp.getSTAL();
+ if (stal instanceof STALRequestBroker) {
+ return (STALRequestBroker) stal;
+ } else {
+ throw new SLRuntimeException("Unexpected STAL type");
+ }
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ if ((req.getSession() == null) && (req.getSession().getId() != null)) {
+ log.warn("Got request for hashdatainput without session info");
+ resp.sendRedirect("expired.html");
+ return;
+ }
+ Id sessionId = IdFactory.getInstance().createId(req.getSession().getId());
+ log.debug("Got request for hashdata for session " + sessionId);
+ STALRequestBroker rb = getSTAL(sessionId);
+ if (rb == null) {
+ log.info("STAL instance not found for session: " + sessionId);
+ resp.sendRedirect("expired.html");
+ return;
+ }
+ List<HashDataInput> hdi = rb.getHashDataInput();
+ log.debug("Got hashdata list with " + hdi.size() + " entries");
+ String param = req.getParameter("number");
+ int num = 0;
+ if (param != null) {
+ log.debug("Got request for hashdata#" + num);
+ num = Integer.parseInt(param);
+ }
+ if ((hdi.size() <= num) || (num < 0)){
+ log.warn("Requested hashdatainput exceeds listsize");
+ resp.sendError(-1);
+ return;
+ }
+ resp.setCharacterEncoding(req.getCharacterEncoding());
+ resp.setContentType(hdi.get(num).getMimeType());
+ String charSet = req.getCharacterEncoding();
+ if (charSet == null) {
+ charSet = "UTF-8";
+ }
+ Reader r = new InputStreamReader(hdi.get(num).getHashDataInput(), charSet);
+ Writer w = new OutputStreamWriter(resp.getOutputStream(), charSet);
+ StreamUtil.copyStream(r, w);
+ w.close();
+ return;
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ doGet(req, resp);
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java
index 4aa5130a..074aff2d 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java
@@ -32,6 +32,7 @@ import at.gv.egiz.stal.service.types.QuitRequestType;
import at.gv.egiz.stal.service.types.RequestType;
import at.gv.egiz.stal.service.types.ResponseType;
import at.gv.egiz.stal.service.types.SignRequestType;
+import at.gv.egiz.stal.util.HashDataInputProxy;
import at.gv.egiz.stal.util.STALTranslator;
import java.util.ArrayList;
import java.util.Collections;
@@ -108,7 +109,10 @@ public class STALRequestBrokerImpl implements STALRequestBroker {
req.setKeyIdentifier(((SignRequest) stalRequest).getKeyIdentifier());
req.setSignedInfo(((SignRequest) stalRequest).getSignedInfo());
requests.add(req);
- hashDataInputs.addAll(((SignRequest) stalRequest).getHashDataInput());
+ for (HashDataInput hdi : ((SignRequest) stalRequest).getHashDataInput()) {
+ hashDataInputs.add(new HashDataInputProxy(hdi));
+ }
+ //hashDataInputs.addAll(((SignRequest) stalRequest).getHashDataInput());
break;
} else if (stalRequest instanceof InfoboxReadRequest) {
log.trace("Received InfoboxReadRequest");
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-01a.cer
new file mode 100644
index 00000000..f9fef65f
--- /dev/null
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-01a.cer
Binary files differ
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-02a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-02a.cer
new file mode 100644
index 00000000..36a442b8
--- /dev/null
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-02a.cer
Binary files differ
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-03a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-03a.cer
new file mode 100644
index 00000000..ab9e0cd7
--- /dev/null
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-03a.cer
Binary files differ
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-01a.cer
new file mode 100644
index 00000000..efa28178
--- /dev/null
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-01a.cer
Binary files differ
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-03.cer
new file mode 100644
index 00000000..33e77636
--- /dev/null
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-03.cer
Binary files differ
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-SSL-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-SSL-03.cer
index ee859434..ee859434 100644
--- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-SSL-03.cer
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-SSL-03.cer
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-03.cer
index 7e67be95..7e67be95 100644
--- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-03.cer
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-03.cer
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-01a.cer
index 0c68e593..0c68e593 100644
--- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-01a.cer
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-01a.cer
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-02a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-02a.cer
index c300891d..c300891d 100644
--- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-02a.cer
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-02a.cer
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-03.cer
index 2251ca22..2251ca22 100644
--- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-03.cer
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-03.cer
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-01a.cer
index 2d7f1a03..2d7f1a03 100644
--- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-01a.cer
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-01a.cer
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-02a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-02a.cer
index 194d4d7c..194d4d7c 100644
--- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-02a.cer
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-02a.cer
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties
index 9766ae26..eebe36cd 100644
--- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties
@@ -28,18 +28,18 @@ AccessController.policyResource=classpath:at/gv/egiz/bku/online/conf/accessContr
# directory where certificates for
# chain constructions can be placed
+#SSL.certDirectory=classpath:at/gv/egiz/bku/online/conf/certs/certStore
SSL.certDirectory=classpath:at/gv/egiz/bku/online/conf/certs/certStore
+
# Directory where trusted CA
# certificates are placed
SSL.caDirectory=classpath:at/gv/egiz/bku/online/conf/certs/CACerts
-
-SSL.doRevocationChecking=true
SSL.sslProtocol=TLS
-SSL.cache.lifetime=3600
-# use authority info access extension to find ca certs.
-SSL.useAIA=true
+# warning do not set the following property to true
+# its intended for debugging and testing only
+SSL.disableAllChecks=false
# ------------ END SSL Config --------------------
diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
index b074da59..4069cdc9 100644
--- a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
@@ -45,9 +45,13 @@
</bean>
<!-- Configure Configuration -->
+ <bean id="certValidator" class="at.gv.egiz.bku.conf.CertValidatorImpl"></bean>
+
+
<bean id="configurator" class="at.gv.egiz.bku.online.conf.SpringConfigurator"
init-method="configure" scope="singleton">
<property name="resource" value="classpath:at/gv/egiz/bku/online/conf/defaultConf.properties"/>
+ <property name="certValidator" ref="certValidator"></property>
</bean>
<!-- Shutdown Event handler -->
diff --git a/BKUOnline/src/main/webapp/WEB-INF/web.xml b/BKUOnline/src/main/webapp/WEB-INF/web.xml
index 282d4db2..6b2ec35c 100644
--- a/BKUOnline/src/main/webapp/WEB-INF/web.xml
+++ b/BKUOnline/src/main/webapp/WEB-INF/web.xml
@@ -1,97 +1,104 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Copyright 2008 Federal Chancellery Austria and
- Graz University of Technology
+ <!--
+ Copyright 2008 Federal Chancellery Austria and Graz University of
+ Technology Licensed under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance with the
+ License. You may obtain a copy of the License at
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0 Unless required by
+ applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ CONDITIONS OF ANY KIND, either express or implied. See the License for
+ the specific language governing permissions and limitations under the
+ License.
