diff options
Diffstat (limited to 'BKULocal/src')
27 files changed, 860 insertions, 540 deletions
| diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java new file mode 100644 index 00000000..b547bf6a --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java @@ -0,0 +1,65 @@ +/*
 +* Copyright 2008 Federal Chancellery Austria and
 +* Graz University of Technology
 +*
 +* Licensed under the Apache License, Version 2.0 (the "License");
 +* you may not use this file except in compliance with the License.
 +* You may obtain a copy of the License at
 +*
 +*     http://www.apache.org/licenses/LICENSE-2.0
 +*
 +* Unless required by applicable law or agreed to in writing, software
 +* distributed under the License is distributed on an "AS IS" BASIS,
 +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 +* See the License for the specific language governing permissions and
 +* limitations under the License.
 +*/
 +package at.gv.egiz.bku.local.accesscontroller;
 +
 +import java.io.IOException;
 +
 +import org.apache.commons.logging.Log;
 +import org.apache.commons.logging.LogFactory;
 +import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
 +import org.springframework.context.ResourceLoaderAware;
 +import org.springframework.core.io.Resource;
 +import org.springframework.core.io.ResourceLoader;
 +
 +import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade;
 +import at.gv.egiz.bku.local.conf.Configurator;
 +
 +public class SpringSecurityManager extends SecurityManagerFacade implements
 +		ResourceLoaderAware {
 +
 +	private ResourceLoader resourceLoader;
 +
 +	private static Log log = LogFactory.getLog(SpringSecurityManager.class);
 +
 +	protected Configurator config;
 +
 +	public void setConfig(Configurator config) {
 +		this.config = config;
 +	}
 +
 +	public void init() {
 +		String noMatch = config.getProperty("AccessController.acceptNoMatch");
 +		if (noMatch != null) {
 +			log.debug("Setting allow now match to: " + noMatch);
 +			setAllowUnmatched(Boolean.getBoolean(noMatch));
 +		}
 +		String policy = config.getProperty("AccessController.policyResource");
 +		log.info("Loading resource: " + policy);
 +		try {
 +			Resource res = resourceLoader.getResource(policy);
 +			init(res.getInputStream());
 +		} catch (IOException e) {
 +			log.error(e);
 +		}
 +	}
 +
 +	@Override
 +	public void setResourceLoader(ResourceLoader loader) {
 +		this.resourceLoader = loader;
 +	}
 +
 +}
 diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/ConfigurationUpdater.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/ConfigurationUpdater.java deleted file mode 100644 index 3214f4bc..00000000 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/ConfigurationUpdater.java +++ /dev/null @@ -1,44 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -*     http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.local.conf;
 -
 -import org.apache.commons.logging.Log;
 -import org.apache.commons.logging.LogFactory;
 -import org.quartz.JobExecutionContext;
 -import org.quartz.JobExecutionException;
 -import org.springframework.scheduling.quartz.QuartzJobBean;
 -
 -public class ConfigurationUpdater extends QuartzJobBean {
 -  private static Log log = LogFactory.getLog(ConfigurationUpdater.class);
 -  private Configurator config;
 -
 -  @Override
 -  protected void executeInternal(JobExecutionContext arg0)
 -      throws JobExecutionException {
 -    log.trace("Checking config update");
 -    config.checkUpdate();
 -  }
 -
 -  public Configurator getConfig() {
 -    return config;
 -  }
 -
 -  public void setConfig(Configurator config) {
 -    this.config = config;
 -  }
 -
 -}
 diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java index e9510101..57a0f84f 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java @@ -1,274 +1,103 @@  /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -*     http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.local.conf;
 -
 -import iaik.security.ecc.provider.ECCProvider;
 -import iaik.xml.crypto.XSecProvider;
 -
 -import java.io.File;
 -import java.io.FileInputStream;
 -import java.io.FileOutputStream;
 -import java.io.InputStream;
 -import java.net.HttpURLConnection;
 -import java.security.KeyStore;
 -import java.security.Provider;
 -import java.security.Security;
 -import java.security.cert.CertStore;
 -import java.security.cert.CertificateFactory;
 -import java.security.cert.CollectionCertStoreParameters;
 -import java.security.cert.PKIXBuilderParameters;
 -import java.security.cert.X509CertSelector;
 -import java.security.cert.X509Certificate;
 -import java.util.Enumeration;
 -import java.util.LinkedList;
 -import java.util.List;
 -
 -import javax.net.ssl.CertPathTrustManagerParameters;
 -import javax.net.ssl.HttpsURLConnection;
 -import javax.net.ssl.KeyManager;
 -import javax.net.ssl.KeyManagerFactory;
 -import javax.net.ssl.ManagerFactoryParameters;
 -import javax.net.ssl.SSLContext;
 -import javax.net.ssl.TrustManagerFactory;
 -
 -import org.apache.commons.configuration.ConfigurationException;
 -import org.apache.commons.configuration.XMLConfiguration;
 -import org.apache.commons.configuration.reloading.FileChangedReloadingStrategy;
 -import org.apache.commons.logging.Log;
 -import org.apache.commons.logging.LogFactory;
 -
 -import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider;
 -import at.gv.egiz.smcc.SWCard;
 -import at.gv.egiz.smcc.util.SMCCHelper;
 -
 -public class Configurator {
 -  private Log log = LogFactory.getLog(Configurator.class);
 -  private XMLConfiguration baseConfig;
 -  private XMLConfiguration specialConfig;
 -  private boolean autoSave = false;
 -
 -  public Configurator() {
 -    super();
 -    init();
 -    configure();
 -  }
 -
 -  private void init() {
 -    log.debug("Initializing configuration");
 -
 -    baseConfig = new XMLConfiguration();
 -    try {
 -      baseConfig.load(getClass().getClassLoader().getResourceAsStream(
 -          "./at/gv/egiz/bku/local/baseconfig.xml"));
 -      log.debug("Successfully loaded base configuration");
 -    } catch (ConfigurationException e) {
 -      log.error("Cannot load base configuration", e);
 -    }
 -    autoSave = baseConfig.getBoolean("OverrideConfigurationFile[@autosave]");
 -    try {
 -      specialConfig = new XMLConfiguration();
 -      specialConfig.setFileName(baseConfig
 -          .getString("OverrideConfigurationFile"));
 -      specialConfig.load();
 -    } catch (Exception e) {
 -      log.debug("Cannot get special configuration at: "
 -          + baseConfig.getString("OverrideConfigurationFile") + ": " + e);
 -      log.debug("Creating new special configuration");
 -      try {
 -        specialConfig = new XMLConfiguration(baseConfig);
 -        specialConfig.setFileName(baseConfig
 -            .getString("OverrideConfigurationFile"));
 -        specialConfig.save();
 -      } catch (ConfigurationException e1) {
 -        log.error("Cannot load defaults " + e1);
 -      }
 -    }
 -    specialConfig.setReloadingStrategy(new FileChangedReloadingStrategy());
 -    specialConfig.setAutoSave(autoSave);
 -  }
 -
 -  protected void configUrlConnections() {
 -    HttpsURLConnection.setFollowRedirects(false);
 -    HttpURLConnection.setFollowRedirects(false);
 -  }
 -
 -  protected KeyStore loadKeyStore(String fileName, String type, String password) {
 -    KeyStore ks = null;
 -    try {
 -      ks = KeyStore.getInstance(type);
 -      InputStream is = new FileInputStream(fileName);
 -      if (is == null) {
 -        log.warn("Cannot load keystore from: " + fileName);
 -      }
 -      ks.load(is, password.toCharArray());
 -      for (Enumeration<String> alias = ks.aliases(); alias.hasMoreElements();) {
 -        log.debug("Found keystore alias: " + alias.nextElement());
 -      }
 -    } catch (Exception e) {
 -      log.error("Cannot config keystore", e);
 -      return null;
 -    }
 -    return ks;
 -  }
 -
 -  protected void configSSL() {
 -    String trustStoreName = specialConfig.getString("SSL.trustStoreFile");
 -    String trustStoreType = specialConfig.getString("SSL.trustStoreType");
 -    String trustStorePass = specialConfig.getString("SSL.trustStorePass");
 -    String certStoreDirectory = specialConfig
 -        .getString("SSL.certStoreDirectory");
