From c5e7fe66617ab4b0d54350f8248d281b76cc5055 Mon Sep 17 00:00:00 2001 From: wbauer Date: Thu, 18 Sep 2008 12:05:03 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@49 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- BKULocal/pom.xml | 147 ++++---- .../accesscontroller/SpringSecurityManager.java | 65 ++++ .../egiz/bku/local/conf/ConfigurationUpdater.java | 44 --- .../at/gv/egiz/bku/local/conf/Configurator.java | 375 ++++++--------------- .../gv/egiz/bku/local/conf/SpringConfigurator.java | 336 ++++++++++++++++++ .../at/gv/egiz/bku/local/stal/BKUGuiProxy.java | 6 +- .../java/at/gv/egiz/bku/local/stal/SMCCSTAL.java | 11 +- .../at/gv/egiz/bku/local/stal/SMCCSTALFactory.java | 4 +- .../at/gv/egiz/bku/local/Userdialog.properties | 27 -- .../resources/at/gv/egiz/bku/local/baseconfig.xml | 38 --- .../gv/egiz/bku/local/conf/accessControlConfig.xml | 96 ++++++ .../local/conf/certs/CACerts/A-Trust-Qual-01a.cer | Bin 0 -> 1111 bytes .../local/conf/certs/CACerts/A-Trust-Qual-02a.cer | Bin 0 -> 975 bytes .../local/conf/certs/CACerts/A-Trust-Qual-03a.cer | Bin 0 -> 975 bytes .../local/conf/certs/CACerts/A-Trust-nQual-01a.cer | Bin 0 -> 865 bytes .../local/conf/certs/CACerts/A-Trust-nQual-03.cer | Bin 0 -> 979 bytes .../local/conf/certs/certStore/a-sign-SSL-03.cer | 26 ++ .../conf/certs/certStore/a-sign-corporate-03.cer | 27 ++ .../certs/certStore/a-sign-corporate-light-01a.cer | 21 ++ .../certs/certStore/a-sign-corporate-light-02a.cer | 27 ++ .../certs/certStore/a-sign-corporate-light-03.cer | 27 ++ .../certStore/a-sign-corporate-medium-01a.cer | 21 ++ .../certStore/a-sign-corporate-medium-02a.cer | 27 ++ .../gv/egiz/bku/local/conf/defaultConf.properties | 53 +++ .../main/resources/at/gv/egiz/bku/local/logo.png | Bin 4035 -> 0 bytes .../resources/at/gv/egiz/bku/local/truststore.jks | Bin 1037 -> 0 bytes .../src/main/webapp/WEB-INF/applicationContext.xml | 42 +-- BKULocal/src/test/java/ConfigTest.java | 49 --- BKULocal/src/test/java/JustASandbox.java | 78 ----- 29 files changed, 926 insertions(+), 621 deletions(-) create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java delete mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/conf/ConfigurationUpdater.java create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java delete mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/Userdialog.properties delete mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/baseconfig.xml create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-01a.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-02a.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-03a.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-01a.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-03.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-SSL-03.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-03.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-01a.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-02a.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-03.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-01a.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-02a.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties delete mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/logo.png delete mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/truststore.jks delete mode 100644 BKULocal/src/test/java/ConfigTest.java delete mode 100644 BKULocal/src/test/java/JustASandbox.java (limited to 'BKULocal') diff --git a/BKULocal/pom.xml b/BKULocal/pom.xml index 341e574a..49ec95a0 100644 --- a/BKULocal/pom.xml +++ b/BKULocal/pom.xml @@ -1,84 +1,69 @@ - - bku - at.gv.egiz - 1.0-SNAPSHOT - - 4.0.0 - at.gv.egiz - BKULocal - war - BKU Local - 1.0-SNAPSHOT - - - - at.gv.egiz - STAL - 1.0-SNAPSHOT - - - at.gv.egiz - bkucommon - 1.0-SNAPSHOT - - - at.gv.egiz - smcc - 1.0-SNAPSHOT - - - at.gv.egiz - smccSTAL - 1.0-SNAPSHOT - - - org.springframework - spring-core - 2.5.5 - - - javax.servlet - servlet-api - 2.5 - provided - - - org.springframework - spring-web - 2.5.5 - - - commons-configuration - commons-configuration - 1.5 - - - commons-logging - commons-logging - - - org.springframework - spring-support - 2.0.8 - - - opensymphony - quartz - 1.5.0 - - - org.springframework - spring-tx - 2.5.5 - - - at.gv.egiz - BKUApplet - 1.0-SNAPSHOT - - + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + + bku + at.gv.egiz + 1.0-SNAPSHOT + + 4.0.0 + at.gv.egiz + BKULocal + war + BKU Local + 1.0-SNAPSHOT + + + + at.gv.egiz + STAL + 1.0-SNAPSHOT + + + at.gv.egiz + bkucommon + 1.0-SNAPSHOT + + + at.gv.egiz + smcc + 1.0-SNAPSHOT + + + at.gv.egiz + smccSTAL + 1.0-SNAPSHOT + + + org.springframework + spring-core + 2.5.5 + + + javax.servlet + servlet-api + 2.5 + provided + + + org.springframework + spring-web + 2.5.5 + + + commons-logging + commons-logging + + + at.gv.egiz + BKUApplet + 1.0-SNAPSHOT + + + at.gv.egiz + BKUViewer + 1.0-SNAPSHOT + + \ No newline at end of file diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java new file mode 100644 index 00000000..b547bf6a --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java @@ -0,0 +1,65 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.local.accesscontroller; + +import java.io.IOException; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer; +import org.springframework.context.ResourceLoaderAware; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; + +import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade; +import at.gv.egiz.bku.local.conf.Configurator; + +public class SpringSecurityManager extends SecurityManagerFacade implements + ResourceLoaderAware { + + private ResourceLoader resourceLoader; + + private static Log log = LogFactory.getLog(SpringSecurityManager.class); + + protected Configurator config; + + public void setConfig(Configurator config) { + this.config = config; + } + + public void init() { + String noMatch = config.getProperty("AccessController.acceptNoMatch"); + if (noMatch != null) { + log.debug("Setting allow now match to: " + noMatch); + setAllowUnmatched(Boolean.getBoolean(noMatch)); + } + String policy = config.getProperty("AccessController.policyResource"); + log.info("Loading resource: " + policy); + try { + Resource res = resourceLoader.getResource(policy); + init(res.getInputStream()); + } catch (IOException e) { + log.error(e); + } + } + + @Override + public void setResourceLoader(ResourceLoader loader) { + this.resourceLoader = loader; + } + +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/ConfigurationUpdater.