+ -->
+<web-app id="bkuonline" version="2.5"
+ xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+ <display-name>http-security-layer-request</display-name>
- http://www.apache.org/licenses/LICENSE-2.0
+ <!-- Begin Spring Config -->
+ <context-param>
+ <param-name>contextConfigLocation</param-name>
+ <param-value>/WEB-INF/applicationContext.xml</param-value>
+ </context-param>
+ <listener>
+ <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+ </listener>
+ <!-- End Spring Config -->
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<web-app id="bkuonline" version="2.5"
- xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
- <display-name>http-security-layer-request</display-name>
-
- <!-- Begin Spring Config -->
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/applicationContext.xml</param-value>
- </context-param>
- <listener>
- <listener-class>
- org.springframework.web.context.ContextLoaderListener
- </listener-class>
- </listener>
- <!-- End Spring Config -->
-
- <!-- Begin BKU Config -->
- <listener>
- <listener-class>at.gv.egiz.bku.online.webapp.SessionTimeout</listener-class>
- </listener>
- <servlet>
- <servlet-name>BKUServlet</servlet-name>
- <servlet-class>at.gv.egiz.bku.online.webapp.BKURequestHandler</servlet-class>
- </servlet>
- <servlet>
- <servlet-name>ResultServlet</servlet-name>
- <servlet-class>at.gv.egiz.bku.online.webapp.ResultServlet</servlet-class>
- <init-param>
- <param-name>responseEncoding</param-name>
- <param-value>UTF-8</param-value>
- </init-param>
- <init-param>
- <param-name>expiredPage</param-name>
- <!-- FIXME -->
- <param-value>expired.html</param-value>
- </init-param>
- </servlet>
- <servlet-mapping>
- <servlet-name>BKUServlet</servlet-name>
- <url-pattern>/http-security-layer-request</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>BKUServlet</servlet-name>
- <url-pattern>/https-security-layer-request</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>ResultServlet</servlet-name>
- <url-pattern>/bkuResult</url-pattern>
- </servlet-mapping>
- <!-- End BKU Config -->
-
-
-
- <!-- Begin STAL Config -->
- <listener>
- <listener-class>com.sun.xml.ws.transport.http.servlet.WSServletContextListener</listener-class>
- </listener>
- <servlet>
- <servlet-name>STALPort</servlet-name>
- <servlet-class>com.sun.xml.ws.transport.http.servlet.WSServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>STALPort</servlet-name>
- <url-pattern>/stal</url-pattern>
- </servlet-mapping>
- <!-- End STAL Config -->
- <welcome-file-list>
- <welcome-file>index.html</welcome-file>
- <welcome-file>index.htm</welcome-file>
- <welcome-file>index.jsp</welcome-file>
- <welcome-file>default.html</welcome-file>
- <welcome-file>default.htm</welcome-file>
- <welcome-file>default.jsp</welcome-file>
- </welcome-file-list>
- <session-config>
- <session-timeout>5</session-timeout>
- </session-config>
+ <!-- Begin BKU Config -->
+ <listener>
+ <listener-class>at.gv.egiz.bku.online.webapp.SessionTimeout</listener-class>
+ </listener>
+ <servlet>
+ <servlet-name>BKUServlet</servlet-name>
+ <servlet-class>at.gv.egiz.bku.online.webapp.BKURequestHandler</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>ResultServlet</servlet-name>
+ <servlet-class>at.gv.egiz.bku.online.webapp.ResultServlet</servlet-class>
+ <init-param>
+ <param-name>responseEncoding</param-name>
+ <param-value>UTF-8</param-value>
+ </init-param>
+ <init-param>
+ <param-name>expiredPage</param-name>
+ <!-- FIXME -->
+ <param-value>expired.html</param-value>
+ </init-param>
+ </servlet>
+ <servlet>
+ <servlet-name>HashDataInputServlet</servlet-name>
+ <servlet-class>at.gv.egiz.bku.online.webapp.HashDataInputServlet</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>BKUServlet</servlet-name>
+ <url-pattern>/http-security-layer-request</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>BKUServlet</servlet-name>
+ <url-pattern>/https-security-layer-request</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>ResultServlet</servlet-name>
+ <url-pattern>/bkuResult</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>HashDataInputServlet</servlet-name>
+ <url-pattern>/hashDataInput</url-pattern>
+ </servlet-mapping>
+
+
+
+
+ <!-- End BKU Config -->
+
+ <!-- Begin STAL Config -->
+ <listener>
+ <listener-class>
+ com.sun.xml.ws.transport.http.servlet.WSServletContextListener</listener-class>
+ </listener>
+ <servlet>
+ <servlet-name>STALPort</servlet-name>
+ <servlet-class>com.sun.xml.ws.transport.http.servlet.WSServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>STALPort</servlet-name>
+ <url-pattern>/stal</url-pattern>
+ </servlet-mapping>
+ <!-- End STAL Config -->
+
+ <welcome-file-list>
+ <welcome-file>index.html</welcome-file>
+ <welcome-file>index.htm</welcome-file>
+ <welcome-file>index.jsp</welcome-file>
+ <welcome-file>default.html</welcome-file>
+ <welcome-file>default.htm</welcome-file>
+ <welcome-file>default.jsp</welcome-file>
+ </welcome-file-list>
+ <session-config>
+ <session-timeout>5</session-timeout>
+ </session-config>
</web-app> \ No newline at end of file
diff --git a/BKUOnline/src/test/resources/applicationContext.xml b/BKUOnline/src/test/resources/applicationContext.xml
index 4bb5e8e2..5f2487bf 100644
--- a/BKUOnline/src/test/resources/applicationContext.xml
+++ b/BKUOnline/src/test/resources/applicationContext.xml
@@ -45,9 +45,11 @@
</bean>
<!-- Configure Configuration -->
+ <bean id="certValidator" class="at.gv.egiz.bku.conf.CertValidatorImpl"></bean>
<bean id="configurator" class="at.gv.egiz.bku.online.conf.SpringConfigurator"
scope="singleton" init-method="configure">
<property name="resource" value="classpath:at/gv/egiz/bku/online/conf/defaultConf.properties"/>
+ <property name="certValidator" ref="certValidator"></property>
</bean>
</beans> \ No newline at end of file
diff --git a/STALService/pom.xml b/STALService/pom.xml
index 93181adb..e9c573f1 100644
--- a/STALService/pom.xml
+++ b/STALService/pom.xml
@@ -18,5 +18,10 @@
<artifactId>STAL</artifactId>
<version>1.0-SNAPSHOT</version>
</dependency>
+ <dependency>
+ <groupId>at.gv.egiz</groupId>
+ <artifactId>utils</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
</dependencies>
</project> \ No newline at end of file
diff --git a/STALService/src/main/java/at/gv/egiz/stal/util/HashDataInputProxy.java b/STALService/src/main/java/at/gv/egiz/stal/util/HashDataInputProxy.java
new file mode 100644
index 00000000..dda20968
--- /dev/null
+++ b/STALService/src/main/java/at/gv/egiz/stal/util/HashDataInputProxy.java
@@ -0,0 +1,67 @@
+package at.gv.egiz.stal.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.utils.StreamUtil;
+import at.gv.egiz.stal.HashDataInput;
+
+/**
+ * Enables multiple read requests.
