diff options
| author | wbauer <wbauer@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2008-10-08 08:39:17 +0000 |
|---|---|---|
| committer | wbauer <wbauer@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2008-10-08 08:39:17 +0000 |
| commit | 27d91275555207f9e152c2867d52fbbf83f92ba7 (patch) | |
| tree | 27798cbea71918278dc04c9a3e4e309f05956888 | |
| parent | 35364f7492308692bd690c17f5527f4157eb583a (diff) | |
| download | mocca-27d91275555207f9e152c2867d52fbbf83f92ba7.tar.gz mocca-27d91275555207f9e152c2867d52fbbf83f92ba7.tar.bz2 mocca-27d91275555207f9e152c2867d52fbbf83f92ba7.zip | |
changed ssl certificate validation, now using iaik_pki
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@83 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
47 files changed, 966 insertions, 448 deletions
diff --git a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml index a4003a2a..a951f056 100644 --- a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml @@ -48,11 +48,13 @@ </bean>
<!-- Configure Configuration -->
+ <bean id="certValidator" class="at.gv.egiz.bku.conf.CertValidatorImpl"></bean>
<bean id="configurator" class="at.gv.egiz.bku.local.conf.SpringConfigurator"
init-method="configure">
<!-- <property name="resource" value="classpath:at/gv/egiz/bku/local/conf/defaultConf.properties"/> -->
<property name="resource" value="file:${user.home}/.mocca/conf/defaultConf.properties"/>
+ <property name="certValidator" ref="certValidator"></property>
</bean>
diff --git a/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip Binary files differindex f57e8930..8bdcbb0d 100644 --- a/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip +++ b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java index 20320d8e..544bbc99 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java @@ -31,6 +31,7 @@ import org.apache.commons.logging.LogFactory; import at.gv.egiz.bku.binding.HTTPBindingProcessor; import at.gv.egiz.bku.binding.HttpUtil; +import at.gv.egiz.bku.binding.IdFactory; import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage; /** @@ -51,7 +52,8 @@ public class BKURequestHandler extends SpringBKUServlet { log.debug("Using locale: " + locale); HttpSession session = req.getSession(); if (session != null) { - session.invalidate(); + log.warn("Already a session with id: "+session.getId()+ " active, deleting this one"); + getBindingProcessorManager().removeBindingProcessor(IdFactory.getInstance().createId(session.getId())); } String id = req.getSession(true).getId(); log.debug("Using session id: " + id); diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/HashDataInputServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/HashDataInputServlet.java new file mode 100644 index 00000000..59766586 --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/HashDataInputServlet.java @@ -0,0 +1,96 @@ +package at.gv.egiz.bku.online.webapp;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.io.Reader;
+import java.io.Writer;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.binding.BindingProcessor;
+import at.gv.egiz.bku.binding.Id;
+import at.gv.egiz.bku.binding.IdFactory;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import at.gv.egiz.bku.utils.StreamUtil;
+import at.gv.egiz.stal.HashDataInput;
+import at.gv.egiz.stal.STAL;
+import at.gv.egiz.stal.service.impl.STALRequestBroker;
+import at.gv.egiz.stal.service.impl.STALRequestBrokerImpl;
+import at.gv.egiz.stal.service.impl.STALServiceImpl;
+
+public class HashDataInputServlet extends SpringBKUServlet {
+
+ private static Log log = LogFactory.getLog(HashDataInputServlet.class);
+
+ public HashDataInputServlet() {
+ }
+
+ private STALRequestBroker getSTAL(Id id) {
+ BindingProcessor bp = getBindingProcessorManager().getBindingProcessor(id);
+ if (bp == null) {
+ return null;
+ }
+ STAL stal = bp.getSTAL();
+ if (stal instanceof STALRequestBroker) {
+ return (STALRequestBroker) stal;
+ } else {
+ throw new SLRuntimeException("Unexpected STAL type");
+ }
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ if ((req.getSession() == null) && (req.getSession().getId() != null)) {
+ log.warn("Got request for hashdatainput without session info");
+ resp.sendRedirect("expired.html");
+ return;
+ }
+ Id sessionId = IdFactory.getInstance().createId(req.getSession().getId());
+ log.debug("Got request for hashdata for session " + sessionId);
+ STALRequestBroker rb = getSTAL(sessionId);
+ if (rb == null) {
+ log.info("STAL instance not found for session: " + sessionId);
+ resp.sendRedirect("expired.html");
+ return;
+ }
+ List<HashDataInput> hdi = rb.getHashDataInput();
+ log.debug("Got hashdata list with " + hdi.size() + " entries");
+ String param = req.getParameter("number");
+ int num = 0;
+ if (param != null) {
+ log.debug("Got request for hashdata#" + num);
+ num = Integer.parseInt(param);
+ }
+ if ((hdi.size() <= num) || (num < 0)){
+ log.warn("Requested hashdatainput exceeds listsize");
+ resp.sendError(-1);
+ return;
+ }
+ resp.setCharacterEncoding(req.getCharacterEncoding());
+ resp.setContentType(hdi.get(num).getMimeType());
+ String charSet = req.getCharacterEncoding();
+ if (charSet == null) {
+ charSet = "UTF-8";
+ }
+ Reader r = new InputStreamReader(hdi.get(num).getHashDataInput(), charSet);
+ Writer w = new OutputStreamWriter(resp.getOutputStream(), charSet);
+ StreamUtil.copyStream(r, w);
+ w.close();
+ return;
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ doGet(req, resp);
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java index 4aa5130a..074aff2d 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java @@ -32,6 +32,7 @@ import at.gv.egiz.stal.service.types.QuitRequestType; import at.gv.egiz.stal.service.types.RequestType; import at.gv.egiz.stal.service.types.ResponseType; import at.gv.egiz.stal.service.types.SignRequestType; +import at.gv.egiz.stal.util.HashDataInputProxy; import at.gv.egiz.stal.util.STALTranslator; import java.util.ArrayList; import java.util.Collections; @@ -108,7 +109,10 @@ public class STALRequestBrokerImpl implements STALRequestBroker { req.setKeyIdentifier(((SignRequest) stalRequest).getKeyIdentifier()); req.setSignedInfo(((SignRequest) stalRequest).getSignedInfo()); requests.add(req); - hashDataInputs.addAll(((SignRequest) stalRequest).getHashDataInput()); + for (HashDataInput hdi : ((SignRequest) stalRequest).getHashDataInput()) { + hashDataInputs.add(new HashDataInputProxy(hdi)); + } + //hashDataInputs.addAll(((SignRequest) stalRequest).getHashDataInput()); break; } else if (stalRequest instanceof InfoboxReadRequest) { log.trace("Received InfoboxReadRequest"); diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-01a.cer Binary files differnew file mode 100644 index 00000000..f9fef65f --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-01a.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-02a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-02a.cer Binary files differnew file mode 100644 index 00000000..36a442b8 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-02a.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-03a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-03a.cer Binary files differnew file mode 100644 index 00000000..ab9e0cd7 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-03a.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-01a.cer Binary files differnew file mode 100644 index 00000000..efa28178 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-01a.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-03.cer Binary files differnew file mode 100644 index 00000000..33e77636 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-03.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-SSL-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-SSL-03.cer index ee859434..ee859434 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-SSL-03.cer +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-SSL-03.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-03.cer index 7e67be95..7e67be95 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-03.cer +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-03.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-01a.cer index 0c68e593..0c68e593 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-01a.cer +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-01a.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-02a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-02a.cer index c300891d..c300891d 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-02a.cer +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-02a.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-03.cer index 2251ca22..2251ca22 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-03.cer +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-03.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-01a.cer index 2d7f1a03..2d7f1a03 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-01a.cer +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-01a.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-02a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-02a.cer index 194d4d7c..194d4d7c 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-02a.cer +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-02a.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties index 9766ae26..eebe36cd 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties @@ -28,18 +28,18 @@ AccessController.policyResource=classpath:at/gv/egiz/bku/online/conf/accessContr # directory where certificates for
# chain constructions can be placed
+#SSL.certDirectory=classpath:at/gv/egiz/bku/online/conf/certs/certStore
SSL.certDirectory=classpath:at/gv/egiz/bku/online/conf/certs/certStore
+
# Directory where trusted CA
# certificates are placed
SSL.caDirectory=classpath:at/gv/egiz/bku/online/conf/certs/CACerts
-
-SSL.doRevocationChecking=true
SSL.sslProtocol=TLS
-SSL.cache.lifetime=3600
-# use authority info access extension to find ca certs.