 -    String keyStoreName = specialConfig.getString("SSL.keyStoreFile");
 -    String keyStoreType = specialConfig.getString("SSL.keyStoreType");
 -    String keyStorePass = specialConfig.getString("SSL.keyStorePass");
 -
 -    String caIncludeDir = specialConfig.getString("SSL.caIncludeDirectory");
 -
 -    KeyStore trustStore = loadKeyStore(trustStoreName, trustStoreType,
 -        trustStorePass);
 -    KeyStore keyStore = null;
 -    if (keyStoreName != null) {
 -      keyStore = loadKeyStore(keyStoreName, keyStoreType, keyStorePass);
 -    }
 -
 -    try {
 -      PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore,
 -          new X509CertSelector());
 -
 -      if (certStoreDirectory != null) {
 -        File dir = new File(certStoreDirectory);
 -        if (dir.isDirectory()) {
 -          List<X509Certificate> certCollection = new LinkedList<X509Certificate>();
 -          CertificateFactory cf = CertificateFactory.getInstance("X.509");
 -          for (File f : dir.listFiles()) {
 -            log.debug("adding " + f.getName());
 -            certCollection.add((X509Certificate) cf
 -                .generateCertificate(new FileInputStream(f)));
 -          }
 -          CollectionCertStoreParameters csp = new CollectionCertStoreParameters(
 -              certCollection);
 -          CertStore cs = CertStore.getInstance("Collection", csp);
 -          pkixParams.addCertStore(cs);
 -          log.debug("Added collection certstore");
 -        } else {
 -          log.error("CertstoreDirectory " + certStoreDirectory
 -              + " is not a directory");
 -        }
 -      }
 -
 -      if (caIncludeDir != null) {
 -        File dir = new File(caIncludeDir);
 -        if (dir.exists() && dir.isDirectory()) {
 -          CertificateFactory cf = CertificateFactory.getInstance("X.509");
 -          try {
 -            for (File f : dir.listFiles()) {
 -              FileInputStream fis = new FileInputStream(f);
 -              X509Certificate cert = (X509Certificate) cf
 -                  .generateCertificate(fis);
 -              fis.close();
 -              log.debug("Adding trusted cert " + cert.getSubjectDN());
 -              trustStore.setCertificateEntry(cert.getSubjectDN().getName(),
 -                  cert);
 -              f.delete();
 -            }
 -          } finally {
 -            trustStore.store(new FileOutputStream(trustStoreName),
 -                trustStorePass.toCharArray());
 -          }
 -        }
 -      }
 -
 -      pkixParams.setRevocationEnabled(specialConfig
 -          .getBoolean("SSL.revocation"));
 -      if (specialConfig.getBoolean("SSL.revocation")) {
 -        System.setProperty("com.sun.security.enableCRLDP ", "true");
 -        Security.setProperty("ocsp.enable", "true");
 -      }
 -      System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
 -      log.debug("Setting revocation check to: "
 -          + pkixParams.isRevocationEnabled());
 -      ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters(
 -          pkixParams);
 -      TrustManagerFactory trustFab = TrustManagerFactory.getInstance("PKIX");
 -      trustFab.init(trustParams);
 -
 -      KeyManager[] km = null;
 -      SSLContext sslCtx = SSLContext.getInstance(specialConfig
 -          .getString("SSL.sslProtocol"));
 -      if (keyStore != null) {
 -        KeyManagerFactory keyFab = KeyManagerFactory.getInstance("SunX509");
 -        keyFab.init(keyStore, keyStorePass.toCharArray());
 -        km = keyFab.getKeyManagers();
 -      }
 -      sslCtx.init(km, trustFab.getTrustManagers(), null);
 -      HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory());
 -      log.info("Successfully configured ssl");
 -    } catch (Exception e) {
 -      log.debug("Cannot init ssl", e);
 -    }
 -  }
 -
 -  protected void configureProviders() {
 -    log.debug("Registering security providers");
 -    ECCProvider.addAsProvider(false);
 -    Security.addProvider(new STALProvider());
 -    XSecProvider.addAsProvider(false);
 -    StringBuffer sb = new StringBuffer();
 -    sb.append("Following providers are now registered: ");
 -    int i = 1;
 -    for (Provider prov : Security.getProviders()) {
 -      sb.append((i++) + ". : " + prov);
 -    }
 -    log.debug("Configured provider" + sb.toString());
 -  }
 -
 -  protected void configureBKU() {
 -    if (specialConfig.containsKey("BKU.useSWCard")) {
 -      boolean useSWCard = specialConfig.getBoolean("BKU.useSWCard");
 -      log.info("Setting SW Card to: "+useSWCard);
 -      SMCCHelper.setUseSWCard(useSWCard);
 -    }
 -    if (specialConfig.containsKey("BKU.SWCardDirectory")) {
 -     //SWCard.
 -    }
 -  }
 -
 -  public void configure() {
 -    configureProviders();
 -    configSSL();
 -    configUrlConnections();
 -    configureBKU();
 -
 -  }
 -
 -  public void checkUpdate() {
 -    if (specialConfig.getReloadingStrategy().reloadingRequired()) {
 -      log.info("Reloading configuration: " + specialConfig.getFileName());
 -      specialConfig.setAutoSave(false);
 -      specialConfig.clear();
 -      try {
 -        specialConfig.load();
 -      } catch (ConfigurationException e) {
 -        log.fatal(e);
 -      }
 -      specialConfig.setAutoSave(specialConfig
 -          .getBoolean("OverrideConfigurationFile[@autosave]"));
 -      configure();
 -      specialConfig.getReloadingStrategy().reloadingPerformed();
 -    }
 -  }
 -
 -}
 + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *     http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.conf; + +import iaik.security.ecc.provider.ECCProvider; +import iaik.security.provider.IAIK; +import iaik.xml.crypto.XSecProvider; + +import java.io.IOException; +import java.net.HttpURLConnection; +import java.security.Provider; +import java.security.Security; +import java.util.Properties; + +import javax.net.ssl.HttpsURLConnection; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.binding.DataUrl; +import at.gv.egiz.bku.binding.DataUrlConnection; +import at.gv.egiz.bku.slcommands.impl.xsect.DataObject; +import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; + +/** + *  + * TODO currently only the code to get started. + */ +public abstract class Configurator { + +  private Log log = LogFactory.getLog(Configurator.class); + +  private static Configurator instance = new SpringConfigurator(); + +  protected Properties properties; + +  protected Configurator() { +  } + +  public static Configurator getInstance() { +    return instance; +  } + +  protected void configUrlConnections() { +    HttpsURLConnection.setFollowRedirects(false); +    HttpURLConnection.setFollowRedirects(false); +  } + +  protected void configureProviders() { +    log.debug("Registering security providers"); +    Security.insertProviderAt(new IAIK(), 1); +    Security.insertProviderAt(new ECCProvider(false), 2); +    Security.addProvider(new STALProvider()); +    XSecProvider.addAsProvider(false); +    StringBuilder sb = new StringBuilder(); +    sb.append("Registered providers: "); +    int i = 1; +    for (Provider prov : Security.getProviders()) { +      sb.append((i++) + ". : " + prov); +    } +    log.debug(sb.toString()); +  } + +  protected void configViewer() { +    String bv = properties.getProperty("ValidateHashDataInputs"); +    if (bv != null) { +      DataObject.enableHashDataInputValidation(Boolean.parseBoolean(bv)); +    } else { +      log.warn("ValidateHashDataInputs not set, falling back to default"); +    } +  } + +  public void configure() { +    configureProviders(); +    configUrlConnections(); +    configViewer(); +  } + +  public void setConfiguration(Properties props) { +    this.properties = props; +  } + +  public String getProperty(String key) { +    if (properties != null) { +      return properties.getProperty(key); +    } +    return null; +  } +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java new file mode 100644 index 00000000..3aeb1745 --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java @@ -0,0 +1,336 @@ +/*
 + * Copyright 2008 Federal Chancellery Austria and
 + * Graz University of Technology
 + *
 + * Licensed under the Apache License, Version 2.0 (the "License");
 + * you may not use this file except in compliance with the License.
