Merge branch 'master' into moa-sig-dependency-fixup

7 files changed, 81 insertions, 21 deletions

diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java
index b0949cd3..dfcaaf5a 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java
@@ -183,7 +183,7 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl
 		//String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS);		
 		final String spSpecificVDAEndpoints = null;
 		
-		final Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
+		final Map<String, String> endPointMap = authConfig.getBasicConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
 		if (StringUtils.isNotEmpty(spSpecificVDAEndpoints)) {
 			endPointMap.putAll(KeyValueUtils.convertListToMap(
 							KeyValueUtils.getListOfCSVValues(
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java
index a377a4c0..5abbd543 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java
@@ -100,10 +100,10 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask
 				//validate signature
 				final VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(
 						sl20ReqObj, joseTools, 
-						authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
+						authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
 				
 				if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) {
-					if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
+					if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
 						log.info("SL20 result from VDA was not valid signed");
 						throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."});
 				
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java
new file mode 100644
index 00000000..9548d96b
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java
@@ -0,0 +1,20 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data;
+
+import java.io.InputStream;
+import java.util.Map;
+
+/**
+ * Inject additional XML schemes into MOA-Sig
+ * 
+ * @author tlenz
+ *
+ */
+public interface ISchemaRessourceProvider {
+
+	/**
+	 * Get a Map of additional XML schemes that should be injected into MOA-Sig 
+	 * 
+	 * @return A Set of {@link Entry} consist of Name of the Scheme and XML scheme as {@link InputStream}  
+	 */
+	public Map<String, InputStream> getSchemas();
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java
index fe99e328..d796c165 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java
@@ -1,7 +1,11 @@
 package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl;
 
+import java.io.IOException;
+import java.io.InputStream;
 import java.security.Provider;
 import java.security.Security;
+import java.util.Iterator;
+import java.util.Map.Entry;
 
 import javax.annotation.PostConstruct;
 import javax.xml.parsers.DocumentBuilder;
@@ -10,13 +14,16 @@ import javax.xml.parsers.ParserConfigurationException;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.w3c.dom.Document;
 
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ISchemaRessourceProvider;
 import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceConfigurationException;
 import at.gv.egovernment.moa.spss.MOAException;
 import at.gv.egovernment.moa.spss.api.Configurator;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
+import at.gv.egovernment.moaspss.util.DOMUtils;
 import iaik.asn1.structures.AlgorithmID;
 import iaik.security.ec.provider.ECCelerate;
 import iaik.security.provider.IAIK;
@@ -25,6 +32,7 @@ public abstract class AbstractSignatureService {
 	private static final Logger log = LoggerFactory.getLogger(AbstractSignatureService.class);
 	private static boolean isMOASigInitialized = false;
 	
+	@Autowired(required=false) ISchemaRessourceProvider[] schemas;
 	
 	@PostConstruct
 	private synchronized void initialize() throws MOASigServiceConfigurationException {
@@ -66,6 +74,30 @@ public abstract class AbstractSignatureService {
 	        	
 	        }
 	        
+	        
+	        //Inject additional XML schemes
+	        if (schemas != null && schemas.length > 0) {
+	        	log.debug("Infjecting additional XML schemes ... ");
+	        	for (final ISchemaRessourceProvider el : schemas) {
+	        		final Iterator<Entry<String, InputStream>> xmlSchemeIt = el.getSchemas().entrySet().iterator();
+	        		while (xmlSchemeIt.hasNext()) {
+						final Entry<String, InputStream> xmlDef = xmlSchemeIt.next();
+						try {
+							DOMUtils.addSchemaToPool(xmlDef.getValue(), xmlDef.getKey());
+							log.info("Inject XML scheme: {}", xmlDef.getKey());
+							
+						} catch (final IOException e) {
+							log.warn("Can NOT inject XML scheme: " + xmlDef.getKey(), e);
+							
+						}
+						
+					}	        			        		
+	        	}
+	        	
+	        } else
+	        	log.trace("No additional XML schemes to inject. Skip this feature");
+	        
+	        
 	        isMOASigInitialized = true;
 	        