-SSL.useAIA=true
+# warning do not set the following property to true
+# its intended for debugging and testing only
+SSL.disableAllChecks=false
# ------------ END SSL Config --------------------
diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml index b074da59..4069cdc9 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml @@ -45,9 +45,13 @@ </bean>
<!-- Configure Configuration -->
+ <bean id="certValidator" class="at.gv.egiz.bku.conf.CertValidatorImpl"></bean>
+
+
<bean id="configurator" class="at.gv.egiz.bku.online.conf.SpringConfigurator"
init-method="configure" scope="singleton">
<property name="resource" value="classpath:at/gv/egiz/bku/online/conf/defaultConf.properties"/>
+ <property name="certValidator" ref="certValidator"></property>
</bean>
<!-- Shutdown Event handler -->
diff --git a/BKUOnline/src/main/webapp/WEB-INF/web.xml b/BKUOnline/src/main/webapp/WEB-INF/web.xml index 282d4db2..6b2ec35c 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/web.xml +++ b/BKUOnline/src/main/webapp/WEB-INF/web.xml @@ -1,97 +1,104 @@ <?xml version="1.0" encoding="UTF-8"?> -<!-- - Copyright 2008 Federal Chancellery Austria and - Graz University of Technology + <!-- + Copyright 2008 Federal Chancellery Austria and Graz University of + Technology Licensed under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance with the + License. You may obtain a copy of the License at - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 Unless required by + applicable law or agreed to in writing, software distributed under the + License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + CONDITIONS OF ANY KIND, either express or implied. See the License for + the specific language governing permissions and limitations under the + License. + --> +<web-app id="bkuonline" version="2.5" + xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> + <display-name>http-security-layer-request</display-name> - http://www.apache.org/licenses/LICENSE-2.0 + <!-- Begin Spring Config --> + <context-param> + <param-name>contextConfigLocation</param-name> + <param-value>/WEB-INF/applicationContext.xml</param-value> + </context-param> + <listener> + <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> + </listener> + <!-- End Spring Config --> - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<web-app id="bkuonline" version="2.5" - xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> - <display-name>http-security-layer-request</display-name> - - <!-- Begin Spring Config --> - <context-param> - <param-name>contextConfigLocation</param-name> - <param-value>/WEB-INF/applicationContext.xml</param-value> - </context-param> - <listener> - <listener-class> - org.springframework.web.context.ContextLoaderListener - </listener-class> - </listener> - <!-- End Spring Config --> - - <!-- Begin BKU Config --> - <listener> - <listener-class>at.gv.egiz.bku.online.webapp.SessionTimeout</listener-class> - </listener> - <servlet> - <servlet-name>BKUServlet</servlet-name> - <servlet-class>at.gv.egiz.bku.online.webapp.BKURequestHandler</servlet-class> - </servlet> - <servlet> - <servlet-name>ResultServlet</servlet-name> - <servlet-class>at.gv.egiz.bku.online.webapp.ResultServlet</servlet-class> - <init-param> - <param-name>responseEncoding</param-name> - <param-value>UTF-8</param-value> - </init-param> - <init-param> - <param-name>expiredPage</param-name> - <!-- FIXME --> - <param-value>expired.html</param-value> - </init-param> - </servlet> - <servlet-mapping> - <servlet-name>BKUServlet</servlet-name> - <url-pattern>/http-security-layer-request</url-pattern> - </servlet-mapping> - <servlet-mapping> - <servlet-name>BKUServlet</servlet-name> - <url-pattern>/https-security-layer-request</url-pattern> - </servlet-mapping> - <servlet-mapping> - <servlet-name>ResultServlet</servlet-name> - <url-pattern>/bkuResult</url-pattern> - </servlet-mapping> - <!-- End BKU Config --> - - - - <!-- Begin STAL Config --> - <listener> - <listener-class>com.sun.xml.ws.transport.http.servlet.WSServletContextListener</listener-class> - </listener> - <servlet> - <servlet-name>STALPort</servlet-name> - <servlet-class>com.sun.xml.ws.transport.http.servlet.WSServlet</servlet-class> - <load-on-startup>1</load-on-startup> - </servlet> - <servlet-mapping> - <servlet-name>STALPort</servlet-name> - <url-pattern>/stal</url-pattern> - </servlet-mapping> - <!-- End STAL Config --> - <welcome-file-list> - <welcome-file>index.html</welcome-file> - <welcome-file>index.htm</welcome-file> - <welcome-file>index.jsp</welcome-file> - <welcome-file>default.html</welcome-file> - <welcome-file>default.htm</welcome-file> - <welcome-file>default.jsp</welcome-file> - </welcome-file-list> - <session-config> - <session-timeout>5</session-timeout> - </session-config> + <!-- Begin BKU Config --> + <listener> + <listener-class>at.gv.egiz.bku.online.webapp.SessionTimeout</listener-class> + </listener> + <servlet> + <servlet-name>BKUServlet</servlet-name> + <servlet-class>at.gv.egiz.bku.online.webapp.BKURequestHandler</servlet-class> + </servlet> + <servlet> + <servlet-name>ResultServlet</servlet-name> + <servlet-class>at.gv.egiz.bku.online.webapp.ResultServlet</servlet-class> + <init-param> + <param-name>responseEncoding</param-name> + <param-value>UTF-8</param-value> + </init-param> + <init-param> + <param-name>expiredPage</param-name> + <!-- FIXME --> + <param-value>expired.html</param-value> + </init-param> + </servlet> + <servlet> + <servlet-name>HashDataInputServlet</servlet-name> + <servlet-class>at.gv.egiz.bku.online.webapp.HashDataInputServlet</servlet-class> + </servlet> + <servlet-mapping> + <servlet-name>BKUServlet</servlet-name> + <url-pattern>/http-security-layer-request</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>BKUServlet</servlet-name> + <url-pattern>/https-security-layer-request</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>ResultServlet</servlet-name> + <url-pattern>/bkuResult</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>HashDataInputServlet</servlet-name> + <url-pattern>/hashDataInput</url-pattern> + </servlet-mapping> + + + + + <!-- End BKU Config --> + + <!-- Begin STAL Config --> + <listener> + <listener-class> + com.sun.xml.ws.transport.http.servlet.WSServletContextListener</listener-class> + </listener> + <servlet> + <servlet-name>STALPort</servlet-name> + <servlet-class>com.sun.xml.ws.transport.http.servlet.WSServlet</servlet-class> + <load-on-startup>1</load-on-startup> + </servlet> + <servlet-mapping> + <servlet-name>STALPort</servlet-name> + <url-pattern>/stal</url-pattern> + </servlet-mapping> + <!-- End STAL Config --> + + <welcome-file-list> + <welcome-file>index.html</welcome-file> + <welcome-file>index.htm</welcome-file> + <welcome-file>index.jsp</welcome-file> + <welcome-file>default.html</welcome-file> + <welcome-file>default.htm</welcome-file> + <welcome-file>default.jsp</welcome-file> + </welcome-file-list> + <session-config> + <session-timeout>5</session-timeout> + </session-config> </web-app>
\ No newline at end of file diff --git a/BKUOnline/src/test/resources/applicationContext.xml b/BKUOnline/src/test/resources/applicationContext.xml index 4bb5e8e2..5f2487bf 100644 --- a/BKUOnline/src/test/resources/applicationContext.xml +++ b/BKUOnline/src/test/resources/applicationContext.xml @@ -45,9 +45,11 @@ </bean>
<!-- Configure Configuration -->
+ <bean id="certValidator" class="at.gv.egiz.bku.conf.CertValidatorImpl"></bean>
<bean id="configurator" class="at.gv.egiz.bku.online.conf.SpringConfigurator"
scope="singleton" init-method="configure">
<property name="resource" value="classpath:at/gv/egiz/bku/online/conf/defaultConf.properties"/>
+ <property name="certValidator" ref="certValidator"></property>
</bean>
</beans>
\ No newline at end of file diff --git a/STALService/pom.xml b/STALService/pom.xml index 93181adb..e9c573f1 100644 --- a/STALService/pom.xml +++ b/STALService/pom.xml @@ -18,5 +18,10 @@ <artifactId>STAL</artifactId> <version>1.0-SNAPSHOT</version> </dependency> + <dependency> + <groupId>at.gv.egiz</groupId> + <artifactId>utils</artifactId> + <version>1.0-SNAPSHOT</version> + </dependency> </dependencies> </project>
\ No newline at end of file diff --git a/STALService/src/main/java/at/gv/egiz/stal/util/HashDataInputProxy.java b/STALService/src/main/java/at/gv/egiz/stal/util/HashDataInputProxy.java new file mode 100644 index 00000000..dda20968 --- /dev/null +++ b/STALService/src/main/java/at/gv/egiz/stal/util/HashDataInputProxy.java @@ -0,0 +1,67 @@ +package at.gv.egiz.stal.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.utils.StreamUtil;
+import at.gv.egiz.stal.HashDataInput;
+
+/**
+ * Enables multiple read requests.