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/ConfigurationUpdater.java deleted file mode 100644 index 3214f4bc..00000000 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/ConfigurationUpdater.java +++ /dev/null @@ -1,44 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.local.conf; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.quartz.JobExecutionContext; -import org.quartz.JobExecutionException; -import org.springframework.scheduling.quartz.QuartzJobBean; - -public class ConfigurationUpdater extends QuartzJobBean { - private static Log log = LogFactory.getLog(ConfigurationUpdater.class); - private Configurator config; - - @Override - protected void executeInternal(JobExecutionContext arg0) - throws JobExecutionException { - log.trace("Checking config update"); - config.checkUpdate(); - } - - public Configurator getConfig() { - return config; - } - - public void setConfig(Configurator config) { - this.config = config; - } - -} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java index e9510101..57a0f84f 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java @@ -1,274 +1,103 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.local.conf; - -import iaik.security.ecc.provider.ECCProvider; -import iaik.xml.crypto.XSecProvider; - -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.InputStream; -import java.net.HttpURLConnection; -import java.security.KeyStore; -import java.security.Provider; -import java.security.Security; -import java.security.cert.CertStore; -import java.security.cert.CertificateFactory; -import java.security.cert.CollectionCertStoreParameters; -import java.security.cert.PKIXBuilderParameters; -import java.security.cert.X509CertSelector; -import java.security.cert.X509Certificate; -import java.util.Enumeration; -import java.util.LinkedList; -import java.util.List; - -import javax.net.ssl.CertPathTrustManagerParameters; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.ManagerFactoryParameters; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManagerFactory; - -import org.apache.commons.configuration.ConfigurationException; -import org.apache.commons.configuration.XMLConfiguration; -import org.apache.commons.configuration.reloading.FileChangedReloadingStrategy; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; -import at.gv.egiz.smcc.SWCard; -import at.gv.egiz.smcc.util.SMCCHelper; - -public class Configurator { - private Log log = LogFactory.getLog(Configurator.class); - private XMLConfiguration baseConfig; - private XMLConfiguration specialConfig; - private boolean autoSave = false; - - public Configurator() { - super(); - init(); - configure(); - } - - private void init() { - log.debug("Initializing configuration"); - - baseConfig = new XMLConfiguration(); - try { - baseConfig.load(getClass().getClassLoader().getResourceAsStream( - "./at/gv/egiz/bku/local/baseconfig.xml")); - log.debug("Successfully loaded base configuration"); - } catch (ConfigurationException e) { - log.error("Cannot load base configuration", e); - } - autoSave = baseConfig.getBoolean("OverrideConfigurationFile[@autosave]"); - try { - specialConfig = new XMLConfiguration(); - specialConfig.setFileName(baseConfig - .getString("OverrideConfigurationFile")); - specialConfig.load(); - } catch (Exception e) { - log.debug("Cannot get special configuration at: " - + baseConfig.getString("OverrideConfigurationFile") + ": " + e); - log.debug("Creating new special configuration"); - try { - specialConfig = new XMLConfiguration(baseConfig); - specialConfig.setFileName(baseConfig - .getString("OverrideConfigurationFile")); - specialConfig.save(); - } catch (ConfigurationException e1) { - log.error("Cannot load defaults " + e1); - } - } - specialConfig.setReloadingStrategy(new FileChangedReloadingStrategy()); - specialConfig.setAutoSave(autoSave); - } - - protected void configUrlConnections() { - HttpsURLConnection.setFollowRedirects(false); - HttpURLConnection.setFollowRedirects(false); - } - - protected KeyStore loadKeyStore(String fileName, String type, String password) { - KeyStore ks = null; - try { - ks = KeyStore.getInstance(type); - InputStream is = new FileInputStream(fileName); - if (is == null) { - log.warn("Cannot load keystore from: " + fileName); - } - ks.load(is, password.toCharArray()); - for (Enumeration alias = ks.aliases(); alias.hasMoreElements();) { - log.debug("Found keystore alias: " + alias.nextElement()); - } - } catch (Exception e) { - log.error("Cannot config keystore", e); - return null; - } - return ks; - } - - protected void configSSL() { - String trustStoreName = specialConfig.getString("SSL.trustStoreFile"); - String trustStoreType = specialConfig.getString("SSL.trustStoreType"); - String trustStorePass = specialConfig.getString("SSL.trustStorePass"); - String certStoreDirectory = specialConfig - .getString("SSL.certStoreDirectory"); - String keyStoreName = specialConfig.getString("SSL.keyStoreFile"); - String keyStoreType = specialConfig.getString("SSL.keyStoreType"); - String keyStorePass = specialConfig.getString("SSL.keyStorePass"); - - String caIncludeDir = specialConfig.getString("SSL.caIncludeDirectory"); - - KeyStore trustStore = loadKeyStore(trustStoreName, trustStoreType, - trustStorePass); - KeyStore keyStore = null; - if (keyStoreName != null) { - keyStore = loadKeyStore(keyStoreName, keyStoreType, keyStorePass); - } - - try { - PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore, - new X509CertSelector()); - - if (certStoreDirectory != null) { - File dir = new File(certStoreDirectory); - if (dir.isDirectory()) { - List certCollection = new LinkedList(); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - for (File f : dir.listFiles()) { - log.debug("adding " + f.getName()); - certCollection.add((X509Certificate) cf - .generateCertificate(new FileInputStream(f))); - } - CollectionCertStoreParameters csp = new CollectionCertStoreParameters( - certCollection); - CertStore cs = CertStore.getInstance("Collection", csp); - pkixParams.addCertStore(cs); - log.debug("Added collection certstore"); - } else { - log.error("CertstoreDirectory " + certStoreDirectory - + " is not a