+ *
+ */
+public class HashDataInputProxy implements HashDataInput {
+
+ private static Log log = LogFactory.getLog(HashDataInputProxy.class);
+
+ private HashDataInput delegate;
+ private byte[] hashInput;
+
+ /**
+ *
+ * @param delegate
+ * != null
+ */
+ public HashDataInputProxy(HashDataInput delegate) {
+ if (delegate == null) {
+ throw new NullPointerException("Constructor argument must not be null");
+ }
+ this.delegate = delegate;
+ }
+
+ @Override
+ public String getEncoding() {
+ return delegate.getEncoding();
+ }
+
+ @Override
+ public InputStream getHashDataInput() {
+ if (hashInput == null) {
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ try {
+ StreamUtil.copyStream(delegate.getHashDataInput(), os);
+ hashInput = os.toByteArray();
+ } catch (IOException e) {
+ log.error("Cannot access hashdatainput stream", e);
+ hashInput = new byte[0];
+ }
+ }
+ return new ByteArrayInputStream(hashInput);
+ }
+
+ @Override
+ public String getMimeType() {
+ return delegate.getMimeType();
+ }
+
+ @Override
+ public String getReferenceId() {
+ return delegate.getReferenceId();
+ }
+
+}
diff --git a/bkucommon/pom.xml b/bkucommon/pom.xml
index 40b73e48..a90aebf5 100644
--- a/bkucommon/pom.xml
+++ b/bkucommon/pom.xml
@@ -1,78 +1,85 @@
<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <artifactId>bku</artifactId>
- <groupId>at.gv.egiz</groupId>
- <version>1.0-SNAPSHOT</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <groupId>at.gv.egiz</groupId>
- <artifactId>bkucommon</artifactId>
- <name>BKU Common</name>
- <version>1.0-SNAPSHOT</version>
- <url>http://maven.apache.org</url>
- <dependencies>
- <dependency>
- <groupId>at.gv.egiz</groupId>
- <artifactId>utils</artifactId>
- <version>1.0-SNAPSHOT</version>
- </dependency>
- <dependency>
- <groupId>at.gv.egiz</groupId>
- <artifactId>STAL</artifactId>
- <version>1.0-SNAPSHOT</version>
- </dependency>
- <dependency>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </dependency>
- <dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik_jce_full_signed</artifactId>
- </dependency>
- <dependency>
- <groupId>commons-fileupload</groupId>
- <artifactId>commons-fileupload</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>commons-httpclient</groupId>
- <artifactId>commons-httpclient</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- </dependency>
- <dependency>
- <groupId>xalan</groupId>
- <artifactId>xalan</artifactId>
- </dependency>
- <dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik_xsect</artifactId>
- </dependency>
- </dependencies>
- <build>
- <plugins>
- <!--
- plugin> <groupId>org.codehaus.mojo</groupId>
- <artifactId>jaxws-maven-plugin</artifactId> <executions>
- <execution> <id>MOA-SPSS</id> <goals> <goal>wsimport</goal>
- </goals> </execution> </executions> <configuration>
- <extension>true</extension> <verbose>true</verbose>
- <packageName>moaspss.generated</packageName>
- <wsdlDirectory>${basedir}/src/test/wsdl</wsdlDirectory>
- <wsdlFiles> <wsdlFile>MOA-SPSS-1.3.wsdl</wsdlFile> </wsdlFiles>
- <sourceDestDir>${project.build.directory}/generated-sources/moaspss</sourceDestDir>
- <staleFile>${project.build.directory}/generated-sources/moaspss/.staleFlag</staleFile>
- <xnocompile>true</xnocompile> </configuration> </plugin
- -->
- <!--
- skip tests temporarily <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId> <configuration>
- <skip>true</skip> </configuration> </plugin-->
- </plugins>
- </build>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <artifactId>bku</artifactId>
+ <groupId>at.gv.egiz</groupId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>at.gv.egiz</groupId>
+ <artifactId>bkucommon</artifactId>
+ <name>BKU Common</name>
+ <version>1.0-SNAPSHOT</version>
+ <url>http://maven.apache.org</url>
+ <dependencies>
+ <dependency>
+ <groupId>at.gv.egiz</groupId>
+ <artifactId>utils</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz</groupId>
+ <artifactId>STAL</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_jce_full_signed</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>xalan</groupId>
+ <artifactId>xalan</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_xsect</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_pki</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <!--
+ plugin> <groupId>org.codehaus.mojo</groupId>
+ <artifactId>jaxws-maven-plugin</artifactId> <executions> <execution>
+ <id>MOA-SPSS</id> <goals> <goal>wsimport</goal> </goals>
+ </execution> </executions> <configuration>
+ <extension>true</extension> <verbose>true</verbose>
+ <packageName>moaspss.generated</packageName>
+ <wsdlDirectory>${basedir}/src/test/wsdl</wsdlDirectory> <wsdlFiles>
+ <wsdlFile>MOA-SPSS-1.3.wsdl</wsdlFile> </wsdlFiles>
+ <sourceDestDir>${project.build.directory}/generated-sources/moaspss</sourceDestDir>
+ <staleFile>${project.build.directory}/generated-sources/moaspss/.staleFlag</staleFile>
+ <xnocompile>true</xnocompile> </configuration> </plugin
+ -->
+ <!--
+ skip tests temporarily <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId> <configuration>
+ <skip>true</skip> </configuration> </plugin
+ -->
+ </plugins>
+ </build>
</project> \ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java
new file mode 100644
index 00000000..6a95b369
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java
@@ -0,0 +1,13 @@
+package at.gv.egiz.bku.conf;
+
+import iaik.x509.X509Certificate;
+
+import java.io.File;
+
+public interface CertValidator {
+
+ public abstract void init(File certDir, File caDir);
+
+ public abstract boolean isCertificateValid(String transactionId, X509Certificate[] certs);
+
+} \ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java
new file mode 100644
index 00000000..125233c1
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java
@@ -0,0 +1,83 @@
+package at.gv.egiz.bku.conf;
+
+import iaik.logging.TransactionId;
+import iaik.logging.impl.TransactionIdImpl;
+import iaik.pki.DefaultPKIConfiguration;
+import iaik.pki.DefaultPKIProfile;
+import iaik.pki.PKIConfiguration;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
+import iaik.pki.PKIModule;
+import iaik.pki.PKIProfile;
+import iaik.pki.store.certstore.CertStoreParameters;
+import iaik.pki.store.certstore.directory.DefaultDirectoryCertStoreParameters;
+import iaik.pki.store.truststore.DefaultTrustStoreProfile;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.truststore.TrustStoreTypes;
+import iaik.x509.X509Certificate;
+
+import java.io.File;
+import java.util.Date;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class CertValidatorImpl implements CertValidator {
+
+ private static Log log = LogFactory.getLog(CertValidatorImpl.class);
+
+ private PKIFactory pkiFactory;
+ private PKIProfile profile;
+
+ public CertValidatorImpl() {
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.bku.conf.CertValidator#init(java.io.File, java.io.File)
+ */
+ public void init(File certDir, File caDir) {
+ // the parameters specifying the directory certstore
+ CertStoreParameters[] certStoreParameters = { new DefaultDirectoryCertStoreParameters(