+ *
+ */
+public class HashDataInputProxy implements HashDataInput {
+
+ private static Log log = LogFactory.getLog(HashDataInputProxy.class);
+
+ private HashDataInput delegate;
+ private byte[] hashInput;
+
+ /**
+ *
+ * @param delegate
+ * != null
+ */
+ public HashDataInputProxy(HashDataInput delegate) {
+ if (delegate == null) {
+ throw new NullPointerException("Constructor argument must not be null");
+ }
+ this.delegate = delegate;
+ }
+
+ @Override
+ public String getEncoding() {
+ return delegate.getEncoding();
+ }
+
+ @Override
+ public InputStream getHashDataInput() {
+ if (hashInput == null) {
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ try {
+ StreamUtil.copyStream(delegate.getHashDataInput(), os);
+ hashInput = os.toByteArray();
+ } catch (IOException e) {
+ log.error("Cannot access hashdatainput stream", e);
+ hashInput = new byte[0];
+ }
+ }
+ return new ByteArrayInputStream(hashInput);
+ }
+
+ @Override
+ public String getMimeType() {
+ return delegate.getMimeType();
+ }
+
+ @Override
+ public String getReferenceId() {
+ return delegate.getReferenceId();
+ }
+
+}
diff --git a/bkucommon/pom.xml b/bkucommon/pom.xml index 40b73e48..a90aebf5 100644 --- a/bkucommon/pom.xml +++ b/bkucommon/pom.xml @@ -1,78 +1,85 @@ <?xml version="1.0" encoding="UTF-8"?> -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> - <parent> - <artifactId>bku</artifactId> - <groupId>at.gv.egiz</groupId> - <version>1.0-SNAPSHOT</version> - </parent> - <modelVersion>4.0.0</modelVersion> - <groupId>at.gv.egiz</groupId> - <artifactId>bkucommon</artifactId> - <name>BKU Common</name> - <version>1.0-SNAPSHOT</version> - <url>http://maven.apache.org</url> - <dependencies> - <dependency> - <groupId>at.gv.egiz</groupId> - <artifactId>utils</artifactId> - <version>1.0-SNAPSHOT</version> - </dependency> - <dependency> - <groupId>at.gv.egiz</groupId> - <artifactId>STAL</artifactId> - <version>1.0-SNAPSHOT</version> - </dependency> - <dependency> - <groupId>commons-logging</groupId> - <artifactId>commons-logging</artifactId> - </dependency> - <dependency> - <groupId>iaik</groupId> - <artifactId>iaik_jce_full_signed</artifactId> - </dependency> - <dependency> - <groupId>commons-fileupload</groupId> - <artifactId>commons-fileupload</artifactId> - <scope>compile</scope> - </dependency> - <dependency> - <groupId>commons-httpclient</groupId> - <artifactId>commons-httpclient</artifactId> - <scope>compile</scope> - </dependency> - <dependency> - <groupId>xerces</groupId> - <artifactId>xercesImpl</artifactId> - </dependency> - <dependency> - <groupId>xalan</groupId> - <artifactId>xalan</artifactId> - </dependency> - <dependency> - <groupId>iaik</groupId> - <artifactId>iaik_xsect</artifactId> - </dependency> - </dependencies> - <build> - <plugins> - <!-- - plugin> <groupId>org.codehaus.mojo</groupId> - <artifactId>jaxws-maven-plugin</artifactId> <executions> - <execution> <id>MOA-SPSS</id> <goals> <goal>wsimport</goal> - </goals> </execution> </executions> <configuration> - <extension>true</extension> <verbose>true</verbose> - <packageName>moaspss.generated</packageName> - <wsdlDirectory>${basedir}/src/test/wsdl</wsdlDirectory> - <wsdlFiles> <wsdlFile>MOA-SPSS-1.3.wsdl</wsdlFile> </wsdlFiles> - <sourceDestDir>${project.build.directory}/generated-sources/moaspss</sourceDestDir> - <staleFile>${project.build.directory}/generated-sources/moaspss/.staleFlag</staleFile> - <xnocompile>true</xnocompile> </configuration> </plugin - --> - <!-- - skip tests temporarily <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-surefire-plugin</artifactId> <configuration> - <skip>true</skip> </configuration> </plugin--> - </plugins> - </build> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + <parent> + <artifactId>bku</artifactId> + <groupId>at.gv.egiz</groupId> + <version>1.0-SNAPSHOT</version> + </parent> + <modelVersion>4.0.0</modelVersion> + <groupId>at.gv.egiz</groupId> + <artifactId>bkucommon</artifactId> + <name>BKU Common</name> + <version>1.0-SNAPSHOT</version> + <url>http://maven.apache.org</url> + <dependencies> + <dependency> + <groupId>at.gv.egiz</groupId> + <artifactId>utils</artifactId> + <version>1.0-SNAPSHOT</version> + </dependency> + <dependency> + <groupId>at.gv.egiz</groupId> + <artifactId>STAL</artifactId> + <version>1.0-SNAPSHOT</version> + </dependency> + <dependency> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + </dependency> + <dependency> + <groupId>iaik</groupId> + <artifactId>iaik_jce_full_signed</artifactId> + </dependency> + <dependency> + <groupId>commons-fileupload</groupId> + <artifactId>commons-fileupload</artifactId> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>commons-httpclient</groupId> + <artifactId>commons-httpclient</artifactId> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + </dependency> + <dependency> + <groupId>xalan</groupId> + <artifactId>xalan</artifactId> + </dependency> + <dependency> + <groupId>iaik</groupId> + <artifactId>iaik_xsect</artifactId> + </dependency> + <dependency> + <groupId>iaik</groupId> + <artifactId>iaik_pki</artifactId> + <scope>compile</scope> + </dependency> + </dependencies> + <build> + <plugins> + <!-- + plugin> <groupId>org.codehaus.mojo</groupId> + <artifactId>jaxws-maven-plugin</artifactId> <executions> <execution> + <id>MOA-SPSS</id> <goals> <goal>wsimport</goal> </goals> + </execution> </executions> <configuration> + <extension>true</extension> <verbose>true</verbose> + <packageName>moaspss.generated</packageName> + <wsdlDirectory>${basedir}/src/test/wsdl</wsdlDirectory> <wsdlFiles> + <wsdlFile>MOA-SPSS-1.3.wsdl</wsdlFile> </wsdlFiles> + <sourceDestDir>${project.build.directory}/generated-sources/moaspss</sourceDestDir> + <staleFile>${project.build.directory}/generated-sources/moaspss/.staleFlag</staleFile> + <xnocompile>true</xnocompile> </configuration> </plugin + --> + <!-- + skip tests temporarily <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> <configuration> + <skip>true</skip> </configuration> </plugin + --> + </plugins> + </build> </project>
\ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java new file mode 100644 index 00000000..6a95b369 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java @@ -0,0 +1,13 @@ +package at.gv.egiz.bku.conf;
+
+import iaik.x509.X509Certificate;
+
+import java.io.File;
+
+public interface CertValidator {
+
+ public abstract void init(File certDir, File caDir);
+
+ public abstract boolean isCertificateValid(String transactionId, X509Certificate[] certs);
+
+}
\ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java new file mode 100644 index 00000000..125233c1 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java @@ -0,0 +1,83 @@ +package at.gv.egiz.bku.conf;
+
+import iaik.logging.TransactionId;
+import iaik.logging.impl.TransactionIdImpl;
+import iaik.pki.DefaultPKIConfiguration;
+import iaik.pki.DefaultPKIProfile;
+import iaik.pki.PKIConfiguration;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
+import iaik.pki.PKIModule;
+import iaik.pki.PKIProfile;
+import iaik.pki.store.certstore.CertStoreParameters;
+import iaik.pki.store.certstore.directory.DefaultDirectoryCertStoreParameters;