 + * You may obtain a copy of the License at
 + *
 + *     http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the License is distributed on an "AS IS" BASIS,
 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 + * See the License for the specific language governing permissions and
 + * limitations under the License.
 + */
 +package at.gv.egiz.bku.local.conf;
 +
 +import java.io.File;
 +import java.io.FileInputStream;
 +import java.io.IOException;
 +import java.security.InvalidAlgorithmParameterException;
 +import java.security.NoSuchAlgorithmException;
 +import java.security.Security;
 +import java.security.cert.CertPathBuilder;
 +import java.security.cert.CertStore;
 +import java.security.cert.Certificate;
 +import java.security.cert.CertificateException;
 +import java.security.cert.CertificateFactory;
 +import java.security.cert.CollectionCertStoreParameters;
 +import java.security.cert.LDAPCertStoreParameters;
 +import java.security.cert.PKIXBuilderParameters;
 +import java.security.cert.PKIXCertPathBuilderResult;
 +import java.security.cert.TrustAnchor;
 +import java.security.cert.X509CertSelector;
 +import java.security.cert.X509Certificate;
 +import java.util.ArrayList;
 +import java.util.HashSet;
 +import java.util.Iterator;
 +import java.util.LinkedList;
 +import java.util.List;
 +import java.util.Properties;
 +import java.util.Set;
 +
 +import javax.net.ssl.CertPathTrustManagerParameters;
 +import javax.net.ssl.HttpsURLConnection;
 +import javax.net.ssl.KeyManager;
 +import javax.net.ssl.ManagerFactoryParameters;
 +import javax.net.ssl.SSLContext;
 +import javax.net.ssl.TrustManagerFactory;
 +import javax.net.ssl.X509TrustManager;
 +
 +import org.apache.commons.logging.Log;
 +import org.apache.commons.logging.LogFactory;
 +import org.springframework.context.ResourceLoaderAware;
 +import org.springframework.core.io.Resource;
 +import org.springframework.core.io.ResourceLoader;
 +
 +import at.gv.egiz.bku.binding.DataUrl;
 +import at.gv.egiz.bku.binding.DataUrlConnection;
 +import at.gv.egiz.bku.slexceptions.SLRuntimeException;
 +
 +public class SpringConfigurator extends Configurator implements
 +    ResourceLoaderAware {
 +
 +  private final static Log log = LogFactory.getLog(SpringConfigurator.class);
 +
 +  private ResourceLoader resourceLoader;
 +
 +  public SpringConfigurator() {
 +    File configDir = new File(System.getProperty("user.home") + "/.bku/conf");
 +    if (configDir.exists()) {
 +      log.debug("Found existing config directory: " + configDir);
 +    } else {
 +      log.info("Config dir not existing, creating new");
 +      if (!configDir.mkdirs()) {
 +        log.error("Cannot create directory: " + configDir);
 +      }
 +    }
 +  }
 +
 +  public void setResource(Resource resource) {
 +    log.debug("Loading config from: " + resource);
 +    if (resource != null) {
 +      Properties props = new Properties();
 +      try {
 +        props.load(resource.getInputStream());
 +        super.setConfiguration(props);
 +      } catch (IOException e) {
 +        log.error("Cannot load config", e);
 +      }
 +    } else {
 +      log.warn("Cannot load properties, resource: " + resource);
 +    }
 +  }
 +
 +  public void configureVersion() {
 +    Properties p = new Properties();
 +    try {
 +      p.load(resourceLoader.getResource("META-INF/MANIFEST.MF")
 +          .getInputStream());
 +      String version = p.getProperty("Implementation-Build");
 +      properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,
 +          "citizen-card-environment/1.2 MOCCA " + version);
 +      DataUrl.setConfiguration(properties);
 +      log.debug("Setting user agent to: "
 +          + properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY));
 +    } catch (IOException e) {
 +      log.error(e);
 +    }
 +  }
 +
 +  public void configure() {
 +    super.configure();
 +    configureSSL();
 +    configureVersion();
 +    configureNetwork();
 +  }
 +
 +  public void configureNetwork() {
 +    
 +  }
 +
 +  private Set<TrustAnchor> getCACerts() throws IOException,
 +      CertificateException {
 +    Set<TrustAnchor> caCerts = new HashSet<TrustAnchor>();
 +    String caDirectory = getProperty("SSL.caDirectory");
 +    if (caDirectory != null) {
 +      Resource caDirRes = resourceLoader.getResource(caDirectory);
 +      File caDir = caDirRes.getFile();
 +      if (!caDir.isDirectory()) {
 +        log.error("Expecting directory as SSL.caDirectory parameter");
 +        throw new SLRuntimeException(
 +            "Expecting directory as SSL.caDirectory parameter");
 +      }
 +      CertificateFactory cf = CertificateFactory.getInstance("X.509");
 +      for (File f : caDir.listFiles()) {
 +        try {
 +          FileInputStream fis = new FileInputStream(f);
 +          X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
 +          fis.close();
 +          log.debug("Adding trusted cert " + cert.getSubjectDN());
 +          caCerts.add(new TrustAnchor(cert, null));
 +        } catch (Exception e) {
 +          log.error("Cannot add trusted ca", e);
 +        }
 +      }
 +      return caCerts;
 +
 +    } else {
 +      log.warn("No CA certificates configured");
 +    }
 +    return null;
 +  }
 +
 +  private List<CertStore> getCertstore() throws IOException,
 +      CertificateException, InvalidAlgorithmParameterException,
 +      NoSuchAlgorithmException {
 +    List<CertStore> resultList = new ArrayList<CertStore>();
 +    String certDirectory = getProperty("SSL.certDirectory");
 +    if (certDirectory != null) {
 +      Resource certDirRes = resourceLoader.getResource(certDirectory);
 +
 +      File certDir = certDirRes.getFile();
 +      if (!certDir.isDirectory()) {
 +        log.error("Expecting directory as SSL.certDirectory parameter");
 +        throw new SLRuntimeException(
 +            "Expecting directory as SSL.certDirectory parameter");
 +      }
 +      List<X509Certificate> certCollection = new LinkedList<X509Certificate>();
 +      CertificateFactory cf = CertificateFactory.getInstance("X.509");
 +      for (File f : certDir.listFiles()) {
 +        try {
 +          FileInputStream fis = new FileInputStream(f);
 +          X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
 +          certCollection.add(cert);
 +          fis.close();
 +          log
 +              .trace("Added following cert to certstore: "
 +                  + cert.getSubjectDN());
 +        } catch (Exception ex) {
 +          log.error("Cannot add certificate", ex);
 +        }
 +      }
 +      CollectionCertStoreParameters csp = new CollectionCertStoreParameters(
 +          certCollection);
 +      resultList.add(CertStore.getInstance("Collection", csp));
 +      log.info("Added collection certstore");
 +    } else {
 +      log.warn("No certstore directory configured");
 +    }
 +    String ldapHost = getProperty("SSL.ldapServer");
 +    if ((ldapHost != null) && (!"".equals(ldapHost))) {
 +      String ldapPortString = getProperty("SSL.ldapPort");
 +      int ldapPort = 389;
 +      if (ldapPortString != null) {
 +        try {
 +          ldapPort = Integer.parseInt(ldapPortString);
 +        } catch (NumberFormatException nfe) {
 +          log.error("Invalid ldap port, using default 389");
 +        }
 +      } else {
 +        log.warn("ldap port not specified, using default 389");
 +      }
 +      LDAPCertStoreParameters ldapParams = new LDAPCertStoreParameters(
 +          ldapHost, ldapPort);
 +      resultList.add(CertStore.getInstance("LDAP", ldapParams));
 +      log.info("Added LDAP certstore");
 +    }
 +    return resultList;
 +  }
 +
 +  public void configureSSL() {
 +    Set<TrustAnchor> caCerts = null;
 +    try {
 +      caCerts = getCACerts();
 +    } catch (Exception e1) {
 +      log.error("Cannot load CA certificates", e1);
 +    }
 +    List<CertStore> certStoreList = null;
 +    try {