+ "CS-001", certDir.getAbsolutePath(), true, false) };
+
+ // create a new PKI configuration using the certstore parameters
+ PKIConfiguration pkiConfig = new DefaultPKIConfiguration(
+ certStoreParameters);
+
+ // Transaction ID for logging
+ TransactionId tid = new TransactionIdImpl("Configure-PKI");
+ // get PKI factory for creating PKI module(s)
+ pkiFactory = PKIFactory.getInstance();
+ // configure the factory
+ try {
+ pkiFactory.configure(pkiConfig, tid);
+ } catch (PKIException e) {
+ log.error("Cannot configure PKI module", e);
+ }
+ // the truststore to be used
+ TrustStoreProfile trustProfile = new DefaultTrustStoreProfile("TS-001",
+ TrustStoreTypes.DIRECTORY, caDir.getAbsolutePath());
+ profile = new DefaultPKIProfile(trustProfile);
+ ((DefaultPKIProfile)profile).setAutoAddCertificates(true);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.bku.conf.CertValidator#isCertificateValid(java.lang.String, iaik.x509.X509Certificate[])
+ */
+ public boolean isCertificateValid(String transactionId,
+ X509Certificate[] certs) {
+ // Transaction ID for logging
+ TransactionId tid = new TransactionIdImpl(transactionId);
+ // get a PKIModule
+ PKIModule pkiModule;
+ try {
+ pkiModule = pkiFactory.getPKIModule(profile);
+ return pkiModule.validateCertificate(new Date(), certs[0], certs, null,
+ tid).isCertificateValid();
+ } catch (PKIException e) {
+ log.error("Cannot validate certificate", e);
+ }
+ return false;
+ }
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
index 9a1e7020..9ed99190 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
@@ -9,6 +9,7 @@ import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
+import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
@@ -18,27 +19,18 @@ import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.LDAPCertStoreParameters;
-import java.security.cert.PKIXBuilderParameters;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Properties;
-import java.util.Set;
-import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
-import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.logging.Log;
@@ -55,6 +47,8 @@ public abstract class Configurator {
protected Properties properties;
+ protected CertValidator certValidator;
+
protected Configurator() {
}
@@ -64,9 +58,9 @@ public abstract class Configurator {
protected abstract InputStream getManifest();
- private Set<TrustAnchor> getCACerts() throws IOException,
+ private X509Certificate[] getCACerts() throws IOException,
CertificateException {
- Set<TrustAnchor> caCerts = new HashSet<TrustAnchor>();
+ List<X509Certificate> caCerts = new ArrayList<X509Certificate>();
File caDir = getCADir();
if (caDir != null) {
if (!caDir.isDirectory()) {
@@ -81,13 +75,12 @@ public abstract class Configurator {
X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
fis.close();
log.debug("Adding trusted cert " + cert.getSubjectDN());
- caCerts.add(new TrustAnchor(cert, null));
+ caCerts.add(cert);
} catch (Exception e) {
log.error("Cannot add trusted ca", e);
}
}
- return caCerts;
-
+ return caCerts.toArray(new X509Certificate[caCerts.size()]);
} else {
log.warn("No CA certificates configured");
}
@@ -239,69 +232,33 @@ public abstract class Configurator {
}
public void configureSSL() {
- Set<TrustAnchor> caCerts = null;
+ X509Certificate[] caCerts = null;
try {
caCerts = getCACerts();
} catch (Exception e1) {
log.error("Cannot load CA certificates", e1);
}
- List<CertStore> certStoreList = null;
- try {
- certStoreList = getCertstore();
- } catch (Exception e1) {
- log.error("Cannot load certstore certificates", e1);
- }
- String aia = getProperty("SSL.useAIA");
- if ((aia == null) || (aia.equals(""))) {
- System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
- } else {
- System.setProperty("com.sun.security.enableAIAcaIssuers", aia);
- }
- String lifetime = getProperty("SSL.cache.lifetime");
- if ((lifetime == null) || (lifetime.equals(""))) {
- System.setProperty("sun.security.certpath.ldap.cache.lifetime", "0");
- } else {
- System.setProperty("sun.security.certpath.ldap.cache.lifetime", lifetime);
- }
- X509CertSelector selector = new X509CertSelector();
- PKIXBuilderParameters pkixParams;
+ String disableAll = getProperty("SSL.disableAllChecks");
try {
- pkixParams = new PKIXBuilderParameters(caCerts, selector);
- if ((getProperty("SSL.doRevocationChecking") != null)
- && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) {
- log.info("Enable revocation checking");
- System.setProperty("com.sun.security.enableCRLDP", "true");
- Security.setProperty("ocsp.enable", "true");
- } else {
- log.warn("Revocation checking disabled");
- }
- for (CertStore cs : certStoreList) {
- pkixParams.addCertStore(cs);
- }
- ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters(
- pkixParams);
- TrustManagerFactory trustFab;
- trustFab = TrustManagerFactory.getInstance("PKIX");
- trustFab.init(trustParams);
KeyManager[] km = null;
SSLContext sslCtx = SSLContext
.getInstance(getProperty("SSL.sslProtocol"));
- String disableAll = getProperty("SSL.disableAllChecks");
if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) {
log.warn("--------------------------------------");
log.warn(" Disabling SSL Certificate Validation ");
log.warn("--------------------------------------");
- sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts,
- certStoreList) }, null);
+ sslCtx.init(km,
+ new TrustManager[] { new MyAlwaysTrustManager(caCerts) }, null);
} else {
- sslCtx.init(km, trustFab.getTrustManagers(), null);
+ MyPKITrustManager pkixTM = new MyPKITrustManager(certValidator,
+ getCertDir(), getCADir(), caCerts);
+ sslCtx.init(km, new TrustManager[] { pkixTM }, null);
}
HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory());
} catch (Exception e) {
log.error("Cannot configure SSL", e);
}
- String disableAll = getProperty("SSL.disableAllChecks");
if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) {
log.warn("---------------------------------");
log.warn(" Disabling Hostname Verification ");
@@ -315,20 +272,75 @@ public abstract class Configurator {
}
}
- private static class MyTrustManager implements X509TrustManager {
- private static Log log = LogFactory.getLog(MyTrustManager.class);
+
+
+ public void setCertValidator(CertValidator certValidator) {
+ this.certValidator = certValidator;
+ }
+
+ private static class MyPKITrustManager implements X509TrustManager {
+ private static Log log = LogFactory.getLog(MyPKITrustManager.class);
+
+ private CertValidator certValidator;
private X509Certificate[] trustedCerts;
- public MyTrustManager(Set<TrustAnchor> caCerts, List<CertStore> cs) {
- trustedCerts = new X509Certificate[caCerts.size()];
+ public MyPKITrustManager(CertValidator cv, File certStore, File trustStore,
+ X509Certificate[] trustedCerts) {
+ certValidator = cv;
+ certValidator.init(certStore, trustStore);
+ this.trustedCerts = trustedCerts;
+ }
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException {
+ log.error("Did not expect this method to get called");