+import iaik.pki.store.truststore.DefaultTrustStoreProfile;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.truststore.TrustStoreTypes;
+import iaik.x509.X509Certificate;
+
+import java.io.File;
+import java.util.Date;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class CertValidatorImpl implements CertValidator {
+
+ private static Log log = LogFactory.getLog(CertValidatorImpl.class);
+
+ private PKIFactory pkiFactory;
+ private PKIProfile profile;
+
+ public CertValidatorImpl() {
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.bku.conf.CertValidator#init(java.io.File, java.io.File)
+ */
+ public void init(File certDir, File caDir) {
+ // the parameters specifying the directory certstore
+ CertStoreParameters[] certStoreParameters = { new DefaultDirectoryCertStoreParameters(
+ "CS-001", certDir.getAbsolutePath(), true, false) };
+
+ // create a new PKI configuration using the certstore parameters
+ PKIConfiguration pkiConfig = new DefaultPKIConfiguration(
+ certStoreParameters);
+
+ // Transaction ID for logging
+ TransactionId tid = new TransactionIdImpl("Configure-PKI");
+ // get PKI factory for creating PKI module(s)
+ pkiFactory = PKIFactory.getInstance();
+ // configure the factory
+ try {
+ pkiFactory.configure(pkiConfig, tid);
+ } catch (PKIException e) {
+ log.error("Cannot configure PKI module", e);
+ }
+ // the truststore to be used
+ TrustStoreProfile trustProfile = new DefaultTrustStoreProfile("TS-001",
+ TrustStoreTypes.DIRECTORY, caDir.getAbsolutePath());
+ profile = new DefaultPKIProfile(trustProfile);
+ ((DefaultPKIProfile)profile).setAutoAddCertificates(true);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.bku.conf.CertValidator#isCertificateValid(java.lang.String, iaik.x509.X509Certificate[])
+ */
+ public boolean isCertificateValid(String transactionId,
+ X509Certificate[] certs) {
+ // Transaction ID for logging
+ TransactionId tid = new TransactionIdImpl(transactionId);
+ // get a PKIModule
+ PKIModule pkiModule;
+ try {
+ pkiModule = pkiFactory.getPKIModule(profile);
+ return pkiModule.validateCertificate(new Date(), certs[0], certs, null,
+ tid).isCertificateValid();
+ } catch (PKIException e) {
+ log.error("Cannot validate certificate", e);
+ }
+ return false;
+ }
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index 9a1e7020..9ed99190 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -9,6 +9,7 @@ import java.io.FileInputStream; import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
+import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
@@ -18,27 +19,18 @@ import java.security.cert.CertificateException; import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.LDAPCertStoreParameters;
-import java.security.cert.PKIXBuilderParameters;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Properties;
-import java.util.Set;
-import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
-import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.logging.Log;
@@ -55,6 +47,8 @@ public abstract class Configurator { protected Properties properties;
+ protected CertValidator certValidator;
+
protected Configurator() {
}
@@ -64,9 +58,9 @@ public abstract class Configurator { protected abstract InputStream getManifest();
- private Set<TrustAnchor> getCACerts() throws IOException,
+ private X509Certificate[] getCACerts() throws IOException,
CertificateException {
- Set<TrustAnchor> caCerts = new HashSet<TrustAnchor>();
+ List<X509Certificate> caCerts = new ArrayList<X509Certificate>();
File caDir = getCADir();
if (caDir != null) {
if (!caDir.isDirectory()) {
@@ -81,13 +75,12 @@ public abstract class Configurator { X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
fis.close();
log.debug("Adding trusted cert " + cert.getSubjectDN());
- caCerts.add(new TrustAnchor(cert, null));
+ caCerts.add(cert);
} catch (Exception e) {
log.error("Cannot add trusted ca", e);
}
}
- return caCerts;
-
+ return caCerts.toArray(new X509Certificate[caCerts.size()]);
} else {
log.warn("No CA certificates configured");
}
@@ -239,69 +232,33 @@ public abstract class Configurator { }
public void configureSSL() {
- Set<TrustAnchor> caCerts = null;
+ X509Certificate[] caCerts = null;
try {
caCerts = getCACerts();
} catch (Exception e1) {
log.error("Cannot load CA certificates", e1);
}
- List<CertStore> certStoreList = null;
- try {
- certStoreList = getCertstore();
- } catch (Exception e1) {
- log.error("Cannot load certstore certificates", e1);
- }
- String aia = getProperty("SSL.useAIA");
- if ((aia == null) || (aia.equals(""))) {
- System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
- } else {
- System.setProperty("com.sun.security.enableAIAcaIssuers", aia);
- }
- String lifetime = getProperty("SSL.cache.lifetime");
- if ((lifetime == null) || (lifetime.equals(""))) {
- System.setProperty("sun.security.certpath.ldap.cache.lifetime", "0");
- } else {
- System.setProperty("sun.security.certpath.ldap.cache.lifetime", lifetime);
- }
- X509CertSelector selector = new X509CertSelector();
- PKIXBuilderParameters pkixParams;
+ String disableAll = getProperty("SSL.disableAllChecks");
try {
- pkixParams = new PKIXBuilderParameters(caCerts, selector);
- if ((getProperty("SSL.doRevocationChecking") != null)
- && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) {
- log.info("Enable revocation checking");
- System.setProperty("com.sun.security.enableCRLDP", "true");
- Security.setProperty("ocsp.enable", "true");
- } else {
- log.warn("Revocation checking disabled");
- }
- for (CertStore cs : certStoreList) {
- pkixParams.addCertStore(cs);
- }
- ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters(
- pkixParams);
- TrustManagerFactory trustFab;
- trustFab = TrustManagerFactory.getInstance("PKIX");
- trustFab.init(trustParams);
KeyManager[] km = null;
SSLContext sslCtx = SSLContext
.getInstance(getProperty("SSL.sslProtocol"));
- String disableAll = getProperty("SSL.disableAllChecks");
if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) {
log.warn("--------------------------------------");
log.warn(" Disabling SSL Certificate Validation ");
log.warn("--------------------------------------");
- sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts,
- certStoreList) }, null);
+ sslCtx.init(km,
+ new TrustManager[] { new MyAlwaysTrustManager(caCerts) }, null);
} else {
- sslCtx.init(km, trustFab.getTrustManagers(), null);
+ MyPKITrustManager pkixTM = new MyPKITrustManager(certValidator,
+ getCertDir(), getCADir(), caCerts);
+ sslCtx.init(km, new TrustManager[] { pkixTM }, null);
}
HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory());
} catch (Exception e) {
log.error("Cannot configure SSL", e);
}
- String disableAll = getProperty("SSL.disableAllChecks");
if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) {
log.warn("---------------------------------");
log.warn(" Disabling Hostname Verification ");
@@ -315,20 +272,75 @@ public abstract class Configurator { }
}
- private static class MyTrustManager implements X509TrustManager {
- private static Log log = LogFactory.getLog(MyTrustManager.class);
+
+
+ public void setCertValidator(CertValidator certValidator) {
+ this.certValidator = certValidator;
+ }
+
+ private static class MyPKITrustManager implements X509TrustManager {