 +      certStoreList = getCertstore();
 +    } catch (Exception e1) {
 +      log.error("Cannot load certstore certificates", e1);
 +    }
 +    String aia = getProperty("SSL.useAIA");
 +    if ((aia == null) || (aia.equals(""))) {
 +      System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
 +    } else {
 +      System.setProperty("com.sun.security.enableAIAcaIssuers", aia);
 +    }
 +    String lifetime = getProperty("SSL.cache.lifetime");
 +    if ((lifetime == null) || (lifetime.equals(""))) {
 +      System.setProperty("sun.security.certpath.ldap.cache.lifetime", "0");
 +    } else {
 +      System.setProperty("sun.security.certpath.ldap.cache.lifetime", lifetime);
 +    }
 +    X509CertSelector selector = new X509CertSelector();
 +    PKIXBuilderParameters pkixParams;
 +    try {
 +      pkixParams = new PKIXBuilderParameters(caCerts, selector);
 +      if ((getProperty("SSL.doRevocationChecking") != null)
 +          && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) {
 +        log.info("Enable revocation checking");
 +        System.setProperty("com.sun.security.enableCRLDP", "true");
 +        Security.setProperty("ocsp.enable", "true");
 +      } else {
 +        log.warn("Revocation checking disabled");
 +      }
 +      for (CertStore cs : certStoreList) {
 +        pkixParams.addCertStore(cs);
 +      }
 +      ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters(
 +          pkixParams);
 +      TrustManagerFactory trustFab;
 +      trustFab = TrustManagerFactory.getInstance("PKIX");
 +      trustFab.init(trustParams);
 +      KeyManager[] km = null;
 +      SSLContext sslCtx = SSLContext
 +          .getInstance(getProperty("SSL.sslProtocol"));
 +      sslCtx.init(km, trustFab.getTrustManagers(), null);
 +      // sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts,
 +      // certStoreList) }, null);
 +      HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory());
 +    } catch (Exception e) {
 +      log.error("Cannot configure SSL", e);
 +    }
 +  }
 +
 +  @Override
 +  public void setResourceLoader(ResourceLoader loader) {
 +    this.resourceLoader = loader;
 +  }
 +}
 +
 +class MyTrustManager implements X509TrustManager {
 +  private static Log log = LogFactory.getLog(MyTrustManager.class);
 +  private Set<TrustAnchor> caCerts;
 +  private List<CertStore> certStoreList;
 +  private X509Certificate[] trustedCerts;
 +
 +  public MyTrustManager(Set<TrustAnchor> caCerts, List<CertStore> cs) {
 +    this.caCerts = caCerts;
 +    this.certStoreList = cs;
 +    trustedCerts = new X509Certificate[caCerts.size()];
 +    int i = 0;
 +    for (Iterator<TrustAnchor> it = caCerts.iterator(); it.hasNext();) {
 +      TrustAnchor ta = it.next();
 +      trustedCerts[i++] = ta.getTrustedCert();
 +    }
 +
 +  }
 +
 +  @Override
 +  public void checkClientTrusted(X509Certificate[] arg0, String arg1)
 +      throws CertificateException {
 +    log.error("Did not expect this method to get called");
 +    throw new CertificateException("Method not implemented");
 +  }
 +
 +  @Override
 +  public void checkServerTrusted(X509Certificate[] certs, String arg1)
 +      throws CertificateException {
 +    try {
 +      log.debug("Checking server certificate: " + certs[0].getSubjectDN());
 +      CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX");
 +      X509CertSelector selector = new X509CertSelector();
 +      selector.setCertificate(certs[0]);
 +      PKIXBuilderParameters pkixParams;
 +      pkixParams = new PKIXBuilderParameters(caCerts, selector);
 +      pkixParams.setRevocationEnabled(true); // FIXME
 +      for (CertStore cs : certStoreList) {
 +        pkixParams.addCertStore(cs);
 +      }
 +      PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) pathBuilder
 +          .build(pkixParams);
 +      if (log.isTraceEnabled()) {
 +        StringBuffer sb = new StringBuffer();
 +        for (Certificate cert : result.getCertPath().getCertificates()) {
 +          sb.append(((X509Certificate) cert).getSubjectDN());
 +          sb.append("->");
 +        }
 +        sb.append("End");
 +        log.trace(sb);
 +      }
 +    } catch (Exception e) {
 +      throw new CertificateException(e);
 +    }
 +  }
 +
 +  @Override
 +  public X509Certificate[] getAcceptedIssuers() {
 +    return trustedCerts;
 +  }
 +
 +}
\ No newline at end of file diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java index 0bed928d..c543c8ca 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java @@ -1,7 +1,12 @@  package at.gv.egiz.bku.local.stal;
  import java.awt.Container;
 +import java.awt.EventQueue;
 +import java.awt.Toolkit;
  import java.awt.event.ActionListener;
 +import java.awt.event.FocusEvent;
 +import java.awt.event.FocusListener;
 +import java.awt.event.WindowEvent;
  import java.util.List;
  import javax.swing.JDialog;
 @@ -126,5 +131,4 @@ public class BKUGuiProxy implements BKUGUIFacade {      showDialog();
      delegate.showWelcomeDialog();
    }
 -
  }
 diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java index 6f9e72c5..4bc921aa 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java @@ -7,6 +7,7 @@ import javax.swing.JDialog;  import at.gv.egiz.bku.gui.BKUGUIFacade;
  import at.gv.egiz.bku.online.applet.BKUWorker;
 +import at.gv.egiz.stal.QuitRequest;
  import at.gv.egiz.stal.STALRequest;
  import at.gv.egiz.stal.STALResponse;
  import at.gv.egiz.stal.SignRequest;
 @@ -26,8 +27,16 @@ public class SMCCSTAL extends BKUWorker {    public List<STALResponse> handleRequest(List<STALRequest> requestList) {
      signatureCard = null;
      List<STALResponse> responses = super.handleRequest(requestList);
 -    container.setVisible(false);
 +    //container.setVisible(false);
      return responses;
    }
 +  @Override
 +  public STALResponse handleRequest(STALRequest request) {
 +    if (request instanceof QuitRequest) {
 +      container.setVisible(false);
 +    }
 +    return null;
 +  }
 +
  }
 diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java index 97646d09..f9a8bef5 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java @@ -53,6 +53,7 @@ public class SMCCSTALFactory implements STALFactory {        stal = new SMCCSTAL(new BKUGuiProxy(dialog, gui), dialog, resourceBundle);        dialog.setPreferredSize(new Dimension(400, 200));        dialog.setDefaultCloseOperation(WindowConstants.HIDE_ON_CLOSE); +      dialog.pack();        Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize();        Dimension frameSize = dialog.getSize();        if (frameSize.height > screenSize.height) { @@ -63,13 +64,12 @@ public class SMCCSTALFactory implements STALFactory {        }        dialog.setLocation((screenSize.width - frameSize.width) / 2,            (screenSize.height - frameSize.height) / 2); -      dialog.pack();      }      return stal;    }    @Override -  public void setLocale(Locale locale) { +   public void setLocale(Locale locale) {      this.locale = locale;    }  } diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/Userdialog.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/Userdialog.properties deleted file mode 100644 index 9db6f100..00000000 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/Userdialog.properties +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2008 Federal Chancellery Austria and -# Graz University of Technology -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -#     http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#------- Insert Card Dialog -------#
 -Insert.Header          = Citizen Card Required
 -Insert.Button.Cancel   = Cancel
 -Insert.Text						 = Please insert your Citizen Card!
 -
 -
 -#------- PIN Dialog -------#
 -Pin.Header 				  =	Please Enter PIN
 -Pin.Button.OK 		  = OK
 -Pin.Button.Cancel   = Cancel
 -Pin.Text.Retries    = <html><body>Please enter {0}.<p>{1} retries left.</body></html>
 -Pin.Text.NoRetries  = Please enter {0}.