+ throw new CertificateException("Method not implemented");
+ }
+
+ private static iaik.x509.X509Certificate[] convertCerts(
+ X509Certificate[] certs) throws GeneralSecurityException {
+ iaik.x509.X509Certificate[] retVal = new iaik.x509.X509Certificate[certs.length];
int i = 0;
- for (Iterator<TrustAnchor> it = caCerts.iterator(); it.hasNext();) {
- TrustAnchor ta = it.next();
- trustedCerts[i++] = ta.getTrustedCert();
+ for (X509Certificate cert : certs) {
+ if (cert instanceof iaik.x509.X509Certificate) {
+ retVal[i++] = (iaik.x509.X509Certificate) cert;
+ } else {
+ retVal[i++] = new iaik.x509.X509Certificate(cert.getEncoded());
+ }
+ }
+ return retVal;
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException {
+ try {
+ boolean valid = certValidator.isCertificateValid(Thread.currentThread()
+ .getName(), convertCerts(chain));
+ if (!valid) {
+ throw new CertificateException("Certificate not valid");
+ }
+ } catch (GeneralSecurityException e) {
+ throw new CertificateException(e);
}
}
@Override
+ public X509Certificate[] getAcceptedIssuers() {
+ return trustedCerts;
+ }
+ }
+
+ private static class MyAlwaysTrustManager implements X509TrustManager {
+ private static Log log = LogFactory.getLog(MyAlwaysTrustManager.class);
+ private X509Certificate[] trustedCerts;
+
+ public MyAlwaysTrustManager(X509Certificate[] trustedCerts) {
+ this.trustedCerts = trustedCerts;
+ }
+
+ @Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
log.error("Did not expect this method to get called");
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/conf/CertValidatorTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/conf/CertValidatorTest.java
new file mode 100644
index 00000000..7bc0daa5
--- /dev/null
+++ b/bkucommon/src/test/java/at/gv/egiz/bku/conf/CertValidatorTest.java
@@ -0,0 +1,32 @@
+package at.gv.egiz.bku.conf;
+
+import iaik.x509.X509Certificate;
+
+import java.io.File;
+import java.io.IOException;
+import java.security.cert.CertificateException;
+
+import static org.junit.Assert.*;
+
+import org.junit.Before;
+import org.junit.Test;
+
+public class CertValidatorTest {
+
+ private CertValidator cv;
+
+ @Before
+ public void setUp() {
+ cv = new CertValidatorImpl();
+ String caDir = getClass().getClassLoader().getResource("at/gv/egiz/bku/conf/certs/CACerts").getPath();
+ String certDir = getClass().getClassLoader().getResource("at/gv/egiz/bku/conf/certs/certStore").getPath();
+ cv.init(new File(caDir), new File(certDir));
+ }
+
+ @Test
+ public void testValid() throws CertificateException, IOException {
+ X509Certificate cert = new X509Certificate(getClass().getClassLoader().getResourceAsStream("at/gv/egiz/bku/conf/certs/testCerts/www.a-trust.at.der"));
+ assertTrue(cv.isCertificateValid("TID", new X509Certificate[]{cert}));
+ }
+
+}
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-01a.cer
new file mode 100644
index 00000000..f9fef65f
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-01a.cer
Binary files differ
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-02a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-02a.cer
new file mode 100644
index 00000000..36a442b8
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-02a.cer
Binary files differ
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-03a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-03a.cer
new file mode 100644
index 00000000..ab9e0cd7
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-03a.cer
Binary files differ
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-01a.cer
new file mode 100644
index 00000000..efa28178
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-01a.cer
Binary files differ
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-03.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-03.cer
new file mode 100644
index 00000000..33e77636
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-03.cer
Binary files differ
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-01a.cer
new file mode 100644
index 00000000..f9fef65f
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-01a.cer
Binary files differ
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-02a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-02a.cer
new file mode 100644
index 00000000..36a442b8
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-02a.cer
Binary files differ
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-03a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-03a.cer
new file mode 100644
index 00000000..ab9e0cd7
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-03a.cer
Binary files differ
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-01a.cer
new file mode 100644
index 00000000..efa28178
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-01a.cer
Binary files differ
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-03.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-03.cer
new file mode 100644
index 00000000..33e77636
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-03.cer
Binary files differ
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-SSL-03.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-SSL-03.cer
new file mode 100644
index 00000000..ee859434
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-SSL-03.cer
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEdzCCA1+gAwIBAgIDAmU4MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
+dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA2MDgxNjIyMDAw
+MFoXDTE2MDgxNjIyMDAwMFowgYcxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
+dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
+ZXJrZWhyIEdtYkgxFjAUBgNVBAsMDWEtc2lnbi1TU0wtMDMxFjAUBgNVBAMMDWEt
+c2lnbi1TU0wtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMjPM6
+PqgdPBPV4Efudpytt2Y4GZJfjeRdZo5SCuULDvvL+23xxBWnR3scFvfE1ekHN/YK
+k+2/qhU2B2ntoSNJSyDchNM8YPc9Lx67zZyhQTZgbBzh3IZAVb/hwuRRRV68JCBj
+r3r6v7IbwjH5XcVISdB4szx0z93aAQyKW9QkV+tD5a1vWFETvdHsZeVmDzfqcdsG
+AznPJw+9HrImCsswCWYUgPcFRkPNjj2r2NoyckVN781aWmNTAqJPf/Ckj9l9pUIt
+Vjhy8XNJW4iVDBkkykBXcGSkIau0ypJrRjsD1jKqUTIRZ/y2HlyltmwWi8OuyBLd
+LaHDbjc0b6JmqoivAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E
+CgQIQD6h02K0A90wEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEG
+MIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQv
+b3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJl
+dm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1
+dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAHKlnV3R9sbXojtONugyazkZCEzmC
+nZF1Dz4cOL0vPzzvS8MVWtG43zAgVI1NT/0ETSWsXD3YfzRi+f+/CxrGn0gwZX2t
+VGx+Z9w5ufiy1vuhxDUPmpos1TbJ4Wv3Une0E7iuHmNLg5qVlKeHWpcU8t1Y0nCt
+eRz34Qm87AVAykta33XST1fYvGoPKsDtn3qx9ye/pcbDvWjPwmqF2UUoql+d5hmJ
+Umgzwezqk4I+FS98BrnaPgC5UVFHg+yUjiUDLjYy7UvDZ5Led6kkLXuzVhQolLvr
+KTrGp5k42PG2MMkw8f6GMF/6yePXgzFMCRN8ReR7J5Htv33SytLRmFRd8g==
+-----END CERTIFICATE-----
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-03.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-03.cer
new file mode 100644
index 00000000..7e67be95
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-03.cer