+ private static Log log = LogFactory.getLog(MyPKITrustManager.class);
+
+ private CertValidator certValidator;
private X509Certificate[] trustedCerts;
- public MyTrustManager(Set<TrustAnchor> caCerts, List<CertStore> cs) {
- trustedCerts = new X509Certificate[caCerts.size()];
+ public MyPKITrustManager(CertValidator cv, File certStore, File trustStore,
+ X509Certificate[] trustedCerts) {
+ certValidator = cv;
+ certValidator.init(certStore, trustStore);
+ this.trustedCerts = trustedCerts;
+ }
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException {
+ log.error("Did not expect this method to get called");
+ throw new CertificateException("Method not implemented");
+ }
+
+ private static iaik.x509.X509Certificate[] convertCerts(
+ X509Certificate[] certs) throws GeneralSecurityException {
+ iaik.x509.X509Certificate[] retVal = new iaik.x509.X509Certificate[certs.length];
int i = 0;
- for (Iterator<TrustAnchor> it = caCerts.iterator(); it.hasNext();) {
- TrustAnchor ta = it.next();
- trustedCerts[i++] = ta.getTrustedCert();
+ for (X509Certificate cert : certs) {
+ if (cert instanceof iaik.x509.X509Certificate) {
+ retVal[i++] = (iaik.x509.X509Certificate) cert;
+ } else {
+ retVal[i++] = new iaik.x509.X509Certificate(cert.getEncoded());
+ }
+ }
+ return retVal;
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException {
+ try {
+ boolean valid = certValidator.isCertificateValid(Thread.currentThread()
+ .getName(), convertCerts(chain));
+ if (!valid) {
+ throw new CertificateException("Certificate not valid");
+ }
+ } catch (GeneralSecurityException e) {
+ throw new CertificateException(e);
}
}
@Override
+ public X509Certificate[] getAcceptedIssuers() {
+ return trustedCerts;
+ }
+ }
+
+ private static class MyAlwaysTrustManager implements X509TrustManager {
+ private static Log log = LogFactory.getLog(MyAlwaysTrustManager.class);
+ private X509Certificate[] trustedCerts;
+
+ public MyAlwaysTrustManager(X509Certificate[] trustedCerts) {
+ this.trustedCerts = trustedCerts;
+ }
+
+ @Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
log.error("Did not expect this method to get called");
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/conf/CertValidatorTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/conf/CertValidatorTest.java new file mode 100644 index 00000000..7bc0daa5 --- /dev/null +++ b/bkucommon/src/test/java/at/gv/egiz/bku/conf/CertValidatorTest.java @@ -0,0 +1,32 @@ +package at.gv.egiz.bku.conf;
+
+import iaik.x509.X509Certificate;
+
+import java.io.File;
+import java.io.IOException;
+import java.security.cert.CertificateException;
+
+import static org.junit.Assert.*;
+
+import org.junit.Before;
+import org.junit.Test;
+
+public class CertValidatorTest {
+
+ private CertValidator cv;
+
+ @Before
+ public void setUp() {
+ cv = new CertValidatorImpl();
+ String caDir = getClass().getClassLoader().getResource("at/gv/egiz/bku/conf/certs/CACerts").getPath();
+ String certDir = getClass().getClassLoader().getResource("at/gv/egiz/bku/conf/certs/certStore").getPath();
+ cv.init(new File(caDir), new File(certDir));
+ }
+
+ @Test
+ public void testValid() throws CertificateException, IOException {
+ X509Certificate cert = new X509Certificate(getClass().getClassLoader().getResourceAsStream("at/gv/egiz/bku/conf/certs/testCerts/www.a-trust.at.der"));
+ assertTrue(cv.isCertificateValid("TID", new X509Certificate[]{cert}));
+ }
+
+}
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-01a.cer Binary files differnew file mode 100644 index 00000000..f9fef65f --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-01a.cer diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-02a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-02a.cer Binary files differnew file mode 100644 index 00000000..36a442b8 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-02a.cer diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-03a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-03a.cer Binary files differnew file mode 100644 index 00000000..ab9e0cd7 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-03a.cer diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-01a.cer Binary files differnew file mode 100644 index 00000000..efa28178 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-01a.cer diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-03.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-03.cer Binary files differnew file mode 100644 index 00000000..33e77636 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-03.cer diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-01a.cer Binary files differnew file mode 100644 index 00000000..f9fef65f --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-01a.cer diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-02a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-02a.cer Binary files differnew file mode 100644 index 00000000..36a442b8 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-02a.cer diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-03a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-03a.cer Binary files differnew file mode 100644 index 00000000..ab9e0cd7 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-03a.cer diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-01a.cer Binary files differnew file mode 100644 index 00000000..efa28178 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-01a.cer diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-03.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-03.cer Binary files differnew file mode 100644 index 00000000..33e77636 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-03.cer diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-SSL-03.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-SSL-03.cer new file mode 100644 index 00000000..ee859434 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-SSL-03.cer @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE-----
+MIIEdzCCA1+gAwIBAgIDAmU4MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
+dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA2MDgxNjIyMDAw
+MFoXDTE2MDgxNjIyMDAwMFowgYcxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
+dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
+ZXJrZWhyIEdtYkgxFjAUBgNVBAsMDWEtc2lnbi1TU0wtMDMxFjAUBgNVBAMMDWEt
+c2lnbi1TU0wtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMjPM6
+PqgdPBPV4Efudpytt2Y4GZJfjeRdZo5SCuULDvvL+23xxBWnR3scFvfE1ekHN/YK
+k+2/qhU2B2ntoSNJSyDchNM8YPc9Lx67zZyhQTZgbBzh3IZAVb/hwuRRRV68JCBj
+r3r6v7IbwjH5XcVISdB4szx0z93aAQyKW9QkV+tD5a1vWFETvdHsZeVmDzfqcdsG
+AznPJw+9HrImCsswCWYUgPcFRkPNjj2r2NoyckVN781aWmNTAqJPf/Ckj9l9pUIt
+Vjhy8XNJW4iVDBkkykBXcGSkIau0ypJrRjsD1jKqUTIRZ/y2HlyltmwWi8OuyBLd
+LaHDbjc0b6JmqoivAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E
+CgQIQD6h02K0A90wEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEG
+MIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQv
+b3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJl
+dm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1
+dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAHKlnV3R9sbXojtONugyazkZCEzmC
+nZF1Dz4cOL0vPzzvS8MVWtG43zAgVI1NT/0ETSWsXD3YfzRi+f+/CxrGn0gwZX2t