 		} else
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
index 1608490d..ca20ce0f 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
@@ -221,12 +221,12 @@ public class SignatureVerificationService extends AbstractSignatureService imple
 			verifySignatureLocationElem.appendChild(signatureLocation);      
 	      
 			// signature manifest params
-			final Element signatureManifestCheckParamsElem = requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
-			requestElem_.appendChild(signatureManifestCheckParamsElem);
-			signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+			if (verifyTransformsInfoProfileID != null && !verifyTransformsInfoProfileID.isEmpty()) {				
+				final Element signatureManifestCheckParamsElem = requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+				requestElem_.appendChild(signatureManifestCheckParamsElem);
+				signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
 
-			//verify transformations
-			if (verifyTransformsInfoProfileID != null && !verifyTransformsInfoProfileID.isEmpty()) {
+				//verify transformations			
 				final Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
 				signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
 				for (final String element : verifyTransformsInfoProfileID) {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
index e5cc555a..ae942318 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
@@ -62,6 +62,11 @@
 	    <artifactId>xmlsec</artifactId>
   	</dependency>
   	<dependency>
+    	<groupId>org.bouncycastle</groupId>
+    	<artifactId>bcprov-jdk15on</artifactId>
+	</dependency>
+  	
+  	<dependency>
     	<groupId>org.owasp.esapi</groupId>
     	<artifactId>esapi</artifactId>
 	</dependency>  	
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
index 4ec7cf99..cbbed659 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
@@ -90,31 +90,32 @@ public class AuthenticationAction implements IAction {
 		
 	}
 		
+	@Override
 	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp, IAuthData authData) throws ResponderErrorException {		
-		PVPSProfilePendingRequest pvpRequest = (PVPSProfilePendingRequest) req;
+		final PVPSProfilePendingRequest pvpRequest = (PVPSProfilePendingRequest) req;
 		try {
 			//get basic information 
-			PVPSProfileRequest moaRequest = (PVPSProfileRequest) pvpRequest.getRequest();
-			AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
-			EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);		
+			final PVPSProfileRequest moaRequest = (PVPSProfileRequest) pvpRequest.getRequest();
+			final AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
+			final EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);		
 		
-			AssertionConsumerService consumerService = 
+			final AssertionConsumerService consumerService = 
 					SAML2Utils.createSAMLObject(AssertionConsumerService.class);
 			consumerService.setBinding(pvpRequest.getBinding());
 			consumerService.setLocation(pvpRequest.getConsumerURL());
 				
-			DateTime date = new DateTime();		 
-			SLOInformationImpl sloInformation = new SLOInformationImpl();
-			String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pvpRequest.getAuthURL());
+			final DateTime date = new DateTime();		 
+			final SLOInformationImpl sloInformation = new SLOInformationImpl();
+			final String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pvpRequest.getAuthURL());
 		
 			//build Assertion
-			Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, 
+			final Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, 
 					peerEntity, date, consumerService, sloInformation);
 		
-			Response authResponse = AuthResponseBuilder.buildResponse(
+			final Response authResponse = AuthResponseBuilder.buildResponse(
 					metadataProvider, issuerEntityID, authnRequest, 
-					date, assertion, authConfig.getBasicMOAIDConfigurationBoolean(
+					date, assertion, authConfig.getBasicConfigurationBoolean(
 							CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION, true));
 							
 			IEncoder binding = null;
@@ -148,11 +149,11 @@ public class AuthenticationAction implements IAction {
 			 log.warn("Message Encoding exception", e);
 			throw new ResponderErrorException("pvp2.01", null, e);
 			
-		} catch (EAAFException e) {
+		} catch (final EAAFException e) {
 			 log.info("Response generation error: Msg: ", e.getMessage());
 			throw new ResponderErrorException(e.getErrorId(), e.getParams(), e);
 					
-		} catch (Exception e) {
+		} catch (final Exception e) {
 			 log.warn("Response generation error", e);
 			throw new ResponderErrorException("pvp2.01", null, e);
 			
@@ -160,11 +161,13 @@ public class AuthenticationAction implements IAction {
 		
 	}
 
+	@Override
 	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp) {
 		return true;
 	}
 
+	@Override
 	public String getDefaultActionName() {
 		return "PVPAuthenticationRequestAction";