directory"); - } - } - - if (caIncludeDir != null) { - File dir = new File(caIncludeDir); - if (dir.exists() && dir.isDirectory()) { - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - try { - for (File f : dir.listFiles()) { - FileInputStream fis = new FileInputStream(f); - X509Certificate cert = (X509Certificate) cf - .generateCertificate(fis); - fis.close(); - log.debug("Adding trusted cert " + cert.getSubjectDN()); - trustStore.setCertificateEntry(cert.getSubjectDN().getName(), - cert); - f.delete(); - } - } finally { - trustStore.store(new FileOutputStream(trustStoreName), - trustStorePass.toCharArray()); - } - } - } - - pkixParams.setRevocationEnabled(specialConfig - .getBoolean("SSL.revocation")); - if (specialConfig.getBoolean("SSL.revocation")) { - System.setProperty("com.sun.security.enableCRLDP ", "true"); - Security.setProperty("ocsp.enable", "true"); - } - System.setProperty("com.sun.security.enableAIAcaIssuers", "true"); - log.debug("Setting revocation check to: " - + pkixParams.isRevocationEnabled()); - ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters( - pkixParams); - TrustManagerFactory trustFab = TrustManagerFactory.getInstance("PKIX"); - trustFab.init(trustParams); - - KeyManager[] km = null; - SSLContext sslCtx = SSLContext.getInstance(specialConfig - .getString("SSL.sslProtocol")); - if (keyStore != null) { - KeyManagerFactory keyFab = KeyManagerFactory.getInstance("SunX509"); - keyFab.init(keyStore, keyStorePass.toCharArray()); - km = keyFab.getKeyManagers(); - } - sslCtx.init(km, trustFab.getTrustManagers(), null); - HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); - log.info("Successfully configured ssl"); - } catch (Exception e) { - log.debug("Cannot init ssl", e); - } - } - - protected void configureProviders() { - log.debug("Registering security providers"); - ECCProvider.addAsProvider(false); - Security.addProvider(new STALProvider()); - XSecProvider.addAsProvider(false); - StringBuffer sb = new StringBuffer(); - sb.append("Following providers are now registered: "); - int i = 1; - for (Provider prov : Security.getProviders()) { - sb.append((i++) + ". : " + prov); - } - log.debug("Configured provider" + sb.toString()); - } - - protected void configureBKU() { - if (specialConfig.containsKey("BKU.useSWCard")) { - boolean useSWCard = specialConfig.getBoolean("BKU.useSWCard"); - log.info("Setting SW Card to: "+useSWCard); - SMCCHelper.setUseSWCard(useSWCard); - } - if (specialConfig.containsKey("BKU.SWCardDirectory")) { - //SWCard. - } - } - - public void configure() { - configureProviders(); - configSSL(); - configUrlConnections(); - configureBKU(); - - } - - public void checkUpdate() { - if (specialConfig.getReloadingStrategy().reloadingRequired()) { - log.info("Reloading configuration: " + specialConfig.getFileName()); - specialConfig.setAutoSave(false); - specialConfig.clear(); - try { - specialConfig.load(); - } catch (ConfigurationException e) { - log.fatal(e); - } - specialConfig.setAutoSave(specialConfig - .getBoolean("OverrideConfigurationFile[@autosave]")); - configure(); - specialConfig.getReloadingStrategy().reloadingPerformed(); - } - } - -} + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.conf; + +import iaik.security.ecc.provider.ECCProvider; +import iaik.security.provider.IAIK; +import iaik.xml.crypto.XSecProvider; + +import java.io.IOException; +import java.net.HttpURLConnection; +import java.security.Provider; +import java.security.Security; +import java.util.Properties; + +import javax.net.ssl.HttpsURLConnection; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.binding.DataUrl; +import at.gv.egiz.bku.binding.DataUrlConnection; +import at.gv.egiz.bku.slcommands.impl.xsect.DataObject; +import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; + +/** + * + * TODO currently only the code to get started. + */ +public abstract class Configurator { + + private Log log = LogFactory.getLog(Configurator.class); + + private static Configurator instance = new SpringConfigurator(); + + protected Properties properties; + + protected Configurator() { + } + + public static Configurator getInstance() { + return instance; + } + + protected void configUrlConnections() { + HttpsURLConnection.setFollowRedirects(false); + HttpURLConnection.setFollowRedirects(false); + } + + protected void configureProviders() { + log.debug("Registering security providers"); + Security.insertProviderAt(new IAIK(), 1); + Security.insertProviderAt(new ECCProvider(false), 2); + Security.addProvider(new STALProvider()); + XSecProvider.addAsProvider(false); + StringBuilder sb = new StringBuilder(); + sb.append("Registered providers: "); + int i = 1; + for (Provider prov : Security.getProviders()) { + sb.append((i++) + ". : " + prov); + } + log.debug(sb.toString()); + } + + protected void configViewer() { + String bv = properties.getProperty("ValidateHashDataInputs"); + if (bv != null) { + DataObject.enableHashDataInputValidation(Boolean.parseBoolean(bv)); + } else { + log.warn("ValidateHashDataInputs not set, falling back to default"); + } + } + + public void configure() { + configureProviders(); + configUrlConnections(); + configViewer(); + } + + public void setConfiguration(Properties props) { + this.properties = props; + } + + public String getProperty(String key) { + if (properties != null) { + return properties.getProperty(key); + } + return null; + } +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java new file mode 100644 index 00000000..3aeb1745 --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java @@ -0,0 +1,336 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.conf; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.Security; +import java.security.cert.CertPathBuilder; +import java.security.cert.CertStore; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.CollectionCertStoreParameters; +import java.security.cert.LDAPCertStoreParameters; +import java.security.cert.PKIXBuilderParameters; +import java.security.cert.PKIXCertPathBuilderResult; +import java.security.cert.TrustAnchor; +import java.security.cert.X509CertSelector; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Properties; +import java.util.Set; + +import javax.net.ssl.CertPathTrustManagerParameters; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.KeyManager; +import