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEgzCCA2ugAwIBAgIDAarsMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
+dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MTExMzIzMDAw
+MFoXDTE1MTExMzIzMDAwMFowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
+dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
+ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1jb3Jwb3JhdGUtMDMxHDAaBgNV
+BAMME2Etc2lnbi1jb3Jwb3JhdGUtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCp44qY+AiVXlcnHoKvch9s3ujoWFNktvcteIPwK7s0mb/uxTUW9UIF
+Die9n3AbyTsJE6R3nZYSJVHHi+1DKD72/WEo/B5NOOtd6KUMfJgca1tDmcsIwhFn
+82qkZrbNQwdIIdLe6+nDmjd9UBIaKv7yy1kq20jh09HOK3/bWhafVQE7EAgDfNrn
+8f0JfnnF0EA/La5kkg878L22fh9lRzt8H21THqJPtK4/e9SttjrJnPhFk2/MjAGS
+uaDufG6BV5Hnn7klR5qm5q32ypleLA6Zi4m9jRCVtPd4jRPYM40XpRkrJuFw+lxp
+rejfEZt/SRh1eQXiXDUgtgX8OaIylH9pAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUw
+AwEB/zARBgNVHQ4ECgQIQj75YZ1a5XIwEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYD
+VR0PAQH/BAQDAgEGMIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFw
+LmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9j
+ZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2Vy
+dGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEARu7e1SyBRjlA
+g/thtFwtKQRvopTZKWj2LWpEdvPvwThOvf8Depnas+ly5af8r8YzsqJzfX3XWvhN
+qOOI24g5FmXfCUTq/kbtaeTq/AqV94793IJfcilPnpMOEHMqXNDiRUoAgR/9EVj8
+mDVvL2lLlJzeAltqOD5Bi9QwguaD2/3/E5ymFnqkf1dnlXbo8AhcwPEzReNKn1eM
+Ilg4FwP1bP0HUK3Fyz1UQ/Hncg+MS7c+SkjpNEd4sH7/GdxuQs5Sk7IRwot1+sbX
+3CkkPhSqiUzig9raxJYrtbb2kyiUO8+d5HzRyoP4BNzsdZdPc0gDYweXg5qarHOQ
+16IEOtBmKg==
+-----END CERTIFICATE-----
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-01a.cer
new file mode 100644
index 00000000..0c68e593
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-01a.cer
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIEJjCCAw6gAwIBAgIDAOJEMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFUMRAwDgYDVQQK
+EwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkwFwYDVQQDExBBLVRydXN0LW5R
+dWFsLTAxMB4XDTA0MTEzMDIzMDAwMFoXDTA4MTEzMDIzMDAwMFowgZ8xCzAJBgNVBAYTAkFUMUgw
+RgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0
+ZW52ZXJrZWhyIEdtYkgxIjAgBgNVBAsTGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDExIjAgBgNV
+BAMTGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDGC65v8rni63DojEBriynPwRqNCp14/SkN5ROkTUGNvLSabfSJV4PKGLTzasPAaChwX0g/
+kebahFM3R7nIyeVx2YB8VRvC4I/spP/mCs5+6pf1N+6Kiq4NcswgNBBfqAteaQIylBMy6HDkjoXY
+X/c+SxjyrqAkeZCK+SHMOraXCO1PZHWbYwleKXf4R2Z6ayEfJ2XWeVuqqon76WHp/POI0RADBchA
+6Vm1ROzSAHz39bay1TZunQXSs3VQ9cE3uQPjN+80efmf0ZgNF0sXsDTssoZg2feTANSOkTGM1bMC
+5xe1hWFL8MZNe4yZ+NSgFN2fofb8BPvyQAW0no2PNA6PAgMBAAGjgbMwgbAwDwYDVR0TAQH/BAUw
+AwEB/zARBgNVHQ4ECgQITp5/1C/JHx8wEwYDVR0jBAwwCoAITlnOxwIyhzAwDgYDVR0PAQH/BAQD
+AgEGMGUGA1UdHwReMFwwWqBYoFaGVGxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1u
+UXVhbC0wMSxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0PzANBgkqhkiG
+9w0BAQUFAAOCAQEAOtuz2GqnTibk/poCLrdYKpZSrLyfWFsJJpfBYA9HMasnfpJBCHgRHJud6DAO
+xD900Vhmwy66D8dqsN3+fR8Bx8ZMKspnFN1B2Wz7LWOxMaKqP3JolJ/oVwzJRm0afcUMAfAumkc5
+Yqu0nC5qCF9zYY9YbJklh84uEzEg9j85kuRBHOCUc+5MVrnv7WPbirx6c95YFqXBQ0arA5QE9zYq
+MDO8aUYPOWEHgtrVI+kMwELYHqLDX7i9VqsXhgFPeVz1wIV7s/i3budGeHMS6hjnyIc30FqM7CTY
+fcvqVNZliErbjD1k1W1gMgvjLJowNvQC0W7K9/yoQhwTqtNMR4WZwA==
+-----END CERTIFICATE-----
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-02a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-02a.cer
new file mode 100644
index 00000000..c300891d
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-02a.cer
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEizCCA3OgAwIBAgIDAOSoMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
+YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa
+Fw0xNDEyMTMyMzAwMDBaMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
+a2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIw
+IAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAk6V4oEauvXgEICqgjTbGHaiDhBVo2nosX23osoKM
+LTkkO/nOCgpdCYpLKgURxwrgHgVh9XT99yxhy6lDwt2rASajj0sQ1fY5BmWVyrXS
+dQ78ISMPb73XaG4M8H7PJFcsVEo9n8veVQwnMY5mSWy0r1IO8n93Bjbmmi4Zt8oS
+p9olWo5/8ByYW8S/AKZuQx+q+bFJv7geuApVjK2iVFe8yQqHhAgDsAsDlMvxDAQ/
+vhrGwHRv8N3sLsjirnbf5S2dGLDjASOMUFvwfLQd7gHH7PV37Xa+aQqa97eE6O4O
+sIhcGRYhoLk/tWTBDapcgHJ0yTtrftuwORVteLUAy0gBNwIDAQABo4HhMIHeMA8G
+A1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEkcWDpP6A0DMBMGA1UdIwQMMAqACEI9
+KySmwUXOMA4GA1UdDwEB/wQEAwIBBjCBkgYDVR0fBIGKMIGHMIGEoIGBoH+GfWxk
+YXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1RdWFsLTAyLG89QS1UcnVz
+dCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFzZT9vYmplY3RjbGFz
+cz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQBH
+opWG7LKmPBvuGjZnRV4KGKzzUYVuxSRS1E0VIUPbVLf5xW2r5uUpR8ud5EpiPrcw
+k6K0dzu2Vb4ZbMIP+6J16S/0qvTp/3A/3q87+nJ+ot+IT8GZFJfSw18th2WmZdzR
+ShbM6sgViPtGsFROCdWeiHl248w2+zG+09sf8Bu3UyvwLRAiiKaxuwVdQ9kc0TL3
+gvv+K5eisWWthQOX2IF2jGSEqoAVwfHhl7bc9Vt7XnJSpQFebHnsIVuV4Mv6w4ww
+86hQPCLLvvV7wWDiBQ8l2FWneX0pNH3Wg+A1TRUoptc+pPDdpoP272MDm4fXyPKV
+7QgIaIK+gXNUj2GGt1K9
+-----END CERTIFICATE-----
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-03.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-03.cer
new file mode 100644
index 00000000..2251ca22
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-03.cer
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEjzCCA3egAwIBAgIDAartMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
+dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MTExMzIzMDAw
+MFoXDTE1MTExMzIzMDAwMFowgZ8xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
+dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
+ZXJrZWhyIEdtYkgxIjAgBgNVBAsMGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDMx
+IjAgBgNVBAMMGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDMwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC359oitbHkkEgdErRPeBdkcYRK2DLdxfcnn+SI
+umSEYzWVscRTchPKSzb7f1a6EHPbB5WZsGJaUDX9KfTqsJNMo+7bASKk3gsLVxNZ
+qY2t2G+y8HvREYYejDOIzjAkcBQrt+nvuBUlGYVJQjEuyAn18f2vG0Y3VNvZFGKn
+PK8AVycUMk0Uw21RbK3vX5tbbPgQ/kcZkN4czi5VHepMvf6hAwwLoJj+KL9zxm8j
+yPK88qCBKAjMNCpZKsEhyanw1CjYbVmHs45Q5W6FBtqDcS6Iq4mC6TtUPGtCTuoH
+7/JLuhEp075ohp87v3fSlzeLJjBpkUDP9U8Tv7l2euD0t1UVAgMBAAGjgeMwgeAw
+DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIQZFpHL+t2JgwEwYDVR0jBAwwCoAI
+RGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEGMIGUBgNVHR8EgYwwgYkwgYaggYOggYCG
+fmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEt
+VHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0
+Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOC
+AQEADTRIaQtPwoPS6/TpyBhOw4wAHk/RM4gkLT76URPY2sUHihxqy+8qEElN+f5l
+I61myCP3IFTClflcHVR1QCoMg0ZI5/EcQTI8Dgd5iQkXuVjh3wCj87Ka2Tu7d1K+
+i9VJ4BR/ph/qmPKR7Lx/PtATw/vWo4k2rbt5o1QwixZ7CPt+BF9xCaAC4uL0bB0M
+9M3i9W2ePmqX6WIB3jMkT9FQC0KihPPfw/17KddNi4rFMMEiTyKvJTtTqDnIAwWW
+TqsL1G7oxMMtnnYaKWMQ6gQiOiRzCY7efcAi/3YwUX6ULW5zxqapNs1vqEbSGsQE
+l1eFl67HBZHYAPdoHGUnZF0KaQ==
+-----END CERTIFICATE-----
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-01a.cer