\ No newline at end of file diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/baseconfig.xml b/BKULocal/src/main/resources/at/gv/egiz/bku/local/baseconfig.xml deleted file mode 100644 index 792bbccc..00000000 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/baseconfig.xml +++ /dev/null @@ -1,38 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?>
 -<!-- -  Copyright 2008 Federal Chancellery Austria and -  Graz University of Technology - -  Licensed under the Apache License, Version 2.0 (the "License"); -  you may not use this file except in compliance with the License. -  You may obtain a copy of the License at - -      http://www.apache.org/licenses/LICENSE-2.0 - -  Unless required by applicable law or agreed to in writing, software -  distributed under the License is distributed on an "AS IS" BASIS, -  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -  See the License for the specific language governing permissions and -  limitations under the License. ---> -<BKUConfig>
 -  <!--  Allows individual configuration -->
 -  <OverrideConfigurationFile autosave="true">
 -    ${sys:user.home}/.bku/conf/bkuconfig.xml</OverrideConfigurationFile>
 -  <SSL>
 -  <!--
 -    <trustStoreFile>truststore.jks</trustStoreFile>
 -    <trustStoreType>JKS</trustStoreType>
 -    <trustStorePass>changeMe</trustStorePass>
 -    <caIncludeDirectory></caIncludeDirectory>
 -    <certStoreDirectory></certStoreDirectory>
 -    <keyStoreFile>keyStore.jks</keyStoreFile>
 -    <keyStoreType>JKS</keyStoreType>
 -    <keyStorePass>changeMe</keyStorePass>
 -  -->
 -    <revocation>true</revocation>
 -    <sslProtocol>TLS</sslProtocol>
 -  </SSL>
 -  <BKU>
 -  </BKU>
 -</BKUConfig>
\ No newline at end of file diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml new file mode 100644 index 00000000..586a8190 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml @@ -0,0 +1,96 @@ +<?xml version="1.0" encoding="UTF-8"?>
 +<!--
 +    Copyright 2008 Federal Chancellery Austria and Graz University of
 +    Technology Licensed under the Apache License, Version 2.0 (the
 +    "License"); you may not use this file except in compliance with the
 +    License. You may obtain a copy of the License at
 +    http://www.apache.org/licenses/LICENSE-2.0 Unless required by
 +    applicable law or agreed to in writing, software distributed under the
 +    License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 +    CONDITIONS OF ANY KIND, either express or implied. See the License for
 +    the specific language governing permissions and limitations under the
 +    License.
 +  -->
 +<AccessControl>
 +	<Chains>
 +		<!--
 +			The input chain defines filters that are applied before command
 +			execution
 +		-->
 +		<Chain Id="InputChain">
 +			<Rules>
 +				<!-- there is no command implemented that requires input filtering -->
 +				<Rule Id="InputChain-AllowAll">
 +					<Action>
 +						<RuleAction>allow</RuleAction>
 +					</Action>
 +					<UserInteraction>confirm</UserInteraction>
 +				</Rule>
 +			</Rules>
 +		</Chain>
 +
 +		<!--
 +			The output chain defines filters that are applied after command
 +			execution
 +		-->
 +		<Chain Id="OutputChain">
 +			<Rules>
 +				<Rule Id="OutputChain-Egov">
 +					<AuthClass>anonymous</AuthClass>
 +					<Action>
 +						<RuleAction>allow</RuleAction>
 +					</Action>
 +					<UserInteraction>confirm</UserInteraction>
 +				</Rule>
 +				<Rule Id="OutputChain-Command">
 +					<AuthClass>anonymous</AuthClass>
 +					<Action>
 +						<ChainRef>Command</ChainRef>
 +					</Action>
 +				</Rule>
 +			</Rules>
 +		</Chain>
 +		<Chain Id="Command">
 +			<Rules>
 +				<Rule Id="cmd-rule-1">
 +					<AuthClass>certified</AuthClass>
 +					<Command Name="Infobox.*">
 +						<Param Name="InfoboxIdentifier">IdentityLink</Param>
 +						<Param Name="PersonIdentifier">derived</Param>
 +					</Command>
 +					<Action>
 +						<RuleAction>allow</RuleAction>
 +					</Action>
 +					<UserInteraction>confirm</UserInteraction>
 +				</Rule>
 +				<Rule Id="cmd-rule-localhost">
 +          <AuthClass>anonymous</AuthClass>
 +          <IPv4Address>127.0.0.1</IPv4Address>
 +          <Command Name="Infobox.*">
 +            <Param Name="InfoboxIdentifier">IdentityLink</Param>
 +            <Param Name="PersonIdentifier">derived</Param>
 +          </Command>
 +          <Action>
 +            <RuleAction>allow</RuleAction>
 +          </Action>
 +          <UserInteraction>confirm</UserInteraction>
 +        </Rule>		
 +				<Rule Id="cmd-rule-2">
 +					<AuthClass>anonymous</AuthClass>
 +					<Command Name="Infobox.*">
 +						<Param Name="InfoboxIdentifier">IdentityLink</Param>
 +					</Command>
 +					<Action>
 +						<RuleAction>deny</RuleAction>
 +					</Action>
 +					<UserInteraction>info</UserInteraction>
 +				</Rule>
 +				<Rule Id="cmd-rule-3">
 +					<Action>
 +						<RuleAction>allow</RuleAction>
 +					</Action>
 +				</Rule>
 +			</Rules>
 +		</Chain>
 +	</Chains>
 +</AccessControl>
 diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-01a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-01a.cerBinary files differ new file mode 100644 index 00000000..f9fef65f --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-01a.cer diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/truststore.jks b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-02a.cerBinary files differ index c773f037..36a442b8 100644 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/truststore.jks +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-02a.cer diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-03a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-03a.cerBinary files differ new file mode 100644 index 00000000..ab9e0cd7 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-03a.cer diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-01a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-01a.cerBinary files differ new file mode 100644 index 00000000..efa28178 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-01a.cer diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-03.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-03.cerBinary files differ new file mode 100644 index 00000000..33e77636 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-03.cer diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-SSL-03.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-SSL-03.cer new file mode 100644 index 00000000..ee859434 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-SSL-03.cer @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE-----
 +MIIEdzCCA1+gAwIBAgIDAmU4MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
 +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
 +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
 +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA2MDgxNjIyMDAw