javax.net.ssl.ManagerFactoryParameters; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.context.ResourceLoaderAware; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; + +import at.gv.egiz.bku.binding.DataUrl; +import at.gv.egiz.bku.binding.DataUrlConnection; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; + +public class SpringConfigurator extends Configurator implements + ResourceLoaderAware { + + private final static Log log = LogFactory.getLog(SpringConfigurator.class); + + private ResourceLoader resourceLoader; + + public SpringConfigurator() { + File configDir = new File(System.getProperty("user.home") + "/.bku/conf"); + if (configDir.exists()) { + log.debug("Found existing config directory: " + configDir); + } else { + log.info("Config dir not existing, creating new"); + if (!configDir.mkdirs()) { + log.error("Cannot create directory: " + configDir); + } + } + } + + public void setResource(Resource resource) { + log.debug("Loading config from: " + resource); + if (resource != null) { + Properties props = new Properties(); + try { + props.load(resource.getInputStream()); + super.setConfiguration(props); + } catch (IOException e) { + log.error("Cannot load config", e); + } + } else { + log.warn("Cannot load properties, resource: " + resource); + } + } + + public void configureVersion() { + Properties p = new Properties(); + try { + p.load(resourceLoader.getResource("META-INF/MANIFEST.MF") + .getInputStream()); + String version = p.getProperty("Implementation-Build"); + properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, + "citizen-card-environment/1.2 MOCCA " + version); + DataUrl.setConfiguration(properties); + log.debug("Setting user agent to: " + + properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); + } catch (IOException e) { + log.error(e); + } + } + + public void configure() { + super.configure(); + configureSSL(); + configureVersion(); + configureNetwork(); + } + + public void configureNetwork() { + + } + + private Set getCACerts() throws IOException, + CertificateException { + Set caCerts = new HashSet(); + String caDirectory = getProperty("SSL.caDirectory"); + if (caDirectory != null) { + Resource caDirRes = resourceLoader.getResource(caDirectory); + File caDir = caDirRes.getFile(); + if (!caDir.isDirectory()) { + log.error("Expecting directory as SSL.caDirectory parameter"); + throw new SLRuntimeException( + "Expecting directory as SSL.caDirectory parameter"); + } + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + for (File f : caDir.listFiles()) { + try { + FileInputStream fis = new FileInputStream(f); + X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); + fis.close(); + log.debug("Adding trusted cert " + cert.getSubjectDN()); + caCerts.add(new TrustAnchor(cert, null)); + } catch (Exception e) { + log.error("Cannot add trusted ca", e); + } + } + return caCerts; + + } else { + log.warn("No CA certificates configured"); + } + return null; + } + + private List getCertstore() throws IOException, + CertificateException, InvalidAlgorithmParameterException, + NoSuchAlgorithmException { + List resultList = new ArrayList(); + String certDirectory = getProperty("SSL.certDirectory"); + if (certDirectory != null) { + Resource certDirRes = resourceLoader.getResource(certDirectory); + + File certDir = certDirRes.getFile(); + if (!certDir.isDirectory()) { + log.error("Expecting directory as SSL.certDirectory parameter"); + throw new SLRuntimeException( + "Expecting directory as SSL.certDirectory parameter"); + } + List certCollection = new LinkedList(); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + for (File f : certDir.listFiles()) { + try { + FileInputStream fis = new FileInputStream(f); + X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); + certCollection.add(cert); + fis.close(); + log + .trace("Added following cert to certstore: " + + cert.getSubjectDN()); + } catch (Exception ex) { + log.error("Cannot add certificate", ex); + } + } + CollectionCertStoreParameters csp = new CollectionCertStoreParameters( + certCollection); + resultList.add(CertStore.getInstance("Collection", csp)); + log.info("Added collection certstore"); + } else { + log.warn("No certstore directory configured"); + } + String ldapHost = getProperty("SSL.ldapServer"); + if ((ldapHost != null) && (!"".equals(ldapHost))) { + String ldapPortString = getProperty("SSL.ldapPort"); + int ldapPort = 389; + if (ldapPortString != null) { + try { + ldapPort = Integer.parseInt(ldapPortString); + } catch (NumberFormatException nfe) { + log.error("Invalid ldap port, using default 389"); + } + } else { + log.warn("ldap port not specified, using default 389"); + } + LDAPCertStoreParameters ldapParams = new LDAPCertStoreParameters( + ldapHost, ldapPort); + resultList.add(CertStore.getInstance("LDAP", ldapParams)); + log.info("Added LDAP certstore"); + } + return resultList; + } + + public void configureSSL() { + Set caCerts = null; + try { + caCerts = getCACerts(); + } catch (Exception e1) { + log.error("Cannot load CA certificates", e1); + } + List certStoreList = null; + try { + certStoreList = getCertstore(); + } catch (Exception e1) { + log.error("Cannot load certstore certificates", e1); + } + String aia = getProperty("SSL.useAIA"); + if ((aia == null) || (aia.equals(""))) { + System.setProperty("com.sun.security.enableAIAcaIssuers", "true"); + } else { + System.setProperty("com.sun.security.enableAIAcaIssuers", aia); + } + String lifetime = getProperty("SSL.cache.lifetime"); + if ((lifetime == null) || (lifetime.equals(""))) { + System.setProperty("sun.security.certpath.ldap.cache.lifetime", "0"); + } else { + System.setProperty("sun.security.certpath.ldap.cache.lifetime", lifetime); + } + X509CertSelector selector = new X509CertSelector(); + PKIXBuilderParameters pkixParams; + try { + pkixParams = new PKIXBuilderParameters(caCerts, selector); + if ((getProperty("SSL.doRevocationChecking") != null) + && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) { + log.info("Enable revocation checking"); + System.setProperty("com.sun.security.enableCRLDP", "true"); + Security.setProperty("ocsp.enable", "true"); + } else { + log.warn("Revocation checking disabled"); + } + for (CertStore cs : certStoreList) { + pkixParams.addCertStore(cs); + } + ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters( + pkixParams); + TrustManagerFactory trustFab; + trustFab = TrustManagerFactory.getInstance("PKIX"); + trustFab.init(trustParams); + KeyManager[] km = null; + SSLContext sslCtx = SSLContext + .getInstance(getProperty("SSL.sslProtocol")); + sslCtx.init(km, trustFab.getTrustManagers(), null); + // sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts, + // certStoreList) }, null); + HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); + } catch (Exception e) { + log.error("Cannot configure SSL", e); + } + } + + @Override + public void setResourceLoader(ResourceLoader loader) { + this.resourceLoader = loader; + } +} + +class MyTrustManager implements X509TrustManager { + private static Log log = LogFactory.getLog(MyTrustManager.class); + private Set caCerts; + private List certStoreList; + private X509Certificate[] trustedCerts; + + public MyTrustManager(Set caCerts, List cs) { + this.caCerts = caCerts; + this.certStoreList = cs; + trustedCerts = new X509Certificate[caCerts.size()]; + int i = 0; + for (Iterator it = caCerts.iterator(); it.hasNext();) { + TrustAnchor ta = it.next(); + trustedCerts[i++] = ta.getTrustedCert(); + } + + } + + @Override + public void checkClientTrusted(X509Certificate[] arg0, String arg1) + throws CertificateException { + log.error("Did not expect this method to get called"); + throw new CertificateException("Method not implemented"); + } + + @Override + public void checkServerTrusted(X509Certificate[] certs, String arg1) + throws CertificateException { + try { + log.debug("Checking server certificate: " + certs[0].getSubjectDN()); + CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX"); + X509CertSelector selector = new X509CertSelector(); + selector.setCertificate(certs[0]); + PKIXBuilderParameters pkixParams; + pkixParams = new PKIXBuilderParameters(caCerts, selector); + pkixParams.setRevocationEnabled(true); // FIXME + for (CertStore cs : certStoreList) { + pkixParams.addCertStore(cs); + } + PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) pathBuilder + .build(pkixParams); + if (log.isTraceEnabled()) { + StringBuffer sb = new StringBuffer(); + for (Certificate cert : result.getCertPath().getCertificates()) { + sb.append(((X509Certificate) cert).getSubjectDN()); + sb.append("->"); + } + sb.append("End"); + log.trace(sb); + } + } catch (Exception e) { + throw new CertificateException(e); + } + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return trustedCerts; + } + +} \ No newline at end of file diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java index 0bed928d..c543c8ca 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java @@ -1,7 +1,12 @@ package at.gv.egiz.bku.local.stal; import java.awt.Container; +import java.awt.EventQueue; +import java.awt.Toolkit; import java.awt.event.ActionListener; +import java.awt.event.FocusEvent; +import java.awt.event.FocusListener; +import java.awt.event.WindowEvent; import java.util.List; import javax.swing.JDialog; @@ -126,5 +131,4 @@ public class BKUGuiProxy implements BKUGUIFacade { showDialog(); delegate.showWelcomeDialog(); } - } diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java index 6f9e72c5..4bc921aa 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java @@ -7,6 +7,7 @@ import javax.swing.JDialog; import at.gv.egiz.bku.gui.BKUGUIFacade; import at.gv.egiz.bku.online.applet.BKUWorker; +import at.gv.egiz.stal.QuitRequest; import at.gv.egiz.stal.STALRequest; import at.gv.egiz.stal.STALResponse; import at.gv.egiz.stal.SignRequest; @@ -26,8 +27,16 @@ public class SMCCSTAL extends BKUWorker { public List handleRequest(List requestList) { signatureCard = null; List responses = super.handleRequest(requestList); - container.setVisible(false); + //container.setVisible(false); return responses; } + @Override + public STALResponse handleRequest(STALRequest request) { + if (request instanceof QuitRequest) { + container.setVisible(false); + } + return null; + } + } diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java index 97646d09..f9a8bef5 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java @@ -53,6 +53,7 @@ public class SMCCSTALFactory implements STALFactory { stal = new SMCCSTAL(new BKUGuiProxy(dialog, gui), dialog, resourceBundle); dialog.setPreferredSize(new Dimension(400, 200)); dialog.setDefaultCloseOperation(WindowConstants.HIDE_ON_CLOSE); + dialog.pack(); Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize(); Dimension frameSize = dialog.getSize(); if (frameSize.height > screenSize.height) { @@ -63,13 +64,12 @@ public class SMCCSTALFactory implements STALFactory { } dialog.setLocation((screenSize.width - frameSize.width) / 2, (screenSize.height - frameSize.height) / 2); - dialog.pack(); } return stal; } @Override - public void setLocale(Locale locale) { + public void setLocale(Locale locale) { this.locale = locale; } } diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/Userdialog.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/Userdialog.properties deleted file mode 100644 index 9db6f100..00000000 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/Userdialog.properties +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2008 Federal Chancellery Austria and -# Graz University of Technology -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#------- Insert Card Dialog -------# -Insert.Header = Citizen Card Required -Insert.Button.Cancel = Cancel -Insert.Text = Please insert your Citizen Card! - - -#------- PIN Dialog -------# -Pin.Header = Please Enter PIN -Pin.Button.OK = OK -Pin.Button.Cancel = Cancel -Pin.Text.Retries = Please enter {0}.