new file mode 100644
index 00000000..2d7f1a03
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-01a.cer
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIEKDCCAxCgAwIBAgIDAOKKMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFUMRAwDgYDVQQK
+EwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkwFwYDVQQDExBBLVRydXN0LW5R
+dWFsLTAxMB4XDTA0MTIwNTIzMDAwMFoXDTA4MTEzMDIzMDAwMFowgaExCzAJBgNVBAYTAkFUMUgw
+RgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0
+ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1jb3Jwb3JhdGUtbWVkaXVtLTAxMSMwIQYD
+VQQDExphLXNpZ24tY29ycG9yYXRlLW1lZGl1bS0wMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBANEbZyIMIXZYBjTj/+3TrNGssRKNNdTedQlWB3vJQWLzeG89Kzmhy1WDX8IqDrMtvpXH
+5w6urK3ZT7HGu2Jldrib8rkEOdE9+uNGRtkP8Kuz//CvdXCbIDvBLqgvWn9a3Sl/rUicPqKwcEcN
+bP2Q0iU6NvvALmoqs93PymfTZlkGOwzUe+O88huXkauGWT/DkJd4JYDNJ0wlaGrJa+OorT4Izk1J
+EipqqedUjsAj4Gq3SKrZKG/H/CkoH9uWTzrzFgg8zQhCES4AClo84XVk//EIv3ABDw4hr+lqV1nF
+eXch9o4mLIe5u045471YLJLmyuCPDopb8U2VUoyldpMx+Y8CAwEAAaOBszCBsDAPBgNVHRMBAf8E
+BTADAQH/MBEGA1UdDgQKBAhOuHKxmCmfZDATBgNVHSMEDDAKgAhOWc7HAjKHMDAOBgNVHQ8BAf8E
+BAMCAQYwZQYDVR0fBF4wXDBaoFigVoZUbGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1BLVRydXN0
+LW5RdWFsLTAxLG89QS1UcnVzdCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/MA0GCSqG
+SIb3DQEBBQUAA4IBAQDaukYSeJVxWAh8QShqGqA6Plp9aXCTzwl9hE2gb+/xGPASo+NVQi/sUa0+
+bx29oSJaW6lKzdHQLAx4dwW9XTpJ+0mebB4fQfYHH0lGc1O4au/4O9k+C3SrD6x4WeY9k/SpUFu1
+qjzH+tjta81UWtU7Jve1BhckNwdOFx7cR8fdW+pUQSDV9XnPJfyb+gb9KWhvX+XAbgJoXW1HjJOO
+P5sx6mFhMb3UqAfKQVoAuGbl4+uxIThBTqpICkaaD8WLdukqQjomUMDRbWIf6SblPuOEpPi1G/WM
+qkTkpqX77Wkj08QY/yj5DDrsYJ5NymnWvu7jcoxCFCKvEQ8Q4g7AYKnG
+-----END CERTIFICATE-----
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-02a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-02a.cer
new file mode 100644
index 00000000..194d4d7c
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-02a.cer
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEjTCCA3WgAwIBAgIDAOSpMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
+YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa
+Fw0xNDEyMTMyMzAwMDBaMIGhMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
+a2VociBHbWJIMSMwIQYDVQQLDBphLXNpZ24tY29ycG9yYXRlLW1lZGl1bS0wMjEj
+MCEGA1UEAwwaYS1zaWduLWNvcnBvcmF0ZS1tZWRpdW0tMDIwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCuaTBb6rHd5JZqAdvpmGIl5ne0Hg6GbpJvBeCI
+U6l9Rs8ebMY6aIS++qJOE9rnJHdfZNzLzduuoWEzEuwm9a/azQThM+eT+xlG/Vcf
+NuOQTTjAuXHLvYQ7WxSrBIT/kmAyqJgq/DEPvdX4jmCtVkuZ1gbxYIChLOVBWkVC
+FCK49BuXECtNy5fzK/GyfouZOVoQgiQ1YfecqzibcwO0t+f68Pvp/s6HESAH5tXY
+PdENDw4c/W/qKaeR87jPq98AJ8Lr4bmjWLjK8/ITtGglnJy8osFz22oR7f6fbWl6
+5LdhJ3giM68WEabQcZkw8cx3RDOzbnL2Kn+PVNHHyp3Wh849AgMBAAGjgeEwgd4w
+DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISoLnpz/+q98wEwYDVR0jBAwwCoAI
+Qj0rJKbBRc4wDgYDVR0PAQH/BAQDAgEGMIGSBgNVHR8EgYowgYcwgYSggYGgf4Z9
+bGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1BLVRydXN0LVF1YWwtMDIsbz1BLVRy
+dXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdD9iYXNlP29iamVjdGNs
+YXNzPWVpZENlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggEB
+ABqg1oRs/TZ0hJLJRV/xJglFzgn2fDAXeoVvWnAE09F1d0n+ZorKAKbMfiZ2CuKs
+M0AhU23/5zM90DdrtYWXpa+P8ONALZtHJIqGfVuRKYJq7jY5TpE3yRkTcrp47smp
+WqTwUgG+0aBeU9m+ZtGUFOsBkq+MudD8IZGc7VcLd1n4ltND9ITjX20hu01ju56c
+YC69vFa5hmIccXg/Q3dGEV5Amx8MTQJluG3QvqBOY74yrAFICvK1zsvu+vOGvJQj
+i+PxKlbQdehrV82VDxyfSjpEUADWMGRfE5vg4YBGgfRosh4w7a6ThD2LMLFPmIhy
+P6+VGUBCm2tMDDOo9DVkXFs=
+-----END CERTIFICATE-----
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/testCerts/www.a-trust.at.der b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/testCerts/www.a-trust.at.der
new file mode 100644
index 00000000..61ce8dff
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/testCerts/www.a-trust.at.der
Binary files differ
diff --git a/pom.xml b/pom.xml
index c18a4c2c..d2fe06a1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,211 +1,217 @@
<?xml version="1.0" encoding="UTF-8"?>
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <modelVersion>4.0.0</modelVersion>
- <groupId>at.gv.egiz</groupId>
- <artifactId>bku</artifactId>
- <packaging>pom</packaging>
- <version>1.0-SNAPSHOT</version>
- <name>BKU</name>
- <url>http://bku.egiz.gv.at</url>
- <modules>
- <module>utils</module>
- <module>bkucommon</module>
- <module>STAL</module>
- <module>BKUOnline</module>
- <module>smcc</module>
- <module>BKULocal</module>
- <module>BKUApplet</module>
- <module>smccSTAL</module>
- <module>STALService</module>
- <module>BKUCommonGUI</module>
- <module>BKUViewer</module>
- <module>BKULocalApp</module>
- </modules>
- <developers>
- <developer>
- <id>mcentner</id>
- <name>Martin Centner</name>
- <email>mcentner@egiz.gv.at</email>
- </developer>
- <developer>
- <id>wbauer</id>
- <name>Wolfgang Bauer</name>
- <email>wbauer@egiz.gv.at</email>
- </developer>
- <developer>
- <id>corthacker</id>
- <name>Clemens Orthacker</name>
- <email>corthacker@egiz.gv.at</email>
- </developer>
- </developers>
- <scm>
- <url>svn://svn.egovlabs.gv.at/svnroot/mocca</url>
- </scm>
- <organization>
- <name>E-Government Innovation Center (EGIZ)</name>
- <url>http://www.egiz.gv.at</url>
- </organization>
- <build>
- <pluginManagement>
- <plugins>
- <plugin>
- <artifactId>maven-compiler-plugin</artifactId>
- <groupId>org.apache.maven.plugins</groupId>
- <version>2.0.2</version>
- <configuration>
- <!--
- fork>true</fork>
- <executable>${java_6_sun}/bin/javac</executable>
- <compilerVersion>1.6</compilerVersion
- -->
- <source>1.6</source>
- <target>1.6</target>
- <verbose>true</verbose>
- <showWarnings>true</showWarnings>
- </configuration>
- </plugin>
- <plugin>
- <artifactId>maven-assembly-plugin</artifactId>
- <groupId>org.apache.maven.plugins</groupId>
- <version>2.2-beta-2</version>
- </plugin>
- <plugin>
- <artifactId>maven-dependency-plugin</artifactId>
- <groupId>org.apache.maven.plugins</groupId>
- <version>2.0</version>
- </plugin>
- <!--plugin>
- <artifactId>maven-jaxb2-plugin</artifactId>
- <groupId>org.jvnet.jaxb2.maven2</groupId>
- <version>0.6.0</version>
- </plugin-->
- <plugin>
- <artifactId>jaxws-maven-plugin</artifactId>
- <groupId>org.codehaus.mojo</groupId>
- <version>1.10</version>
- </plugin>
- </plugins>
- </pluginManagement>
- <plugins>
- <plugin>
- <artifactId>maven-assembly-plugin</artifactId>
- <configuration>
- <descriptors>
- <descriptor>${basedir}/src/main/assemblies/assembly-test.xml</descriptor>
- <!--
- descriptor>${basedir}/src/main/assemblies/assembly-online.xml</descriptor>
- <descriptor>${basedir}/src/main/assemblies/assembly-local.xml</descriptor>
- <descriptor>${basedir}/src/main/assemblies/assembly-server.xml</descriptor
- -->
- </descriptors>
- </configuration>
- <!--
- don't include execution here, but explicitly in the execute
- command (see custom goals: mvn clean package
- assembly:assembly) | NOTE: Because of a quirk in Maven 2.0's
- execution model relating to aggregator mojos and the
- inheritance hierarchy, | we need to explicitly execute the