 +MFoXDTE2MDgxNjIyMDAwMFowgYcxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
 +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
 +ZXJrZWhyIEdtYkgxFjAUBgNVBAsMDWEtc2lnbi1TU0wtMDMxFjAUBgNVBAMMDWEt
 +c2lnbi1TU0wtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMjPM6
 +PqgdPBPV4Efudpytt2Y4GZJfjeRdZo5SCuULDvvL+23xxBWnR3scFvfE1ekHN/YK
 +k+2/qhU2B2ntoSNJSyDchNM8YPc9Lx67zZyhQTZgbBzh3IZAVb/hwuRRRV68JCBj
 +r3r6v7IbwjH5XcVISdB4szx0z93aAQyKW9QkV+tD5a1vWFETvdHsZeVmDzfqcdsG
 +AznPJw+9HrImCsswCWYUgPcFRkPNjj2r2NoyckVN781aWmNTAqJPf/Ckj9l9pUIt
 +Vjhy8XNJW4iVDBkkykBXcGSkIau0ypJrRjsD1jKqUTIRZ/y2HlyltmwWi8OuyBLd
 +LaHDbjc0b6JmqoivAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E
 +CgQIQD6h02K0A90wEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEG
 +MIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQv
 +b3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJl
 +dm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1
 +dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAHKlnV3R9sbXojtONugyazkZCEzmC
 +nZF1Dz4cOL0vPzzvS8MVWtG43zAgVI1NT/0ETSWsXD3YfzRi+f+/CxrGn0gwZX2t
 +VGx+Z9w5ufiy1vuhxDUPmpos1TbJ4Wv3Une0E7iuHmNLg5qVlKeHWpcU8t1Y0nCt
 +eRz34Qm87AVAykta33XST1fYvGoPKsDtn3qx9ye/pcbDvWjPwmqF2UUoql+d5hmJ
 +Umgzwezqk4I+FS98BrnaPgC5UVFHg+yUjiUDLjYy7UvDZ5Led6kkLXuzVhQolLvr
 +KTrGp5k42PG2MMkw8f6GMF/6yePXgzFMCRN8ReR7J5Htv33SytLRmFRd8g==
 +-----END CERTIFICATE-----
 diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-03.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-03.cer new file mode 100644 index 00000000..7e67be95 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-03.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE-----
 +MIIEgzCCA2ugAwIBAgIDAarsMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
 +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
 +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
 +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MTExMzIzMDAw
 +MFoXDTE1MTExMzIzMDAwMFowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
 +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
 +ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1jb3Jwb3JhdGUtMDMxHDAaBgNV
 +BAMME2Etc2lnbi1jb3Jwb3JhdGUtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
 +ggEKAoIBAQCp44qY+AiVXlcnHoKvch9s3ujoWFNktvcteIPwK7s0mb/uxTUW9UIF
 +Die9n3AbyTsJE6R3nZYSJVHHi+1DKD72/WEo/B5NOOtd6KUMfJgca1tDmcsIwhFn
 +82qkZrbNQwdIIdLe6+nDmjd9UBIaKv7yy1kq20jh09HOK3/bWhafVQE7EAgDfNrn
 +8f0JfnnF0EA/La5kkg878L22fh9lRzt8H21THqJPtK4/e9SttjrJnPhFk2/MjAGS
 +uaDufG6BV5Hnn7klR5qm5q32ypleLA6Zi4m9jRCVtPd4jRPYM40XpRkrJuFw+lxp
 +rejfEZt/SRh1eQXiXDUgtgX8OaIylH9pAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUw
 +AwEB/zARBgNVHQ4ECgQIQj75YZ1a5XIwEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYD
 +VR0PAQH/BAQDAgEGMIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFw
 +LmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9j
 +ZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2Vy
 +dGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEARu7e1SyBRjlA
 +g/thtFwtKQRvopTZKWj2LWpEdvPvwThOvf8Depnas+ly5af8r8YzsqJzfX3XWvhN
 +qOOI24g5FmXfCUTq/kbtaeTq/AqV94793IJfcilPnpMOEHMqXNDiRUoAgR/9EVj8
 +mDVvL2lLlJzeAltqOD5Bi9QwguaD2/3/E5ymFnqkf1dnlXbo8AhcwPEzReNKn1eM
 +Ilg4FwP1bP0HUK3Fyz1UQ/Hncg+MS7c+SkjpNEd4sH7/GdxuQs5Sk7IRwot1+sbX
 +3CkkPhSqiUzig9raxJYrtbb2kyiUO8+d5HzRyoP4BNzsdZdPc0gDYweXg5qarHOQ
 +16IEOtBmKg==
 +-----END CERTIFICATE-----
 diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-01a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-01a.cer new file mode 100644 index 00000000..0c68e593 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-01a.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIEJjCCAw6gAwIBAgIDAOJEMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFUMRAwDgYDVQQK +EwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkwFwYDVQQDExBBLVRydXN0LW5R +dWFsLTAxMB4XDTA0MTEzMDIzMDAwMFoXDTA4MTEzMDIzMDAwMFowgZ8xCzAJBgNVBAYTAkFUMUgw +RgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0 +ZW52ZXJrZWhyIEdtYkgxIjAgBgNVBAsTGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDExIjAgBgNV +BAMTGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDGC65v8rni63DojEBriynPwRqNCp14/SkN5ROkTUGNvLSabfSJV4PKGLTzasPAaChwX0g/ +kebahFM3R7nIyeVx2YB8VRvC4I/spP/mCs5+6pf1N+6Kiq4NcswgNBBfqAteaQIylBMy6HDkjoXY +X/c+SxjyrqAkeZCK+SHMOraXCO1PZHWbYwleKXf4R2Z6ayEfJ2XWeVuqqon76WHp/POI0RADBchA +6Vm1ROzSAHz39bay1TZunQXSs3VQ9cE3uQPjN+80efmf0ZgNF0sXsDTssoZg2feTANSOkTGM1bMC +5xe1hWFL8MZNe4yZ+NSgFN2fofb8BPvyQAW0no2PNA6PAgMBAAGjgbMwgbAwDwYDVR0TAQH/BAUw +AwEB/zARBgNVHQ4ECgQITp5/1C/JHx8wEwYDVR0jBAwwCoAITlnOxwIyhzAwDgYDVR0PAQH/BAQD +AgEGMGUGA1UdHwReMFwwWqBYoFaGVGxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1u +UXVhbC0wMSxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0PzANBgkqhkiG +9w0BAQUFAAOCAQEAOtuz2GqnTibk/poCLrdYKpZSrLyfWFsJJpfBYA9HMasnfpJBCHgRHJud6DAO +xD900Vhmwy66D8dqsN3+fR8Bx8ZMKspnFN1B2Wz7LWOxMaKqP3JolJ/oVwzJRm0afcUMAfAumkc5 +Yqu0nC5qCF9zYY9YbJklh84uEzEg9j85kuRBHOCUc+5MVrnv7WPbirx6c95YFqXBQ0arA5QE9zYq +MDO8aUYPOWEHgtrVI+kMwELYHqLDX7i9VqsXhgFPeVz1wIV7s/i3budGeHMS6hjnyIc30FqM7CTY +fcvqVNZliErbjD1k1W1gMgvjLJowNvQC0W7K9/yoQhwTqtNMR4WZwA== +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-02a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-02a.cer new file mode 100644 index 00000000..c300891d --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-02a.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE-----
 +MIIEizCCA3OgAwIBAgIDAOSoMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
 +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
 +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
 +YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa
 +Fw0xNDEyMTMyMzAwMDBaMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
 +dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
 +a2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIw
 +IAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMIIBIjANBgkqhkiG9w0B
 +AQEFAAOCAQ8AMIIBCgKCAQEAk6V4oEauvXgEICqgjTbGHaiDhBVo2nosX23osoKM
 +LTkkO/nOCgpdCYpLKgURxwrgHgVh9XT99yxhy6lDwt2rASajj0sQ1fY5BmWVyrXS
 +dQ78ISMPb73XaG4M8H7PJFcsVEo9n8veVQwnMY5mSWy0r1IO8n93Bjbmmi4Zt8oS
 +p9olWo5/8ByYW8S/AKZuQx+q+bFJv7geuApVjK2iVFe8yQqHhAgDsAsDlMvxDAQ/
 +vhrGwHRv8N3sLsjirnbf5S2dGLDjASOMUFvwfLQd7gHH7PV37Xa+aQqa97eE6O4O
 +sIhcGRYhoLk/tWTBDapcgHJ0yTtrftuwORVteLUAy0gBNwIDAQABo4HhMIHeMA8G
 +A1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEkcWDpP6A0DMBMGA1UdIwQMMAqACEI9
 +KySmwUXOMA4GA1UdDwEB/wQEAwIBBjCBkgYDVR0fBIGKMIGHMIGEoIGBoH+GfWxk
 +YXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1RdWFsLTAyLG89QS1UcnVz
 +dCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFzZT9vYmplY3RjbGFz
 +cz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQBH
 +opWG7LKmPBvuGjZnRV4KGKzzUYVuxSRS1E0VIUPbVLf5xW2r5uUpR8ud5EpiPrcw
 +k6K0dzu2Vb4ZbMIP+6J16S/0qvTp/3A/3q87+nJ+ot+IT8GZFJfSw18th2WmZdzR