{1} retries left. -Pin.Text.NoRetries = Please enter {0}. \ No newline at end of file diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/baseconfig.xml b/BKULocal/src/main/resources/at/gv/egiz/bku/local/baseconfig.xml deleted file mode 100644 index 792bbccc..00000000 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/baseconfig.xml +++ /dev/null @@ -1,38 +0,0 @@ - - - - - - ${sys:user.home}/.bku/conf/bkuconfig.xml - - - true - TLS - - - - \ No newline at end of file diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml new file mode 100644 index 00000000..586a8190 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml @@ -0,0 +1,96 @@ + + + + + + + + + + + allow + + confirm + + + + + + + + + anonymous + + allow + + confirm + + + anonymous + + Command + + + + + + + + certified + + IdentityLink + derived + + + allow + + confirm + + + anonymous + 127.0.0.1 + + IdentityLink + derived + + + allow + + confirm + + + anonymous + + IdentityLink + + + deny + + info + + + + allow + + + + + + diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-01a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-01a.cer new file mode 100644 index 00000000..f9fef65f Binary files /dev/null and b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-01a.cer differ diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-02a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-02a.cer new file mode 100644 index 00000000..36a442b8 Binary files /dev/null and b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-02a.cer differ diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-03a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-03a.cer new file mode 100644 index 00000000..ab9e0cd7 Binary files /dev/null and b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-03a.cer differ diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-01a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-01a.cer new file mode 100644 index 00000000..efa28178 Binary files /dev/null and b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-01a.cer differ diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-03.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-03.cer new file mode 100644 index 00000000..33e77636 Binary files /dev/null and b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-03.cer differ diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-SSL-03.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-SSL-03.cer new file mode 100644 index 00000000..ee859434 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-SSL-03.cer @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEdzCCA1+gAwIBAgIDAmU4MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA2MDgxNjIyMDAw +MFoXDTE2MDgxNjIyMDAwMFowgYcxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxFjAUBgNVBAsMDWEtc2lnbi1TU0wtMDMxFjAUBgNVBAMMDWEt +c2lnbi1TU0wtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMjPM6 +PqgdPBPV4Efudpytt2Y4GZJfjeRdZo5SCuULDvvL+23xxBWnR3scFvfE1ekHN/YK +k+2/qhU2B2ntoSNJSyDchNM8YPc9Lx67zZyhQTZgbBzh3IZAVb/hwuRRRV68JCBj +r3r6v7IbwjH5XcVISdB4szx0z93aAQyKW9QkV+tD5a1vWFETvdHsZeVmDzfqcdsG +AznPJw+9HrImCsswCWYUgPcFRkPNjj2r2NoyckVN781aWmNTAqJPf/Ckj9l9pUIt +Vjhy8XNJW4iVDBkkykBXcGSkIau0ypJrRjsD1jKqUTIRZ/y2HlyltmwWi8OuyBLd +LaHDbjc0b6JmqoivAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E +CgQIQD6h02K0A90wEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEG +MIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQv +b3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJl +dm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1 +dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAHKlnV3R9sbXojtONugyazkZCEzmC +nZF1Dz4cOL0vPzzvS8MVWtG43zAgVI1NT/0ETSWsXD3YfzRi+f+/CxrGn0gwZX2t +VGx+Z9w5ufiy1vuhxDUPmpos1TbJ4Wv3Une0E7iuHmNLg5qVlKeHWpcU8t1Y0nCt +eRz34Qm87AVAykta33XST1fYvGoPKsDtn3qx9ye/pcbDvWjPwmqF2UUoql+d5hmJ +Umgzwezqk4I+FS98BrnaPgC5UVFHg+yUjiUDLjYy7UvDZ5Led6kkLXuzVhQolLvr +KTrGp5k42PG2MMkw8f6GMF/6yePXgzFMCRN8ReR7J5Htv33SytLRmFRd8g== +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-03.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-03.cer new file mode 100644 index 00000000..7e67be95 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-03.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEgzCCA2ugAwIBAgIDAarsMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MTExMzIzMDAw +MFoXDTE1MTExMzIzMDAwMFowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1jb3Jwb3JhdGUtMDMxHDAaBgNV +BAMME2Etc2lnbi1jb3Jwb3JhdGUtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCp44qY+AiVXlcnHoKvch9s3ujoWFNktvcteIPwK7s0mb/uxTUW9UIF +Die9n3AbyTsJE6R3nZYSJVHHi+1DKD72/WEo/B5NOOtd6KUMfJgca1tDmcsIwhFn +82qkZrbNQwdIIdLe6+nDmjd9UBIaKv7yy1kq20jh09HOK3/bWhafVQE7EAgDfNrn +8f0JfnnF0EA/La5kkg878L22fh9lRzt8H21THqJPtK4/e9SttjrJnPhFk2/MjAGS +uaDufG6BV5Hnn7klR5qm5q32ypleLA6Zi4m9jRCVtPd4jRPYM40XpRkrJuFw+lxp +rejfEZt/SRh1eQXiXDUgtgX8OaIylH9pAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUw +AwEB/zARBgNVHQ4ECgQIQj75YZ1a5XIwEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYD +VR0PAQH/BAQDAgEGMIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFw +LmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9j +ZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2Vy +dGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEARu7e1SyBRjlA +g/thtFwtKQRvopTZKWj2LWpEdvPvwThOvf8Depnas+ly5af8r8YzsqJzfX3XWvhN +qOOI24g5FmXfCUTq/kbtaeTq/AqV94793IJfcilPnpMOEHMqXNDiRUoAgR/9EVj8 +mDVvL2lLlJzeAltqOD5Bi9QwguaD2/3/E5ymFnqkf1dnlXbo8AhcwPEzReNKn1eM +Ilg4FwP1bP0HUK3Fyz1UQ/Hncg+MS7c+SkjpNEd4sH7/GdxuQs5Sk7IRwot1+sbX +3CkkPhSqiUzig9raxJYrtbb2kyiUO8+d5HzRyoP4BNzsdZdPc0gDYweXg5qarHOQ +16IEOtBmKg== +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-01a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-01a.cer new file mode 100644 index 00000000..0c68e593 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-01a.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIEJjCCAw6gAwIBAgIDAOJEMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFUMRAwDgYDVQQK +EwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkwFwYDVQQDExBBLVRydXN0LW5R +dWFsLTAxMB4XDTA0MTEzMDIzMDAwMFoXDTA4MTEzMDIzMDAwMFowgZ8xCzAJBgNVBAYTAkFUMUgw +RgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0 +ZW52ZXJrZWhyIEdtYkgxIjAgBgNVBAsTGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDExIjAgBgNV +BAMTGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDGC65v8rni63DojEBriynPwRqNCp14/SkN5ROkTUGNvLSabfSJV4PKGLTzasPAaChwX0g/ +kebahFM3R7nIyeVx2YB8VRvC4I/spP/mCs5+6pf1N+6Kiq4NcswgNBBfqAteaQIylBMy6HDkjoXY +X/c+SxjyrqAkeZCK+SHMOraXCO1PZHWbYwleKXf4R2Z6ayEfJ2XWeVuqqon76WHp/POI0RADBchA +6Vm1ROzSAHz39bay1TZunQXSs3VQ9cE3uQPjN+80efmf0ZgNF0sXsDTssoZg2feTANSOkTGM1bMC +5xe1hWFL8MZNe4yZ+NSgFN2fofb8BPvyQAW0no2PNA6PAgMBAAGjgbMwgbAwDwYDVR0TAQH/BAUw +AwEB/zARBgNVHQ4ECgQITp5/1C/JHx8wEwYDVR0jBAwwCoAITlnOxwIyhzAwDgYDVR0PAQH/BAQD +AgEGMGUGA1UdHwReMFwwWqBYoFaGVGxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1u +UXVhbC0wMSxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0PzANBgkqhkiG +9w0BAQUFAAOCAQEAOtuz2GqnTibk/poCLrdYKpZSrLyfWFsJJpfBYA9HMasnfpJBCHgRHJud6DAO +xD900Vhmwy66D8dqsN3+fR8Bx8ZMKspnFN1B2Wz7LWOxMaKqP3JolJ/oVwzJRm0afcUMAfAumkc5 +Yqu0nC5qCF9zYY9YbJklh84uEzEg9j85kuRBHOCUc+5MVrnv7WPbirx6c95YFqXBQ0arA5QE9zYq +MDO8aUYPOWEHgtrVI+kMwELYHqLDX7i9VqsXhgFPeVz1wIV7s/i3budGeHMS6hjnyIc30FqM7CTY +fcvqVNZliErbjD1k1W1gMgvjLJowNvQC0W7K9/yoQhwTqtNMR4WZwA== +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-02a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-02a.cer new file mode 100644 index 00000000..c300891d --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-02a.