+VGx+Z9w5ufiy1vuhxDUPmpos1TbJ4Wv3Une0E7iuHmNLg5qVlKeHWpcU8t1Y0nCt
+eRz34Qm87AVAykta33XST1fYvGoPKsDtn3qx9ye/pcbDvWjPwmqF2UUoql+d5hmJ
+Umgzwezqk4I+FS98BrnaPgC5UVFHg+yUjiUDLjYy7UvDZ5Led6kkLXuzVhQolLvr
+KTrGp5k42PG2MMkw8f6GMF/6yePXgzFMCRN8ReR7J5Htv33SytLRmFRd8g==
+-----END CERTIFICATE-----
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-03.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-03.cer new file mode 100644 index 00000000..7e67be95 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-03.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE-----
+MIIEgzCCA2ugAwIBAgIDAarsMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
+dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MTExMzIzMDAw
+MFoXDTE1MTExMzIzMDAwMFowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
+dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
+ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1jb3Jwb3JhdGUtMDMxHDAaBgNV
+BAMME2Etc2lnbi1jb3Jwb3JhdGUtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCp44qY+AiVXlcnHoKvch9s3ujoWFNktvcteIPwK7s0mb/uxTUW9UIF
+Die9n3AbyTsJE6R3nZYSJVHHi+1DKD72/WEo/B5NOOtd6KUMfJgca1tDmcsIwhFn
+82qkZrbNQwdIIdLe6+nDmjd9UBIaKv7yy1kq20jh09HOK3/bWhafVQE7EAgDfNrn
+8f0JfnnF0EA/La5kkg878L22fh9lRzt8H21THqJPtK4/e9SttjrJnPhFk2/MjAGS
+uaDufG6BV5Hnn7klR5qm5q32ypleLA6Zi4m9jRCVtPd4jRPYM40XpRkrJuFw+lxp
+rejfEZt/SRh1eQXiXDUgtgX8OaIylH9pAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUw
+AwEB/zARBgNVHQ4ECgQIQj75YZ1a5XIwEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYD
+VR0PAQH/BAQDAgEGMIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFw
+LmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9j
+ZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2Vy
+dGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEARu7e1SyBRjlA
+g/thtFwtKQRvopTZKWj2LWpEdvPvwThOvf8Depnas+ly5af8r8YzsqJzfX3XWvhN
+qOOI24g5FmXfCUTq/kbtaeTq/AqV94793IJfcilPnpMOEHMqXNDiRUoAgR/9EVj8
+mDVvL2lLlJzeAltqOD5Bi9QwguaD2/3/E5ymFnqkf1dnlXbo8AhcwPEzReNKn1eM
+Ilg4FwP1bP0HUK3Fyz1UQ/Hncg+MS7c+SkjpNEd4sH7/GdxuQs5Sk7IRwot1+sbX
+3CkkPhSqiUzig9raxJYrtbb2kyiUO8+d5HzRyoP4BNzsdZdPc0gDYweXg5qarHOQ
+16IEOtBmKg==
+-----END CERTIFICATE-----
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-01a.cer new file mode 100644 index 00000000..0c68e593 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-01a.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIEJjCCAw6gAwIBAgIDAOJEMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFUMRAwDgYDVQQK +EwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkwFwYDVQQDExBBLVRydXN0LW5R +dWFsLTAxMB4XDTA0MTEzMDIzMDAwMFoXDTA4MTEzMDIzMDAwMFowgZ8xCzAJBgNVBAYTAkFUMUgw +RgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0 +ZW52ZXJrZWhyIEdtYkgxIjAgBgNVBAsTGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDExIjAgBgNV +BAMTGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDGC65v8rni63DojEBriynPwRqNCp14/SkN5ROkTUGNvLSabfSJV4PKGLTzasPAaChwX0g/ +kebahFM3R7nIyeVx2YB8VRvC4I/spP/mCs5+6pf1N+6Kiq4NcswgNBBfqAteaQIylBMy6HDkjoXY +X/c+SxjyrqAkeZCK+SHMOraXCO1PZHWbYwleKXf4R2Z6ayEfJ2XWeVuqqon76WHp/POI0RADBchA +6Vm1ROzSAHz39bay1TZunQXSs3VQ9cE3uQPjN+80efmf0ZgNF0sXsDTssoZg2feTANSOkTGM1bMC +5xe1hWFL8MZNe4yZ+NSgFN2fofb8BPvyQAW0no2PNA6PAgMBAAGjgbMwgbAwDwYDVR0TAQH/BAUw +AwEB/zARBgNVHQ4ECgQITp5/1C/JHx8wEwYDVR0jBAwwCoAITlnOxwIyhzAwDgYDVR0PAQH/BAQD +AgEGMGUGA1UdHwReMFwwWqBYoFaGVGxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1u +UXVhbC0wMSxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0PzANBgkqhkiG +9w0BAQUFAAOCAQEAOtuz2GqnTibk/poCLrdYKpZSrLyfWFsJJpfBYA9HMasnfpJBCHgRHJud6DAO +xD900Vhmwy66D8dqsN3+fR8Bx8ZMKspnFN1B2Wz7LWOxMaKqP3JolJ/oVwzJRm0afcUMAfAumkc5 +Yqu0nC5qCF9zYY9YbJklh84uEzEg9j85kuRBHOCUc+5MVrnv7WPbirx6c95YFqXBQ0arA5QE9zYq +MDO8aUYPOWEHgtrVI+kMwELYHqLDX7i9VqsXhgFPeVz1wIV7s/i3budGeHMS6hjnyIc30FqM7CTY +fcvqVNZliErbjD1k1W1gMgvjLJowNvQC0W7K9/yoQhwTqtNMR4WZwA== +-----END CERTIFICATE----- diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-02a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-02a.cer new file mode 100644 index 00000000..c300891d --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-02a.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE-----
+MIIEizCCA3OgAwIBAgIDAOSoMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
+YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa
+Fw0xNDEyMTMyMzAwMDBaMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
+a2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIw
+IAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAk6V4oEauvXgEICqgjTbGHaiDhBVo2nosX23osoKM
+LTkkO/nOCgpdCYpLKgURxwrgHgVh9XT99yxhy6lDwt2rASajj0sQ1fY5BmWVyrXS
+dQ78ISMPb73XaG4M8H7PJFcsVEo9n8veVQwnMY5mSWy0r1IO8n93Bjbmmi4Zt8oS
+p9olWo5/8ByYW8S/AKZuQx+q+bFJv7geuApVjK2iVFe8yQqHhAgDsAsDlMvxDAQ/
+vhrGwHRv8N3sLsjirnbf5S2dGLDjASOMUFvwfLQd7gHH7PV37Xa+aQqa97eE6O4O
+sIhcGRYhoLk/tWTBDapcgHJ0yTtrftuwORVteLUAy0gBNwIDAQABo4HhMIHeMA8G
+A1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEkcWDpP6A0DMBMGA1UdIwQMMAqACEI9
+KySmwUXOMA4GA1UdDwEB/wQEAwIBBjCBkgYDVR0fBIGKMIGHMIGEoIGBoH+GfWxk
+YXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1RdWFsLTAyLG89QS1UcnVz
+dCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFzZT9vYmplY3RjbGFz
+cz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQBH
+opWG7LKmPBvuGjZnRV4KGKzzUYVuxSRS1E0VIUPbVLf5xW2r5uUpR8ud5EpiPrcw
+k6K0dzu2Vb4ZbMIP+6J16S/0qvTp/3A/3q87+nJ+ot+IT8GZFJfSw18th2WmZdzR
+ShbM6sgViPtGsFROCdWeiHl248w2+zG+09sf8Bu3UyvwLRAiiKaxuwVdQ9kc0TL3
+gvv+K5eisWWthQOX2IF2jGSEqoAVwfHhl7bc9Vt7XnJSpQFebHnsIVuV4Mv6w4ww
+86hQPCLLvvV7wWDiBQ8l2FWneX0pNH3Wg+A1TRUoptc+pPDdpoP272MDm4fXyPKV
+7QgIaIK+gXNUj2GGt1K9
+-----END CERTIFICATE-----
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-03.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-03.cer new file mode 100644 index 00000000..2251ca22 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-03.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE-----
+MIIEjzCCA3egAwIBAgIDAartMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
+dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MTExMzIzMDAw
+MFoXDTE1MTExMzIzMDAwMFowgZ8xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
+dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
+ZXJrZWhyIEdtYkgxIjAgBgNVBAsMGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDMx
+IjAgBgNVBAMMGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDMwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC359oitbHkkEgdErRPeBdkcYRK2DLdxfcnn+SI
+umSEYzWVscRTchPKSzb7f1a6EHPbB5WZsGJaUDX9KfTqsJNMo+7bASKk3gsLVxNZ
+qY2t2G+y8HvREYYejDOIzjAkcBQrt+nvuBUlGYVJQjEuyAn18f2vG0Y3VNvZFGKn
+PK8AVycUMk0Uw21RbK3vX5tbbPgQ/kcZkN4czi5VHepMvf6hAwwLoJj+KL9zxm8j
+yPK88qCBKAjMNCpZKsEhyanw1CjYbVmHs45Q5W6FBtqDcS6Iq4mC6TtUPGtCTuoH
+7/JLuhEp075ohp87v3fSlzeLJjBpkUDP9U8Tv7l2euD0t1UVAgMBAAGjgeMwgeAw
+DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIQZFpHL+t2JgwEwYDVR0jBAwwCoAI
+RGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEGMIGUBgNVHR8EgYwwgYkwgYaggYOggYCG
+fmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEt
+VHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0
+Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOC
+AQEADTRIaQtPwoPS6/TpyBhOw4wAHk/RM4gkLT76URPY2sUHihxqy+8qEElN+f5l