 +ShbM6sgViPtGsFROCdWeiHl248w2+zG+09sf8Bu3UyvwLRAiiKaxuwVdQ9kc0TL3
 +gvv+K5eisWWthQOX2IF2jGSEqoAVwfHhl7bc9Vt7XnJSpQFebHnsIVuV4Mv6w4ww
 +86hQPCLLvvV7wWDiBQ8l2FWneX0pNH3Wg+A1TRUoptc+pPDdpoP272MDm4fXyPKV
 +7QgIaIK+gXNUj2GGt1K9
 +-----END CERTIFICATE-----
 diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-03.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-03.cer new file mode 100644 index 00000000..2251ca22 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-03.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE-----
 +MIIEjzCCA3egAwIBAgIDAartMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
 +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
 +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
 +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MTExMzIzMDAw
 +MFoXDTE1MTExMzIzMDAwMFowgZ8xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
 +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
 +ZXJrZWhyIEdtYkgxIjAgBgNVBAsMGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDMx
 +IjAgBgNVBAMMGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDMwggEiMA0GCSqGSIb3
 +DQEBAQUAA4IBDwAwggEKAoIBAQC359oitbHkkEgdErRPeBdkcYRK2DLdxfcnn+SI
 +umSEYzWVscRTchPKSzb7f1a6EHPbB5WZsGJaUDX9KfTqsJNMo+7bASKk3gsLVxNZ
 +qY2t2G+y8HvREYYejDOIzjAkcBQrt+nvuBUlGYVJQjEuyAn18f2vG0Y3VNvZFGKn
 +PK8AVycUMk0Uw21RbK3vX5tbbPgQ/kcZkN4czi5VHepMvf6hAwwLoJj+KL9zxm8j
 +yPK88qCBKAjMNCpZKsEhyanw1CjYbVmHs45Q5W6FBtqDcS6Iq4mC6TtUPGtCTuoH
 +7/JLuhEp075ohp87v3fSlzeLJjBpkUDP9U8Tv7l2euD0t1UVAgMBAAGjgeMwgeAw
 +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIQZFpHL+t2JgwEwYDVR0jBAwwCoAI
 +RGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEGMIGUBgNVHR8EgYwwgYkwgYaggYOggYCG
 +fmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEt
 +VHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0
 +Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOC
 +AQEADTRIaQtPwoPS6/TpyBhOw4wAHk/RM4gkLT76URPY2sUHihxqy+8qEElN+f5l
 +I61myCP3IFTClflcHVR1QCoMg0ZI5/EcQTI8Dgd5iQkXuVjh3wCj87Ka2Tu7d1K+
 +i9VJ4BR/ph/qmPKR7Lx/PtATw/vWo4k2rbt5o1QwixZ7CPt+BF9xCaAC4uL0bB0M
 +9M3i9W2ePmqX6WIB3jMkT9FQC0KihPPfw/17KddNi4rFMMEiTyKvJTtTqDnIAwWW
 +TqsL1G7oxMMtnnYaKWMQ6gQiOiRzCY7efcAi/3YwUX6ULW5zxqapNs1vqEbSGsQE
 +l1eFl67HBZHYAPdoHGUnZF0KaQ==
 +-----END CERTIFICATE-----
 diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-01a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-01a.cer new file mode 100644 index 00000000..2d7f1a03 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-01a.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIEKDCCAxCgAwIBAgIDAOKKMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFUMRAwDgYDVQQK +EwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkwFwYDVQQDExBBLVRydXN0LW5R +dWFsLTAxMB4XDTA0MTIwNTIzMDAwMFoXDTA4MTEzMDIzMDAwMFowgaExCzAJBgNVBAYTAkFUMUgw +RgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0 +ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1jb3Jwb3JhdGUtbWVkaXVtLTAxMSMwIQYD +VQQDExphLXNpZ24tY29ycG9yYXRlLW1lZGl1bS0wMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANEbZyIMIXZYBjTj/+3TrNGssRKNNdTedQlWB3vJQWLzeG89Kzmhy1WDX8IqDrMtvpXH +5w6urK3ZT7HGu2Jldrib8rkEOdE9+uNGRtkP8Kuz//CvdXCbIDvBLqgvWn9a3Sl/rUicPqKwcEcN +bP2Q0iU6NvvALmoqs93PymfTZlkGOwzUe+O88huXkauGWT/DkJd4JYDNJ0wlaGrJa+OorT4Izk1J +EipqqedUjsAj4Gq3SKrZKG/H/CkoH9uWTzrzFgg8zQhCES4AClo84XVk//EIv3ABDw4hr+lqV1nF +eXch9o4mLIe5u045471YLJLmyuCPDopb8U2VUoyldpMx+Y8CAwEAAaOBszCBsDAPBgNVHRMBAf8E +BTADAQH/MBEGA1UdDgQKBAhOuHKxmCmfZDATBgNVHSMEDDAKgAhOWc7HAjKHMDAOBgNVHQ8BAf8E +BAMCAQYwZQYDVR0fBF4wXDBaoFigVoZUbGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1BLVRydXN0 +LW5RdWFsLTAxLG89QS1UcnVzdCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/MA0GCSqG +SIb3DQEBBQUAA4IBAQDaukYSeJVxWAh8QShqGqA6Plp9aXCTzwl9hE2gb+/xGPASo+NVQi/sUa0+ +bx29oSJaW6lKzdHQLAx4dwW9XTpJ+0mebB4fQfYHH0lGc1O4au/4O9k+C3SrD6x4WeY9k/SpUFu1 +qjzH+tjta81UWtU7Jve1BhckNwdOFx7cR8fdW+pUQSDV9XnPJfyb+gb9KWhvX+XAbgJoXW1HjJOO +P5sx6mFhMb3UqAfKQVoAuGbl4+uxIThBTqpICkaaD8WLdukqQjomUMDRbWIf6SblPuOEpPi1G/WM +qkTkpqX77Wkj08QY/yj5DDrsYJ5NymnWvu7jcoxCFCKvEQ8Q4g7AYKnG +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-02a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-02a.cer new file mode 100644 index 00000000..194d4d7c --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-02a.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE-----
 +MIIEjTCCA3WgAwIBAgIDAOSpMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
 +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
 +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
 +YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa
 +Fw0xNDEyMTMyMzAwMDBaMIGhMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
 +dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
 +a2VociBHbWJIMSMwIQYDVQQLDBphLXNpZ24tY29ycG9yYXRlLW1lZGl1bS0wMjEj
 +MCEGA1UEAwwaYS1zaWduLWNvcnBvcmF0ZS1tZWRpdW0tMDIwggEiMA0GCSqGSIb3
 +DQEBAQUAA4IBDwAwggEKAoIBAQCuaTBb6rHd5JZqAdvpmGIl5ne0Hg6GbpJvBeCI
 +U6l9Rs8ebMY6aIS++qJOE9rnJHdfZNzLzduuoWEzEuwm9a/azQThM+eT+xlG/Vcf
 +NuOQTTjAuXHLvYQ7WxSrBIT/kmAyqJgq/DEPvdX4jmCtVkuZ1gbxYIChLOVBWkVC
 +FCK49BuXECtNy5fzK/GyfouZOVoQgiQ1YfecqzibcwO0t+f68Pvp/s6HESAH5tXY
 +PdENDw4c/W/qKaeR87jPq98AJ8Lr4bmjWLjK8/ITtGglnJy8osFz22oR7f6fbWl6
 +5LdhJ3giM68WEabQcZkw8cx3RDOzbnL2Kn+PVNHHyp3Wh849AgMBAAGjgeEwgd4w
 +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISoLnpz/+q98wEwYDVR0jBAwwCoAI
 +Qj0rJKbBRc4wDgYDVR0PAQH/BAQDAgEGMIGSBgNVHR8EgYowgYcwgYSggYGgf4Z9
 +bGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1BLVRydXN0LVF1YWwtMDIsbz1BLVRy
 +dXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdD9iYXNlP29iamVjdGNs
 +YXNzPWVpZENlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggEB
 +ABqg1oRs/TZ0hJLJRV/xJglFzgn2fDAXeoVvWnAE09F1d0n+ZorKAKbMfiZ2CuKs
 +M0AhU23/5zM90DdrtYWXpa+P8ONALZtHJIqGfVuRKYJq7jY5TpE3yRkTcrp47smp
 +WqTwUgG+0aBeU9m+ZtGUFOsBkq+MudD8IZGc7VcLd1n4ltND9ITjX20hu01ju56c
 +YC69vFa5hmIccXg/Q3dGEV5Amx8MTQJluG3QvqBOY74yrAFICvK1zsvu+vOGvJQj
 +i+PxKlbQdehrV82VDxyfSjpEUADWMGRfE5vg4YBGgfRosh4w7a6ThD2LMLFPmIhy
 +P6+VGUBCm2tMDDOo9DVkXFs=
 +-----END CERTIFICATE-----
 diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties new file mode 100644 index 00000000..93796a7e --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties @@ -0,0 +1,53 @@ +#
 +# Copyright 2008 Federal Chancellery Austria and
 +# Graz University of Technology
 +#
 +# Licensed under the Apache License, Version 2.0 (the "License");
 +# you may not use this file except in compliance with the License.
 +# You may obtain a copy of the License at
 +#
 +#     http://www.apache.org/licenses/LICENSE-2.0
 +#
 +# Unless required by applicable law or agreed to in writing, software
 +# distributed under the License is distributed on an "AS IS" BASIS,
 +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 +# See the License for the specific language governing permissions and
 +# limitations under the License.