- package phase ahead of the assembly invocation, to ensure all
- modules have been built. <executions> <execution>
- <phase>package</phase> <goals> <goal>attached</goal> </goals>
- </execution> </executions
- -->
- </plugin>
- </plugins>
- </build>
- <repositories>
- <repository>
- <id>mocca-egovlabs</id>
- <name>MOCCA EGovLabs</name>
- <url>http://mocca.egovlabs.gv.at/m2/repository/</url>
- </repository>
- <repository>
- <id>maven2-repository.dev.java.net</id>
- <name>Java.net Repository for Maven 2</name>
- <url>http://download.java.net/maven/2/</url>
- </repository>
- <repository>
- <id>maven1-repository.dev.java.net</id>
- <name>Java.net Repository for Maven 1</name>
- <url>http://download.java.net/maven/1/</url>
- <layout>legacy</layout>
- </repository>
- </repositories>
- <dependencies>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <scope>runtime</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
- <dependencyManagement>
- <dependencies>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>1.2.12</version>
- <scope>runtime</scope>
- </dependency>
- <dependency>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- <version>1.1.1</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>4.4</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <version>2.9.1</version>
- </dependency>
- <dependency>
- <groupId>xalan</groupId>
- <artifactId>xalan</artifactId>
- <version>2.7.0</version>
- </dependency>
- <dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik_jce_full_signed</artifactId>
- <version>3.16</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik_jce_me4se</artifactId>
- <version>3.04</version>
- </dependency>
- <dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik_ecc_signed</artifactId>
- <version>2.15</version>
- </dependency>
- <dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik_xsect</artifactId>
- <version>1.14</version>
- </dependency>
- <dependency>
- <groupId>commons-fileupload</groupId>
- <artifactId>commons-fileupload</artifactId>
- <version>1.2.1</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>commons-httpclient</groupId>
- <artifactId>commons-httpclient</artifactId>
- <version>3.1</version>
- <scope>compile</scope>
- </dependency>
- </dependencies>
- </dependencyManagement>
+<project
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>at.gv.egiz</groupId>
+ <artifactId>bku</artifactId>
+ <packaging>pom</packaging>
+ <version>1.0-SNAPSHOT</version>
+ <name>BKU</name>
+ <url>http://bku.egiz.gv.at</url>
+ <modules>
+ <module>utils</module>
+ <module>bkucommon</module>
+ <module>STAL</module>
+ <module>BKUOnline</module>
+ <module>smcc</module>
+ <module>BKULocal</module>
+ <module>BKUApplet</module>
+ <module>smccSTAL</module>
+ <module>STALService</module>
+ <module>BKUCommonGUI</module>
+ <module>BKUViewer</module>
+ <module>BKULocalApp</module>
+ </modules>
+ <developers>
+ <developer>
+ <id>mcentner</id>
+ <name>Martin Centner</name>
+ <email>mcentner@egiz.gv.at</email>
+ </developer>
+ <developer>
+ <id>wbauer</id>
+ <name>Wolfgang Bauer</name>
+ <email>wbauer@egiz.gv.at</email>
+ </developer>
+ <developer>
+ <id>corthacker</id>
+ <name>Clemens Orthacker</name>
+ <email>corthacker@egiz.gv.at</email>
+ </developer>
+ </developers>
+ <scm>
+ <url>svn://svn.egovlabs.gv.at/svnroot/mocca</url>
+ </scm>
+ <organization>
+ <name>E-Government Innovation Center (EGIZ)</name>
+ <url>http://www.egiz.gv.at</url>
+ </organization>
+ <build>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <groupId>org.apache.maven.plugins</groupId>
+ <version>2.0.2</version>
+ <configuration>
+ <!--
+ fork>true</fork> <executable>${java_6_sun}/bin/javac</executable>
+ <compilerVersion>1.6</compilerVersion
+ -->
+ <source>1.6</source>
+ <target>1.6</target>
+ <verbose>true</verbose>
+ <showWarnings>true</showWarnings>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <groupId>org.apache.maven.plugins</groupId>
+ <version>2.2-beta-2</version>
+ </plugin>
+ <plugin>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <groupId>org.apache.maven.plugins</groupId>
+ <version>2.0</version>
+ </plugin>
+ <!--
+ plugin> <artifactId>maven-jaxb2-plugin</artifactId>
+ <groupId>org.jvnet.jaxb2.maven2</groupId> <version>0.6.0</version>
+ </plugin
+ -->
+ <plugin>
+ <artifactId>jaxws-maven-plugin</artifactId>
+ <groupId>org.codehaus.mojo</groupId>
+ <version>1.10</version>
+ </plugin>
+ </plugins>
+ </pluginManagement>
+ <plugins>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <configuration>
+ <descriptors>
+ <descriptor>${basedir}/src/main/assemblies/assembly-test.xml</descriptor>
+ <!--
+ descriptor>${basedir}/src/main/assemblies/assembly-online.xml</descriptor>
+ <descriptor>${basedir}/src/main/assemblies/assembly-local.xml</descriptor>
+ <descriptor>${basedir}/src/main/assemblies/assembly-server.xml</descriptor
+ -->
+ </descriptors>
+ </configuration>
+ <!--
+ don't include execution here, but explicitly in the execute command
+ (see custom goals: mvn clean package assembly:assembly) | NOTE:
+ Because of a quirk in Maven 2.0's execution model relating to
+ aggregator mojos and the inheritance hierarchy, | we need to
+ explicitly execute the package phase ahead of the assembly
+ invocation, to ensure all modules have been built. <executions>
+ <execution> <phase>package</phase> <goals> <goal>attached</goal>
+ </goals> </execution> </executions
+ -->
+ </plugin>
+ </plugins>
+ </build>
+ <repositories>
+ <repository>
+ <id>mocca-egovlabs</id>
+ <name>MOCCA EGovLabs</name>
+ <url>http://mocca.egovlabs.gv.at/m2/repository/</url>
+ </repository>
+ <repository>
+ <id>maven2-repository.dev.java.net</id>
+ <name>Java.net Repository for Maven 2</name>
+ <url>http://download.java.net/maven/2/</url>
+ </repository>
+ <repository>
+ <id>maven1-repository.dev.java.net</id>
+ <name>Java.net Repository for Maven 1</name>
+ <url>http://download.java.net/maven/1/</url>
+ <layout>legacy</layout>
+ </repository>
+ </repositories>
+ <dependencies>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>1.2.12</version>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ <version>1.1.1</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.4</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.9.1</version>
+ </dependency>
+ <dependency>
+ <groupId>xalan</groupId>
+ <artifactId>xalan</artifactId>
+ <version>2.7.0</version>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_jce_full_signed</artifactId>
+ <version>3.16</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_jce_me4se</artifactId>
+ <version>3.04</version>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_ecc_signed</artifactId>
+ <version>2.15</version>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_xsect</artifactId>
+ <version>1.14</version>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_pki</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ <version>1.2.1</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>3.1</version>
+ <scope>compile</scope>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
</project> \ No newline at end of file