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEizCCA3OgAwIBAgIDAOSoMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1 +YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa +Fw0xNDEyMTMyMzAwMDBaMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz +dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy +a2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIw +IAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAk6V4oEauvXgEICqgjTbGHaiDhBVo2nosX23osoKM +LTkkO/nOCgpdCYpLKgURxwrgHgVh9XT99yxhy6lDwt2rASajj0sQ1fY5BmWVyrXS +dQ78ISMPb73XaG4M8H7PJFcsVEo9n8veVQwnMY5mSWy0r1IO8n93Bjbmmi4Zt8oS +p9olWo5/8ByYW8S/AKZuQx+q+bFJv7geuApVjK2iVFe8yQqHhAgDsAsDlMvxDAQ/ +vhrGwHRv8N3sLsjirnbf5S2dGLDjASOMUFvwfLQd7gHH7PV37Xa+aQqa97eE6O4O +sIhcGRYhoLk/tWTBDapcgHJ0yTtrftuwORVteLUAy0gBNwIDAQABo4HhMIHeMA8G +A1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEkcWDpP6A0DMBMGA1UdIwQMMAqACEI9 +KySmwUXOMA4GA1UdDwEB/wQEAwIBBjCBkgYDVR0fBIGKMIGHMIGEoIGBoH+GfWxk +YXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1RdWFsLTAyLG89QS1UcnVz +dCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFzZT9vYmplY3RjbGFz +cz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQBH +opWG7LKmPBvuGjZnRV4KGKzzUYVuxSRS1E0VIUPbVLf5xW2r5uUpR8ud5EpiPrcw +k6K0dzu2Vb4ZbMIP+6J16S/0qvTp/3A/3q87+nJ+ot+IT8GZFJfSw18th2WmZdzR +ShbM6sgViPtGsFROCdWeiHl248w2+zG+09sf8Bu3UyvwLRAiiKaxuwVdQ9kc0TL3 +gvv+K5eisWWthQOX2IF2jGSEqoAVwfHhl7bc9Vt7XnJSpQFebHnsIVuV4Mv6w4ww +86hQPCLLvvV7wWDiBQ8l2FWneX0pNH3Wg+A1TRUoptc+pPDdpoP272MDm4fXyPKV +7QgIaIK+gXNUj2GGt1K9 +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-03.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-03.cer new file mode 100644 index 00000000..2251ca22 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-03.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgIDAartMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MTExMzIzMDAw +MFoXDTE1MTExMzIzMDAwMFowgZ8xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxIjAgBgNVBAsMGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDMx +IjAgBgNVBAMMGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDMwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC359oitbHkkEgdErRPeBdkcYRK2DLdxfcnn+SI +umSEYzWVscRTchPKSzb7f1a6EHPbB5WZsGJaUDX9KfTqsJNMo+7bASKk3gsLVxNZ +qY2t2G+y8HvREYYejDOIzjAkcBQrt+nvuBUlGYVJQjEuyAn18f2vG0Y3VNvZFGKn +PK8AVycUMk0Uw21RbK3vX5tbbPgQ/kcZkN4czi5VHepMvf6hAwwLoJj+KL9zxm8j +yPK88qCBKAjMNCpZKsEhyanw1CjYbVmHs45Q5W6FBtqDcS6Iq4mC6TtUPGtCTuoH +7/JLuhEp075ohp87v3fSlzeLJjBpkUDP9U8Tv7l2euD0t1UVAgMBAAGjgeMwgeAw +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIQZFpHL+t2JgwEwYDVR0jBAwwCoAI +RGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEGMIGUBgNVHR8EgYwwgYkwgYaggYOggYCG +fmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEt +VHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0 +Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOC +AQEADTRIaQtPwoPS6/TpyBhOw4wAHk/RM4gkLT76URPY2sUHihxqy+8qEElN+f5l +I61myCP3IFTClflcHVR1QCoMg0ZI5/EcQTI8Dgd5iQkXuVjh3wCj87Ka2Tu7d1K+ +i9VJ4BR/ph/qmPKR7Lx/PtATw/vWo4k2rbt5o1QwixZ7CPt+BF9xCaAC4uL0bB0M +9M3i9W2ePmqX6WIB3jMkT9FQC0KihPPfw/17KddNi4rFMMEiTyKvJTtTqDnIAwWW +TqsL1G7oxMMtnnYaKWMQ6gQiOiRzCY7efcAi/3YwUX6ULW5zxqapNs1vqEbSGsQE +l1eFl67HBZHYAPdoHGUnZF0KaQ== +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-01a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-01a.cer new file mode 100644 index 00000000..2d7f1a03 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-01a.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIEKDCCAxCgAwIBAgIDAOKKMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFUMRAwDgYDVQQK +EwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkwFwYDVQQDExBBLVRydXN0LW5R +dWFsLTAxMB4XDTA0MTIwNTIzMDAwMFoXDTA4MTEzMDIzMDAwMFowgaExCzAJBgNVBAYTAkFUMUgw +RgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0 +ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1jb3Jwb3JhdGUtbWVkaXVtLTAxMSMwIQYD +VQQDExphLXNpZ24tY29ycG9yYXRlLW1lZGl1bS0wMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANEbZyIMIXZYBjTj/+3TrNGssRKNNdTedQlWB3vJQWLzeG89Kzmhy1WDX8IqDrMtvpXH +5w6urK3ZT7HGu2Jldrib8rkEOdE9+uNGRtkP8Kuz//CvdXCbIDvBLqgvWn9a3Sl/rUicPqKwcEcN +bP2Q0iU6NvvALmoqs93PymfTZlkGOwzUe+O88huXkauGWT/DkJd4JYDNJ0wlaGrJa+OorT4Izk1J +EipqqedUjsAj4Gq3SKrZKG/H/CkoH9uWTzrzFgg8zQhCES4AClo84XVk//EIv3ABDw4hr+lqV1nF +eXch9o4mLIe5u045471YLJLmyuCPDopb8U2VUoyldpMx+Y8CAwEAAaOBszCBsDAPBgNVHRMBAf8E +BTADAQH/MBEGA1UdDgQKBAhOuHKxmCmfZDATBgNVHSMEDDAKgAhOWc7HAjKHMDAOBgNVHQ8BAf8E +BAMCAQYwZQYDVR0fBF4wXDBaoFigVoZUbGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1BLVRydXN0 +LW5RdWFsLTAxLG89QS1UcnVzdCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/MA0GCSqG +SIb3DQEBBQUAA4IBAQDaukYSeJVxWAh8QShqGqA6Plp9aXCTzwl9hE2gb+/xGPASo+NVQi/sUa0+ +bx29oSJaW6lKzdHQLAx4dwW9XTpJ+0mebB4fQfYHH0lGc1O4au/4O9k+C3SrD6x4WeY9k/SpUFu1 +qjzH+tjta81UWtU7Jve1BhckNwdOFx7cR8fdW+pUQSDV9XnPJfyb+gb9KWhvX+XAbgJoXW1HjJOO +P5sx6mFhMb3UqAfKQVoAuGbl4+uxIThBTqpICkaaD8WLdukqQjomUMDRbWIf6SblPuOEpPi1G/WM +qkTkpqX77Wkj08QY/yj5DDrsYJ5NymnWvu7jcoxCFCKvEQ8Q4g7AYKnG +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-02a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-02a.cer new file mode 100644 index 00000000..194d4d7c --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-02a.