+I61myCP3IFTClflcHVR1QCoMg0ZI5/EcQTI8Dgd5iQkXuVjh3wCj87Ka2Tu7d1K+
+i9VJ4BR/ph/qmPKR7Lx/PtATw/vWo4k2rbt5o1QwixZ7CPt+BF9xCaAC4uL0bB0M
+9M3i9W2ePmqX6WIB3jMkT9FQC0KihPPfw/17KddNi4rFMMEiTyKvJTtTqDnIAwWW
+TqsL1G7oxMMtnnYaKWMQ6gQiOiRzCY7efcAi/3YwUX6ULW5zxqapNs1vqEbSGsQE
+l1eFl67HBZHYAPdoHGUnZF0KaQ==
+-----END CERTIFICATE-----
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-01a.cer new file mode 100644 index 00000000..2d7f1a03 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-01a.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIEKDCCAxCgAwIBAgIDAOKKMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFUMRAwDgYDVQQK +EwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkwFwYDVQQDExBBLVRydXN0LW5R +dWFsLTAxMB4XDTA0MTIwNTIzMDAwMFoXDTA4MTEzMDIzMDAwMFowgaExCzAJBgNVBAYTAkFUMUgw +RgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0 +ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1jb3Jwb3JhdGUtbWVkaXVtLTAxMSMwIQYD +VQQDExphLXNpZ24tY29ycG9yYXRlLW1lZGl1bS0wMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANEbZyIMIXZYBjTj/+3TrNGssRKNNdTedQlWB3vJQWLzeG89Kzmhy1WDX8IqDrMtvpXH +5w6urK3ZT7HGu2Jldrib8rkEOdE9+uNGRtkP8Kuz//CvdXCbIDvBLqgvWn9a3Sl/rUicPqKwcEcN +bP2Q0iU6NvvALmoqs93PymfTZlkGOwzUe+O88huXkauGWT/DkJd4JYDNJ0wlaGrJa+OorT4Izk1J +EipqqedUjsAj4Gq3SKrZKG/H/CkoH9uWTzrzFgg8zQhCES4AClo84XVk//EIv3ABDw4hr+lqV1nF +eXch9o4mLIe5u045471YLJLmyuCPDopb8U2VUoyldpMx+Y8CAwEAAaOBszCBsDAPBgNVHRMBAf8E +BTADAQH/MBEGA1UdDgQKBAhOuHKxmCmfZDATBgNVHSMEDDAKgAhOWc7HAjKHMDAOBgNVHQ8BAf8E +BAMCAQYwZQYDVR0fBF4wXDBaoFigVoZUbGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1BLVRydXN0 +LW5RdWFsLTAxLG89QS1UcnVzdCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/MA0GCSqG +SIb3DQEBBQUAA4IBAQDaukYSeJVxWAh8QShqGqA6Plp9aXCTzwl9hE2gb+/xGPASo+NVQi/sUa0+ +bx29oSJaW6lKzdHQLAx4dwW9XTpJ+0mebB4fQfYHH0lGc1O4au/4O9k+C3SrD6x4WeY9k/SpUFu1 +qjzH+tjta81UWtU7Jve1BhckNwdOFx7cR8fdW+pUQSDV9XnPJfyb+gb9KWhvX+XAbgJoXW1HjJOO +P5sx6mFhMb3UqAfKQVoAuGbl4+uxIThBTqpICkaaD8WLdukqQjomUMDRbWIf6SblPuOEpPi1G/WM +qkTkpqX77Wkj08QY/yj5DDrsYJ5NymnWvu7jcoxCFCKvEQ8Q4g7AYKnG +-----END CERTIFICATE----- diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-02a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-02a.cer new file mode 100644 index 00000000..194d4d7c --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-02a.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE-----
+MIIEjTCCA3WgAwIBAgIDAOSpMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
+YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa
+Fw0xNDEyMTMyMzAwMDBaMIGhMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
+a2VociBHbWJIMSMwIQYDVQQLDBphLXNpZ24tY29ycG9yYXRlLW1lZGl1bS0wMjEj
+MCEGA1UEAwwaYS1zaWduLWNvcnBvcmF0ZS1tZWRpdW0tMDIwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCuaTBb6rHd5JZqAdvpmGIl5ne0Hg6GbpJvBeCI
+U6l9Rs8ebMY6aIS++qJOE9rnJHdfZNzLzduuoWEzEuwm9a/azQThM+eT+xlG/Vcf
+NuOQTTjAuXHLvYQ7WxSrBIT/kmAyqJgq/DEPvdX4jmCtVkuZ1gbxYIChLOVBWkVC
+FCK49BuXECtNy5fzK/GyfouZOVoQgiQ1YfecqzibcwO0t+f68Pvp/s6HESAH5tXY
+PdENDw4c/W/qKaeR87jPq98AJ8Lr4bmjWLjK8/ITtGglnJy8osFz22oR7f6fbWl6
+5LdhJ3giM68WEabQcZkw8cx3RDOzbnL2Kn+PVNHHyp3Wh849AgMBAAGjgeEwgd4w
+DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISoLnpz/+q98wEwYDVR0jBAwwCoAI
+Qj0rJKbBRc4wDgYDVR0PAQH/BAQDAgEGMIGSBgNVHR8EgYowgYcwgYSggYGgf4Z9
+bGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1BLVRydXN0LVF1YWwtMDIsbz1BLVRy
+dXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdD9iYXNlP29iamVjdGNs
+YXNzPWVpZENlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggEB
+ABqg1oRs/TZ0hJLJRV/xJglFzgn2fDAXeoVvWnAE09F1d0n+ZorKAKbMfiZ2CuKs
+M0AhU23/5zM90DdrtYWXpa+P8ONALZtHJIqGfVuRKYJq7jY5TpE3yRkTcrp47smp
+WqTwUgG+0aBeU9m+ZtGUFOsBkq+MudD8IZGc7VcLd1n4ltND9ITjX20hu01ju56c
+YC69vFa5hmIccXg/Q3dGEV5Amx8MTQJluG3QvqBOY74yrAFICvK1zsvu+vOGvJQj
+i+PxKlbQdehrV82VDxyfSjpEUADWMGRfE5vg4YBGgfRosh4w7a6ThD2LMLFPmIhy
+P6+VGUBCm2tMDDOo9DVkXFs=
+-----END CERTIFICATE-----
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/testCerts/www.a-trust.at.der b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/testCerts/www.a-trust.at.der Binary files differnew file mode 100644 index 00000000..61ce8dff --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/testCerts/www.a-trust.at.der @@ -1,211 +1,217 @@ <?xml version="1.0" encoding="UTF-8"?>
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <modelVersion>4.0.0</modelVersion>
- <groupId>at.gv.egiz</groupId>
- <artifactId>bku</artifactId>
- <packaging>pom</packaging>
- <version>1.0-SNAPSHOT</version>
- <name>BKU</name>
- <url>http://bku.egiz.gv.at</url>
- <modules>
- <module>utils</module>
- <module>bkucommon</module>
- <module>STAL</module>
- <module>BKUOnline</module>
- <module>smcc</module>
- <module>BKULocal</module>
- <module>BKUApplet</module>
- <module>smccSTAL</module>
- <module>STALService</module>
- <module>BKUCommonGUI</module>
- <module>BKUViewer</module>
- <module>BKULocalApp</module>
- </modules>
- <developers>
- <developer>
- <id>mcentner</id>
- <name>Martin Centner</name>
- <email>mcentner@egiz.gv.at</email>
- </developer>
- <developer>
- <id>wbauer</id>
- <name>Wolfgang Bauer</name>
- <email>wbauer@egiz.gv.at</email>
- </developer>
- <developer>
- <id>corthacker</id>
- <name>Clemens Orthacker</name>
- <email>corthacker@egiz.gv.at</email>
- </developer>
- </developers>
- <scm>
- <url>svn://svn.egovlabs.gv.at/svnroot/mocca</url>
- </scm>
- <organization>
- <name>E-Government Innovation Center (EGIZ)</name>
- <url>http://www.egiz.gv.at</url>
- </organization>
- <build>
- <pluginManagement>
- <plugins>
- <plugin>
- <artifactId>maven-compiler-plugin</artifactId>
- <groupId>org.apache.maven.plugins</groupId>
- <version>2.0.2</version>
- <configuration>
- <!--
- fork>true</fork>
- <executable>${java_6_sun}/bin/javac</executable>
- <compilerVersion>1.6</compilerVersion
- -->
- <source>1.6</source>
- <target>1.6</target>
- <verbose>true</verbose>
- <showWarnings>true</showWarnings>
- </configuration>
- </plugin>
- <plugin>
- <artifactId>maven-assembly-plugin</artifactId>
- <groupId>org.apache.maven.plugins</groupId>
- <version>2.2-beta-2</version>
- </plugin>
- <plugin>
- <artifactId>maven-dependency-plugin</artifactId>
- <groupId>org.apache.maven.plugins</groupId>
- <version>2.0</version>
- </plugin>
- <!--plugin>
- <artifactId>maven-jaxb2-plugin</artifactId>
- <groupId>org.jvnet.jaxb2.maven2</groupId>
- <version>0.6.0</version>
- </plugin-->
- <plugin>
- <artifactId>jaxws-maven-plugin</artifactId>
- <groupId>org.codehaus.mojo</groupId>
- <version>1.10</version>
- </plugin>
- </plugins>
- </pluginManagement>
- <plugins>
- <plugin>
- <artifactId>maven-assembly-plugin</artifactId>
- <configuration>
- <descriptors>
- <descriptor>${basedir}/src/main/assemblies/assembly-test.xml</descriptor>
- <!--
- descriptor>${basedir}/src/main/assemblies/assembly-online.xml</descriptor>
- <descriptor>${basedir}/src/main/assemblies/assembly-local.xml</descriptor>
- <descriptor>${basedir}/src/main/assemblies/assembly-server.xml</descriptor
- -->
- </descriptors>
- </configuration>
- <!--
- don't include execution here, but explicitly in the execute
- command (see custom goals: mvn clean package
- assembly:assembly) | NOTE: Because of a quirk in Maven 2.0's