 +#
 +
 +
 +# Configuration for online CCE
 +
 +# security manager configuration
 +AccessController.acceptUnmatched=false
 +AccessController.policyResource=classpath:at/gv/egiz/bku/local/conf/accessControlConfig.xml
 +
 +# ------------BEGIN SSL Config --------------------
 +# SSL configuration for connections to external
 +# resources (e.g. data urls)
 +
 +# directory where certificates for 
 +# chain constructions can be placed
 +SSL.certDirectory=classpath:at/gv/egiz/bku/local/conf/certs/certStore
 +
 +# a LDAP repository
 +SSL.ldapServer=    
 +SSL.ldapPort=389      
 +
 +# Directory where trusted CA 
 +# certificates are placed
 +SSL.caDirectory=classpath:at/gv/egiz/bku/local/conf/certs/CACerts
 +
 +SSL.doRevocationChecking=true
 +SSL.sslProtocol=TLS
 +
 +SSL.cache.lifetime=3600
 +# use authority info access extension to find ca certs.
 +SSL.useAIA=true
 +
 +# ------------ END SSL Config  --------------------
 +
 +ValidateHashDataInputs=true
 +
 +
 +
 diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/logo.png b/BKULocal/src/main/resources/at/gv/egiz/bku/local/logo.pngBinary files differ deleted file mode 100644 index eee4be4f..00000000 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/logo.png +++ /dev/null diff --git a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml index c0ffc927..c6a5088a 100644 --- a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml @@ -20,7 +20,7 @@    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd">
    <bean id="STALFactory" class="at.gv.egiz.bku.local.stal.SMCCSTALFactory"
      scope="singleton" />
 -  <bean id="commandInvoker" class="at.gv.egiz.bku.binding.SLCommandInvokerImpl" />
 +  
    <bean id="bindingProcessorManager" class="at.gv.egiz.bku.binding.BindingProcessorManagerImpl"
      scope="singleton">
      <constructor-arg ref="STALFactory"></constructor-arg>
 @@ -37,33 +37,21 @@      </property>
    </bean>
 -  <!-- Configure Configuration -->
 -  <bean id="configurator" class="at.gv.egiz.bku.local.conf.Configurator"
 -    scope="singleton">
 +  <bean id="accessController" class="at.gv.egiz.bku.local.accesscontroller.SpringSecurityManager"
 +    scope="singleton" init-method="init">
 +    <property name="config" ref="configurator"/>
 +    </bean>
 +
 +  <bean id="commandInvoker" class="at.gv.egiz.bku.binding.SLCommandInvokerImpl">
 +    <property name="securityManager" ref="accessController" />
    </bean>
 -  <!-- Configure timer to check config update -->
 -  <bean id="configUpdater"
 -    class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean">
 -    <property name="targetObject" ref="configurator" />
 -    <property name="targetMethod" value="checkUpdate" />
 -  </bean>
 -  <bean id="configTrigger"
 -    class="org.springframework.scheduling.quartz.SimpleTriggerBean">
 -    <property name="jobDetail" ref="configUpdater"></property>
 -    <property name="startDelay" value="10000"></property>
 -    <property name="repeatInterval" value="30000"></property>
 -  </bean>
 -  <bean class="org.springframework.scheduling.quartz.SchedulerFactoryBean">
 -    <property name="triggers">
 -      <list>
 -        <ref bean="configTrigger" />
 -      </list>
 -    </property>
 -    <property name="quartzProperties">
 -      <props>
 -        <prop key="org.quartz.threadPool.threadCount">1</prop>
 -      </props>
 -    </property>
 +  <!-- Configure Configuration -->
 +  <bean id="configurator" factory-method="getInstance" class="at.gv.egiz.bku.local.conf.SpringConfigurator"
 +     init-method="configure">
 +    <!-- <property name="resource" value="classpath:at/gv/egiz/bku/local/conf/defaultConf.properties"/>  -->
 +    <property name="resource" value="classpath:at/gv/egiz/bku/local/conf/defaultConf.properties"/>
    </bean>
 + 
 + 
  </beans>
\ No newline at end of file diff --git a/BKULocal/src/test/java/ConfigTest.java b/BKULocal/src/test/java/ConfigTest.java deleted file mode 100644 index 558d1c47..00000000 --- a/BKULocal/src/test/java/ConfigTest.java +++ /dev/null @@ -1,49 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -*     http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -import java.net.URL;
 -
 -import org.apache.commons.configuration.Configuration;
 -import org.apache.commons.configuration.ConfigurationException;
 -import org.apache.commons.configuration.ConfigurationFactory;
 -import org.junit.Ignore;
 -
 -@Ignore
 -public class ConfigTest {
 -  
 -  
 -  private void testConfig() throws ConfigurationException {
 -    ConfigurationFactory factory = new ConfigurationFactory();
 -    URL configURL = getClass().getResource("/config.xml");
 -    factory.setConfigurationURL(configURL);
 -    Configuration config = factory.getConfiguration();
 -    System.out.println("-------->: "+config.getInt("hans"));
 -  }
 -
 -  /**
 -   * @param args
 -   */
 -  public static void main(String[] args) {
 -    ConfigTest ct = new ConfigTest();
 -    try {
 -      ct.testConfig();
 -    } catch (ConfigurationException e) {
 -      // TODO Auto-generated catch block
 -      e.printStackTrace();
 -    }
 -  }
 -
 -}
 diff --git a/BKULocal/src/test/java/JustASandbox.java b/BKULocal/src/test/java/JustASandbox.java deleted file mode 100644 index b151df92..00000000 --- a/BKULocal/src/test/java/JustASandbox.java +++ /dev/null @@ -1,78 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -*     http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -import java.io.ByteArrayOutputStream;
 -import java.io.FileOutputStream;
 -import java.io.IOException;
 -import java.io.InputStream;
 -import java.net.URL;
 -import java.util.ArrayList;
 -import java.util.List;
 -
 -import javax.net.ssl.HttpsURLConnection;
 -
 -import org.junit.Ignore;
 -
 -import at.gv.egiz.bku.local.conf.Configurator;
 -import at.gv.egiz.bku.local.stal.SMCCSTALFactory;
 -import at.gv.egiz.bku.utils.StreamUtil;
 -import at.gv.egiz.stal.InfoboxReadRequest;
 -import at.gv.egiz.stal.STAL;
 -import at.gv.egiz.stal.STALRequest;
 -import at.gv.egiz.stal.STALResponse;
 -import at.gv.egiz.stal.SignRequest;
 -import at.gv.egiz.stal.SignResponse;
 -
 -@Ignore
 -public class JustASandbox {
 -
 -  /**
 -   * @param args
 -   * @throws IOException 
 -   */
 -  public static void main(String[] args) throws IOException {
 - 
 -    Configurator cfg = new Configurator();
 -    URL url = new URL("https://demo.egiz.gv.at");
 -    HttpsURLConnection uc = (HttpsURLConnection) url.openConnection();
 -    uc.connect();
 -    System.exit(-1);
 -    
 -    InfoboxReadRequest req = new InfoboxReadRequest();
 -    req.setInfoboxIdentifier("SecureSignatureKeypair");
 -    
 -    ByteArrayOutputStream os = new ByteArrayOutputStream();
 -    InputStream is = JustASandbox.class.getClassLoader().getResourceAsStream("at/gv/egiz/bku/local/stal/sigInfo.xml");
 -    StreamUtil.copyStream(is, os);
 -    SignRequest sr = new SignRequest();
 -    sr.setSignedInfo(os.toByteArray());
 -    sr.setKeyIdentifier("SecureSignatureKeypair"); //os.toByteArray(), "SecureSignatureKeypair", null);
 -    STAL stal = (new SMCCSTALFactory()).createSTAL();
 -    
 -    List<STALRequest> reqList = new ArrayList<STALRequest>(2);
 -    reqList.add(req);
 -    reqList.add(sr);
 -    
 -    List<STALResponse> resp = stal.handleRequest(reqList);
 -    System.out.println(resp.get(0));
 -    System.out.println(resp.get(1));
 -    FileOutputStream fos = new FileOutputStream("c:/tmp/seq_now.der");
 -    SignResponse sir = (SignResponse) resp.get(1);
 -    fos.write(sir.getSignatureValue());
 -    fos.close();
 -  }
 -
 -}
 | 