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEjTCCA3WgAwIBAgIDAOSpMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1 +YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa +Fw0xNDEyMTMyMzAwMDBaMIGhMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz +dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy +a2VociBHbWJIMSMwIQYDVQQLDBphLXNpZ24tY29ycG9yYXRlLW1lZGl1bS0wMjEj +MCEGA1UEAwwaYS1zaWduLWNvcnBvcmF0ZS1tZWRpdW0tMDIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCuaTBb6rHd5JZqAdvpmGIl5ne0Hg6GbpJvBeCI +U6l9Rs8ebMY6aIS++qJOE9rnJHdfZNzLzduuoWEzEuwm9a/azQThM+eT+xlG/Vcf +NuOQTTjAuXHLvYQ7WxSrBIT/kmAyqJgq/DEPvdX4jmCtVkuZ1gbxYIChLOVBWkVC +FCK49BuXECtNy5fzK/GyfouZOVoQgiQ1YfecqzibcwO0t+f68Pvp/s6HESAH5tXY +PdENDw4c/W/qKaeR87jPq98AJ8Lr4bmjWLjK8/ITtGglnJy8osFz22oR7f6fbWl6 +5LdhJ3giM68WEabQcZkw8cx3RDOzbnL2Kn+PVNHHyp3Wh849AgMBAAGjgeEwgd4w +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISoLnpz/+q98wEwYDVR0jBAwwCoAI +Qj0rJKbBRc4wDgYDVR0PAQH/BAQDAgEGMIGSBgNVHR8EgYowgYcwgYSggYGgf4Z9 +bGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1BLVRydXN0LVF1YWwtMDIsbz1BLVRy +dXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdD9iYXNlP29iamVjdGNs +YXNzPWVpZENlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggEB +ABqg1oRs/TZ0hJLJRV/xJglFzgn2fDAXeoVvWnAE09F1d0n+ZorKAKbMfiZ2CuKs +M0AhU23/5zM90DdrtYWXpa+P8ONALZtHJIqGfVuRKYJq7jY5TpE3yRkTcrp47smp +WqTwUgG+0aBeU9m+ZtGUFOsBkq+MudD8IZGc7VcLd1n4ltND9ITjX20hu01ju56c +YC69vFa5hmIccXg/Q3dGEV5Amx8MTQJluG3QvqBOY74yrAFICvK1zsvu+vOGvJQj +i+PxKlbQdehrV82VDxyfSjpEUADWMGRfE5vg4YBGgfRosh4w7a6ThD2LMLFPmIhy +P6+VGUBCm2tMDDOo9DVkXFs= +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties new file mode 100644 index 00000000..93796a7e --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties @@ -0,0 +1,53 @@ +# +# Copyright 2008 Federal Chancellery Austria and +# Graz University of Technology +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + + +# Configuration for online CCE + +# security manager configuration +AccessController.acceptUnmatched=false +AccessController.policyResource=classpath:at/gv/egiz/bku/local/conf/accessControlConfig.xml + +# ------------BEGIN SSL Config -------------------- +# SSL configuration for connections to external +# resources (e.g. data urls) + +# directory where certificates for +# chain constructions can be placed +SSL.certDirectory=classpath:at/gv/egiz/bku/local/conf/certs/certStore + +# a LDAP repository +SSL.ldapServer= +SSL.ldapPort=389 + +# Directory where trusted CA +# certificates are placed +SSL.caDirectory=classpath:at/gv/egiz/bku/local/conf/certs/CACerts + +SSL.doRevocationChecking=true +SSL.sslProtocol=TLS + +SSL.cache.lifetime=3600 +# use authority info access extension to find ca certs. +SSL.useAIA=true + +# ------------ END SSL Config -------------------- + +ValidateHashDataInputs=true + + + diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/logo.png b/BKULocal/src/main/resources/at/gv/egiz/bku/local/logo.png deleted file mode 100644 index eee4be4f..00000000 Binary files a/BKULocal/src/main/resources/at/gv/egiz/bku/local/logo.png and /dev/null differ diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/truststore.jks b/BKULocal/src/main/resources/at/gv/egiz/bku/local/truststore.jks deleted file mode 100644 index c773f037..00000000 Binary files a/BKULocal/src/main/resources/at/gv/egiz/bku/local/truststore.jks and /dev/null differ diff --git a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml index c0ffc927..c6a5088a 100644 --- a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml @@ -20,7 +20,7 @@ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd"> - + @@ -37,33 +37,21 @@ - - + + + + + + - - - - - - - - - - - - - - - - - - - 1 - - + + + + + + \ No newline at end of file diff --git a/BKULocal/src/test/java/ConfigTest.java b/BKULocal/src/test/java/ConfigTest.java deleted file mode 100644 index 558d1c47..00000000 --- a/BKULocal/src/test/java/ConfigTest.java +++ /dev/null @@ -1,49 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -import java.net.URL; - -import org.apache.commons.configuration.Configuration; -import org.apache.commons.configuration.ConfigurationException; -import org.apache.commons.configuration.ConfigurationFactory; -import org.junit.Ignore; - -@Ignore -public class ConfigTest { - - - private void testConfig() throws ConfigurationException { - ConfigurationFactory factory = new ConfigurationFactory(); - URL configURL = getClass().getResource("/config.xml"); - factory.setConfigurationURL(configURL); - Configuration config = factory.getConfiguration(); - System.out.println("-------->: "+config.getInt("hans")); - } - - /** - * @param args - */ - public static void main(String[] args) { - ConfigTest ct = new ConfigTest(); - try { - ct.testConfig(); - } catch (ConfigurationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - -} diff --git a/BKULocal/src/test/java/JustASandbox.java b/BKULocal/src/test/java/JustASandbox.java deleted file mode 100644 index b151df92..00000000 --- a/BKULocal/src/test/java/JustASandbox.java +++ /dev/null @@ -1,78 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -import java.io.ByteArrayOutputStream; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.net.URL; -import java.util.ArrayList; -import java.util.List; - -import javax.net.ssl.HttpsURLConnection; - -import org.junit.Ignore; - -import at.gv.egiz.bku.local.conf.Configurator; -import at.gv.egiz.bku.local.stal.SMCCSTALFactory; -import at.gv.egiz.bku.utils.StreamUtil; -import at.gv.egiz.stal.InfoboxReadRequest; -import at.gv.egiz.stal.STAL; -import at.gv.egiz.stal.STALRequest; -import at.gv.egiz.stal.STALResponse; -import at.gv.egiz.stal.SignRequest; -import at.gv.egiz.stal.SignResponse; - -@Ignore -public class JustASandbox { - - /** - * @param args - * @throws IOException - */ - public static void main(String[] args) throws IOException { - - Configurator cfg = new Configurator(); - URL url = new URL("https://demo.egiz.gv.at"); - HttpsURLConnection uc = (HttpsURLConnection) url.openConnection(); - uc.connect(); - System.exit(-1); - - InfoboxReadRequest req = new InfoboxReadRequest(); - req.setInfoboxIdentifier("SecureSignatureKeypair"); - - ByteArrayOutputStream os = new ByteArrayOutputStream(); - InputStream is = JustASandbox.class.getClassLoader().getResourceAsStream("at/gv/egiz/bku/local/stal/sigInfo.xml"); - StreamUtil.copyStream(is, os); - SignRequest sr = new SignRequest(); - sr.setSignedInfo(os.toByteArray()); - sr.setKeyIdentifier("SecureSignatureKeypair"); //os.toByteArray(), "SecureSignatureKeypair", null); - STAL stal = (new SMCCSTALFactory()).createSTAL(); - - List reqList = new ArrayList(2); - reqList.add(req); - reqList.add(sr); - - List resp = stal.handleRequest(reqList); - System.out.println(resp.get(0)); - System.out.println(resp.get(1)); - FileOutputStream fos = new FileOutputStream("c:/tmp/seq_now.der"); - SignResponse sir = (SignResponse) resp.get(1); - fos.write(sir.getSignatureValue()); - fos.close(); - } - -} -- cgit v1.2.3