- execution model relating to aggregator mojos and the
- inheritance hierarchy, | we need to explicitly execute the
- package phase ahead of the assembly invocation, to ensure all
- modules have been built. <executions> <execution>
- <phase>package</phase> <goals> <goal>attached</goal> </goals>
- </execution> </executions
- -->
- </plugin>
- </plugins>
- </build>
- <repositories>
- <repository>
- <id>mocca-egovlabs</id>
- <name>MOCCA EGovLabs</name>
- <url>http://mocca.egovlabs.gv.at/m2/repository/</url>
- </repository>
- <repository>
- <id>maven2-repository.dev.java.net</id>
- <name>Java.net Repository for Maven 2</name>
- <url>http://download.java.net/maven/2/</url>
- </repository>
- <repository>
- <id>maven1-repository.dev.java.net</id>
- <name>Java.net Repository for Maven 1</name>
- <url>http://download.java.net/maven/1/</url>
- <layout>legacy</layout>
- </repository>
- </repositories>
- <dependencies>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <scope>runtime</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
- <dependencyManagement>
- <dependencies>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>1.2.12</version>
- <scope>runtime</scope>
- </dependency>
- <dependency>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- <version>1.1.1</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>4.4</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <version>2.9.1</version>
- </dependency>
- <dependency>
- <groupId>xalan</groupId>
- <artifactId>xalan</artifactId>
- <version>2.7.0</version>
- </dependency>
- <dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik_jce_full_signed</artifactId>
- <version>3.16</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik_jce_me4se</artifactId>
- <version>3.04</version>
- </dependency>
- <dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik_ecc_signed</artifactId>
- <version>2.15</version>
- </dependency>
- <dependency>
- <groupId>iaik</groupId>
- <artifactId>iaik_xsect</artifactId>
- <version>1.14</version>
- </dependency>
- <dependency>
- <groupId>commons-fileupload</groupId>
- <artifactId>commons-fileupload</artifactId>
- <version>1.2.1</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>commons-httpclient</groupId>
- <artifactId>commons-httpclient</artifactId>
- <version>3.1</version>
- <scope>compile</scope>
- </dependency>
- </dependencies>
- </dependencyManagement>
+<project
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>at.gv.egiz</groupId>
+ <artifactId>bku</artifactId>
+ <packaging>pom</packaging>
+ <version>1.0-SNAPSHOT</version>
+ <name>BKU</name>
+ <url>http://bku.egiz.gv.at</url>
+ <modules>
+ <module>utils</module>
+ <module>bkucommon</module>
+ <module>STAL</module>
+ <module>BKUOnline</module>
+ <module>smcc</module>
+ <module>BKULocal</module>
+ <module>BKUApplet</module>
+ <module>smccSTAL</module>
+ <module>STALService</module>
+ <module>BKUCommonGUI</module>
+ <module>BKUViewer</module>
+ <module>BKULocalApp</module>
+ </modules>
+ <developers>
+ <developer>
+ <id>mcentner</id>
+ <name>Martin Centner</name>
+ <email>mcentner@egiz.gv.at</email>
+ </developer>
+ <developer>
+ <id>wbauer</id>
+ <name>Wolfgang Bauer</name>
+ <email>wbauer@egiz.gv.at</email>
+ </developer>
+ <developer>
+ <id>corthacker</id>
+ <name>Clemens Orthacker</name>
+ <email>corthacker@egiz.gv.at</email>
+ </developer>
+ </developers>
+ <scm>
+ <url>svn://svn.egovlabs.gv.at/svnroot/mocca</url>
+ </scm>
+ <organization>
+ <name>E-Government Innovation Center (EGIZ)</name>
+ <url>http://www.egiz.gv.at</url>
+ </organization>
+ <build>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <groupId>org.apache.maven.plugins</groupId>
+ <version>2.0.2</version>
+ <configuration>
+ <!--
+ fork>true</fork> <executable>${java_6_sun}/bin/javac</executable>
+ <compilerVersion>1.6</compilerVersion
+ -->
+ <source>1.6</source>
+ <target>1.6</target>
+ <verbose>true</verbose>
+ <showWarnings>true</showWarnings>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <groupId>org.apache.maven.plugins</groupId>
+ <version>2.2-beta-2</version>
+ </plugin>
+ <plugin>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <groupId>org.apache.maven.plugins</groupId>
+ <version>2.0</version>
+ </plugin>
+ <!--
+ plugin> <artifactId>maven-jaxb2-plugin</artifactId>
+ <groupId>org.jvnet.jaxb2.maven2</groupId> <version>0.6.0</version>
+ </plugin
+ -->
+ <plugin>
+ <artifactId>jaxws-maven-plugin</artifactId>
+ <groupId>org.codehaus.mojo</groupId>
+ <version>1.10</version>
+ </plugin>
+ </plugins>
+ </pluginManagement>
+ <plugins>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <configuration>
+ <descriptors>
+ <descriptor>${basedir}/src/main/assemblies/assembly-test.xml</descriptor>
+ <!--
+ descriptor>${basedir}/src/main/assemblies/assembly-online.xml</descriptor>
+ <descriptor>${basedir}/src/main/assemblies/assembly-local.xml</descriptor>
+ <descriptor>${basedir}/src/main/assemblies/assembly-server.xml</descriptor
+ -->
+ </descriptors>
+ </configuration>
+ <!--
+ don't include execution here, but explicitly in the execute command
+ (see custom goals: mvn clean package assembly:assembly) | NOTE:
+ Because of a quirk in Maven 2.0's execution model relating to
+ aggregator mojos and the inheritance hierarchy, | we need to
+ explicitly execute the package phase ahead of the assembly
+ invocation, to ensure all modules have been built. <executions>
+ <execution> <phase>package</phase> <goals> <goal>attached</goal>
+ </goals> </execution> </executions
+ -->
+ </plugin>
+ </plugins>
+ </build>
+ <repositories>
+ <repository>
+ <id>mocca-egovlabs</id>
+ <name>MOCCA EGovLabs</name>
+ <url>http://mocca.egovlabs.gv.at/m2/repository/</url>
+ </repository>
+ <repository>
+ <id>maven2-repository.dev.java.net</id>
+ <name>Java.net Repository for Maven 2</name>
+ <url>http://download.java.net/maven/2/</url>
+ </repository>
+ <repository>
+ <id>maven1-repository.dev.java.net</id>
+ <name>Java.net Repository for Maven 1</name>
+ <url>http://download.java.net/maven/1/</url>
+ <layout>legacy</layout>
+ </repository>
+ </repositories>
+ <dependencies>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>1.2.12</version>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ <version>1.1.1</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.4</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.9.1</version>
+ </dependency>
+ <dependency>
+ <groupId>xalan</groupId>
+ <artifactId>xalan</artifactId>
+ <version>2.7.0</version>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_jce_full_signed</artifactId>
+ <version>3.16</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_jce_me4se</artifactId>
+ <version>3.04</version>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_ecc_signed</artifactId>
+ <version>2.15</version>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_xsect</artifactId>
+ <version>1.14</version>
+ </dependency>
+ <dependency>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_pki</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ <version>1.2.1</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>3.1</version>
+ <scope>compile</scope>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
</project>
\ No newline at end of file |