From bee5dd259a4438d45ecd1bcc26dfba12875236d6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 26 Jun 2018 11:03:48 +0200 Subject: initial commit --- .gitignore | 12 + eaaf_core/pom.xml | 133 +++ .../gv/egiz/eaaf/core/api/IDestroyableObject.java | 16 + .../eaaf/core/api/IGarbageCollectorProcessing.java | 16 + .../eaaf/core/api/IPostStartupInitializable.java | 21 + .../java/at/gv/egiz/eaaf/core/api/IRequest.java | 234 ++++ .../at/gv/egiz/eaaf/core/api/IRequestStorage.java | 40 + .../at/gv/egiz/eaaf/core/api/IStatusMessager.java | 49 + .../eaaf/core/api/data/EAAFConfigConstants.java | 8 + .../gv/egiz/eaaf/core/api/data/EAAFConstants.java | 42 + .../eaaf/core/api/data/ExceptionContainer.java | 74 ++ .../egiz/eaaf/core/api/data/ILoALevelMapper.java | 22 + .../core/api/data/PVPAttributeDefinitions.java | 251 ++++ .../eaaf/core/api/data/XMLNamespaceConstants.java | 474 ++++++++ .../core/api/gui/IGUIBuilderConfiguration.java | 54 + .../api/gui/IGUIBuilderConfigurationFactory.java | 30 + .../gv/egiz/eaaf/core/api/gui/IGUIFormBuilder.java | 70 ++ .../api/gui/ModifyableGuiBuilderConfiguration.java | 25 + .../core/api/idp/EAAFAuthProcessDataConstants.java | 21 + .../java/at/gv/egiz/eaaf/core/api/idp/IAction.java | 43 + .../egiz/eaaf/core/api/idp/IAttributeBuilder.java | 32 + .../eaaf/core/api/idp/IAttributeGenerator.java | 39 + .../at/gv/egiz/eaaf/core/api/idp/IAuthData.java | 198 ++++ .../core/api/idp/IAuthenticationDataBuilder.java | 14 + .../gv/egiz/eaaf/core/api/idp/IConfiguration.java | 108 ++ .../at/gv/egiz/eaaf/core/api/idp/IModulInfo.java | 75 ++ .../eaaf/core/api/idp/IPVPAttributeBuilder.java | 9 + .../egiz/eaaf/core/api/idp/ISPConfiguration.java | 131 +++ .../core/api/idp/auth/IAuthenticationManager.java | 72 ++ .../egiz/eaaf/core/api/idp/auth/ISSOManager.java | 92 ++ .../idp/auth/data/IAuthProcessDataContainer.java | 144 +++ .../eaaf/core/api/idp/auth/data/IIdentityLink.java | 155 +++ .../eaaf/core/api/idp/auth/modules/AuthModule.java | 44 + .../core/api/idp/process/ExecutionContext.java | 65 + .../idp/process/ExpressionEvaluationContext.java | 25 + .../core/api/idp/process/ExpressionEvaluator.java | 27 + .../eaaf/core/api/idp/process/ProcessEngine.java | 114 ++ .../api/idp/process/ProcessInstanceStoreDAO.java | 47 + .../at/gv/egiz/eaaf/core/api/idp/process/Task.java | 28 + .../core/api/idp/slo/ISLOInformationContainer.java | 68 ++ .../core/api/idp/slo/SLOInformationInterface.java | 80 ++ .../eaaf/core/api/logging/IRevisionLogger.java | 38 + .../eaaf/core/api/logging/IStatisticLogger.java | 20 + .../eaaf/core/api/storage/ITransactionStorage.java | 114 ++ .../core/exceptions/AttributeBuilderException.java | 13 + .../core/exceptions/AttributePolicyException.java | 20 + .../exceptions/AuthnRequestValidatorException.java | 49 + .../exceptions/EAAFAuthenticationException.java | 21 + .../eaaf/core/exceptions/EAAFBuilderException.java | 20 + .../exceptions/EAAFConfigurationException.java | 20 + .../egiz/eaaf/core/exceptions/EAAFException.java | 45 + .../eaaf/core/exceptions/EAAFIDPException.java | 17 + .../core/exceptions/EAAFIllegalStateException.java | 15 + .../eaaf/core/exceptions/EAAFParserException.java | 20 + .../core/exceptions/EAAFProtocolException.java | 26 + .../eaaf/core/exceptions/EAAFSSOException.java | 17 + .../eaaf/core/exceptions/EAAFStorageException.java | 18 + .../eaaf/core/exceptions/GUIBuildException.java | 26 + .../InvalidDateFormatAttributeException.java | 15 + .../InvalidProtocolRequestException.java | 23 + .../NoPassivAuthenticationException.java | 18 + .../core/exceptions/ProcessExecutionException.java | 38 + .../exceptions/ProtocolNotActiveException.java | 20 + .../gv/egiz/eaaf/core/exceptions/SLOException.java | 21 + .../core/exceptions/TaskExecutionException.java | 55 + .../exceptions/UnavailableAttributeException.java | 22 + .../egiz/eaaf/core/exceptions/XPathException.java | 68 ++ .../java/at/gv/egiz/eaaf/core/impl/data/Pair.java | 25 + .../eaaf/core/impl/data/SLOInformationImpl.java | 167 +++ .../at/gv/egiz/eaaf/core/impl/data/Trible.java | 31 + .../gui/AbstractGUIFormBuilderConfiguration.java | 90 ++ .../core/impl/gui/AbstractGUIFormBuilderImpl.java | 192 +++ .../core/impl/gui/velocity/VelocityLogAdapter.java | 81 ++ .../core/impl/gui/velocity/VelocityProvider.java | 121 ++ .../eaaf/core/impl/idp/AuthenticationData.java | 416 +++++++ .../impl/idp/EAAFCoreSpringResourceProvider.java | 30 + .../idp/auth/AbstractAuthenticationManager.java | 341 ++++++ .../eaaf/core/impl/idp/auth/RequestStorage.java | 119 ++ .../builder/AbstractAuthenticationDataBuilder.java | 467 ++++++++ .../core/impl/idp/auth/builder/BPKBuilder.java | 302 +++++ .../impl/idp/auth/data/AuthProcessDataWrapper.java | 219 ++++ .../eaaf/core/impl/idp/auth/data/IdentityLink.java | 312 +++++ .../data/SimpleIdentityLinkAssertionParser.java | 326 +++++ .../idp/auth/modules/AbstractAuthServletTask.java | 220 ++++ .../impl/idp/auth/modules/ModuleRegistration.java | 151 +++ .../builder/attributes/BPKAttributeBuilder.java | 55 + .../attributes/BirthdateAttributeBuilder.java | 40 + .../builder/attributes/EIDIdentityLinkBuilder.java | 54 + .../EIDIssuingNationAttributeBuilder.java | 35 + .../attributes/EIDSectorForIDAttributeBuilder.java | 36 + .../impl/idp/builder/attributes/EIDSourcePIN.java | 39 + .../idp/builder/attributes/EIDSourcePINType.java | 33 + .../EIDeIDASQAALevelAttributeBuilder.java | 31 + .../attributes/GivenNameAttributeBuilder.java | 26 + .../attributes/PVPVersionAttributeBuilder.java | 26 + .../attributes/PrincipalNameAttributeBuilder.java | 26 + .../impl/idp/conf/AbstractConfigurationImpl.java | 185 +++ .../core/impl/idp/conf/SPConfigurationImpl.java | 163 +++ .../AbstractAuthProtocolModulController.java | 225 ++++ .../impl/idp/controller/AbstractController.java | 354 ++++++ .../AbstractProcessEngineSignalController.java | 97 ++ .../controller/ProtocolFinalizationController.java | 178 +++ .../impl/idp/controller/protocols/RequestImpl.java | 386 ++++++ .../tasks/FinalizeAuthenticationTask.java | 57 + .../tasks/RestartAuthProzessManagement.java | 92 ++ .../impl/idp/process/ExecutionContextImpl.java | 81 ++ .../process/ExpressionEvaluationContextImpl.java | 46 + .../impl/idp/process/ProcessDefinitionParser.java | 226 ++++ .../process/ProcessDefinitionParserException.java | 37 + .../core/impl/idp/process/ProcessEngineImpl.java | 424 +++++++ .../core/impl/idp/process/ProcessInstance.java | 166 +++ .../impl/idp/process/ProcessInstanceState.java | 32 + .../impl/idp/process/dao/ProcessInstanceStore.java | 75 ++ .../process/dao/ProcessInstanceStoreDAOImpl.java | 73 ++ .../eaaf/core/impl/idp/process/model/EndEvent.java | 44 + .../impl/idp/process/model/ProcessDefinition.java | 160 +++ .../core/impl/idp/process/model/ProcessNode.java | 71 ++ .../core/impl/idp/process/model/StartEvent.java | 47 + .../eaaf/core/impl/idp/process/model/TaskInfo.java | 96 ++ .../core/impl/idp/process/model/Transition.java | 138 +++ .../process/spring/SpringExpressionEvaluator.java | 63 + .../springweb/AbstractAuthSourceServlet.java | 118 ++ .../impl/idp/process/springweb/AbstractTask.java | 101 ++ .../springweb/SpringWebExpressionEvaluator.java | 145 +++ .../idp/process/support/SecureRandomHolder.java | 37 + .../core/impl/logging/DummyRevisionsLogger.java | 52 + .../core/impl/logging/DummyStatisticLogger.java | 43 + .../at/gv/egiz/eaaf/core/impl/utils/DOMUtils.java | 1243 ++++++++++++++++++++ .../egiz/eaaf/core/impl/utils/DataURLBuilder.java | 113 ++ .../core/impl/utils/EAAFDomEntityResolver.java | 104 ++ .../at/gv/egiz/eaaf/core/impl/utils/FileUtils.java | 142 +++ .../at/gv/egiz/eaaf/core/impl/utils/HTTPUtils.java | 178 +++ .../egiz/eaaf/core/impl/utils/KeyStoreUtils.java | 175 +++ .../egiz/eaaf/core/impl/utils/KeyValueUtils.java | 319 +++++ .../eaaf/core/impl/utils/NodeIteratorAdapter.java | 89 ++ .../egiz/eaaf/core/impl/utils/NodeListAdapter.java | 46 + .../at/gv/egiz/eaaf/core/impl/utils/Random.java | 205 ++++ .../gv/egiz/eaaf/core/impl/utils/ServletUtils.java | 69 ++ .../gv/egiz/eaaf/core/impl/utils/StreamUtils.java | 177 +++ .../eaaf/core/impl/utils/TransactionIDUtils.java | 85 ++ .../gv/egiz/eaaf/core/impl/utils/XPathUtils.java | 523 ++++++++ ...iz.components.spring.api.SpringResourceProvider | 1 + .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 11 + eaaf_core/src/main/resources/eaaf_core.beans.xml | 40 + .../main/resources/process/ProcessDefinition.xsd | 53 + eaaf_core/src/main/resources/schemas/Core-1.2.xsd | 881 ++++++++++++++ .../src/main/resources/schemas/Core.20020225.xsd | 399 +++++++ .../src/main/resources/schemas/Core.20020831.xsd | 153 +++ .../resources/schemas/ECDSAKeyValue.ancient.xsd | 122 ++ .../main/resources/schemas/ECDSAKeyValue.wrong.xsd | 122 ++ .../src/main/resources/schemas/ECDSAKeyValue.xsd | 122 ++ .../resources/schemas/MOA-ID-Configuration-1.2.xsd | 350 ++++++ .../resources/schemas/MOA-ID-Configuration-1.3.xsd | 424 +++++++ .../schemas/MOA-ID-Configuration-1.4.2.xsd | 616 ++++++++++ .../schemas/MOA-ID-Configuration-1.4.3.xsd | 612 ++++++++++ .../schemas/MOA-ID-Configuration-1.4.7.xsd | 625 ++++++++++ .../resources/schemas/MOA-ID-Configuration-1.4.xsd | 505 ++++++++ .../schemas/MOA-ID-Configuration-1.5.0.xsd | 665 +++++++++++ .../schemas/MOA-ID-Configuration-1.5.1.xsd | 659 +++++++++++ .../schemas/MOA-ID-Configuration-1.5.2.xsd | 757 ++++++++++++ .../src/main/resources/schemas/MOA-SPSS-1.3.xsd | 469 ++++++++ .../src/main/resources/schemas/MOA-SPSS-1.4.7.xsd | 471 ++++++++ .../src/main/resources/schemas/MOA-SPSS-2.0.0.xsd | 572 +++++++++ .../main/resources/schemas/MOA-SPSS-config-1.3.xsd | 253 ++++ .../resources/schemas/MOA-SPSS-config-1.4.3.xsd | 312 +++++ .../resources/schemas/MOA-SPSS-config-1.4.5.xsd | 268 +++++ .../resources/schemas/MOA-SPSS-config-1.4.7.xsd | 268 +++++ .../resources/schemas/MOA-SPSS-config-1.5.1.xsd | 282 +++++ .../resources/schemas/MOA-SPSS-config-2.0.0.xsd | 353 ++++++ .../src/main/resources/schemas/MOAIdentities.xsd | 51 + .../src/main/resources/schemas/PersonData.xsd | 426 +++++++ .../resources/schemas/PersonData_20_en_moaWID.xsd | 1229 +++++++++++++++++++ .../src/main/resources/schemas/PersonName-1_2.xsd | 115 ++ .../main/resources/schemas/PostalAddress-1_2.xsd | 95 ++ .../main/resources/schemas/TelcomNumber-1_0.xsd | 89 ++ .../src/main/resources/schemas/XAdES-1.1.1.xsd | 545 +++++++++ .../src/main/resources/schemas/XAdES-1.2.2.xsd | 551 +++++++++ .../src/main/resources/schemas/XAdES-1.3.2.xsd | 466 ++++++++ .../src/main/resources/schemas/XAdES-1.4.1.xsd | 15 + .../main/resources/schemas/XMLSchema-instance.xsd | 37 + eaaf_core/src/main/resources/schemas/XMLSchema.dtd | 402 +++++++ .../schemas/cs-sstc-schema-assertion-01.xsd | 194 +++ .../schemas/cs-sstc-schema-protocol-01.xsd | 127 ++ eaaf_core/src/main/resources/schemas/datatypes.dtd | 203 ++++ .../resources/schemas/eIDAS_saml_extensions.xsd | 31 + .../schemas/exclusive-canonicalization.xsd | 22 + .../schemas/saml-schema-assertion-2.0.xsd | 290 +++++ .../resources/schemas/saml-schema-metadata-2.0.xsd | 323 +++++ .../resources/schemas/saml-schema-protocol-2.0.xsd | 306 +++++ .../main/resources/schemas/sstc-metadata-attr.xsd | 35 + .../schemas/stork-schema-assertion-1.0.xsd | 80 ++ .../schemas/stork-schema-protocol-1.0.xsd | 73 ++ .../ts_102231v030102_additionaltypes_xsd.xsd | 35 + .../resources/schemas/ts_102231v030102_sie_xsd.xsd | 81 ++ .../resources/schemas/ts_102231v030102_xsd.xsd | 331 ++++++ .../ts_119612v010201_additionaltypes_xsd.xsd | 35 + .../resources/schemas/ts_119612v010201_sie_xsd.xsd | 81 ++ .../resources/schemas/ts_119612v010201_xsd.xsd | 337 ++++++ .../src/main/resources/schemas/xenc-schema.xsd | 150 +++ eaaf_core/src/main/resources/schemas/xml.xsd | 83 ++ .../main/resources/schemas/xmldsig-core-schema.xsd | 264 +++++ .../src/main/resources/schemas/xmldsig-filter2.xsd | 38 + .../core/impl/idp/module/test/TestRequestImpl.java | 257 ++++ .../spring/test/DummyTransactionStorage.java | 165 +++ .../spring/test/ExpressionContextAdapter.java | 54 + .../impl/idp/process/spring/test/SimplePojo.java | 43 + .../SpringExpressionAwareProcessEngineTest.java | 153 +++ .../spring/test/SpringExpressionEvaluatorTest.java | 56 + .../spring/test/task/CreateSAML1AssertionTask.java | 63 + .../spring/test/task/GetIdentityLinkTask.java | 60 + .../process/spring/test/task/SelectBKUTask.java | 39 + .../spring/test/task/SignAuthBlockTask.java | 62 + .../spring/test/task/ValidateIdentityLinkTask.java | 48 + .../test/task/ValidateSignedAuthBlockTask.java | 53 + .../test/BooleanStringExpressionEvaluator.java | 26 + .../core/impl/idp/process/test/HalloWeltTask.java | 26 + .../core/impl/idp/process/test/HelloWorldTask.java | 26 + .../process/test/ProcessDefinitionParserTest.java | 139 +++ .../impl/idp/process/test/ProcessEngineTest.java | 145 +++ eaaf_core/src/test/resources/log4j.xml | 16 + .../hibernate.configuration.test.properties | 12 + ...mpleProcessDefinitionForSAML1Authentication.xml | 58 + .../SampleProcessDefinitionWithExpression1.xml | 19 + ...ingExpressionAwareProcessEngineTest-context.xml | 48 + .../test/SpringExpressionEvaluatorTest-context.xml | 14 + .../test/task/IdentityLink_Max_Mustermann.xml | 52 + .../process/spring/test/task/SAML1Assertion.xml | 487 ++++++++ .../process/spring/test/task/SignedAuthBlock.xml | 179 +++ ...nvalidProcessDefinition_MultipleStartEvents.xml | 22 + .../InvalidProcessDefinition_NoStartEvents.xml | 16 + .../InvalidProcessDefinition_TransitionLoop.xml | 21 + ...dProcessDefinition_TransitionRefsTransition.xml | 19 + ...cessDefinition_TransitionStartsFromEndEvent.xml | 19 + .../process/test/SampleProcessDefinition1.xml | 18 + .../process/test/SampleProcessDefinition2.xml | 21 + eaaf_modules/eaaf_module_pvp2_core/pom.xml | 94 ++ .../PVP2SProfileCoreSpringResourceProvider.java | 30 + .../at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java | 107 ++ .../egiz/eaaf/modules/pvp2/PVPEventConstants.java | 11 + .../modules/pvp2/api/IPVP2BasicConfiguration.java | 26 + .../eaaf/modules/pvp2/api/binding/IDecoder.java | 25 + .../eaaf/modules/pvp2/api/binding/IEncoder.java | 51 + .../pvp2/api/message/InboundMessageInterface.java | 18 + .../metadata/IPVPMetadataBuilderConfiguration.java | 218 ++++ .../metadata/IPVPMetadataConfigurationFactory.java | 11 + .../pvp2/api/metadata/IPVPMetadataProvider.java | 37 + .../api/metadata/IRefreshableMetadataProvider.java | 18 + .../pvp2/api/validation/ISAMLValidator.java | 11 + .../pvp2/exception/AttributQueryException.java | 24 + .../exception/BindingNotSupportedException.java | 21 + .../CredentialsNotAvailableException.java | 24 + .../pvp2/exception/InvalidDateFormatException.java | 19 + .../pvp2/exception/InvalidPVPRequestException.java | 16 + .../NameIDFormatNotSupportedException.java | 22 + .../exception/NoMetadataInformationException.java | 19 + .../eaaf/modules/pvp2/exception/PVP2Exception.java | 42 + .../pvp2/exception/PVP2MetadataException.java | 17 + .../pvp2/exception/QAANotAllowedException.java | 20 + .../pvp2/exception/QAANotSupportedException.java | 20 + .../pvp2/exception/SchemaValidationException.java | 32 + .../exception/SignatureValidationException.java | 38 + .../modules/pvp2/impl/binding/PostBinding.java | 211 ++++ .../modules/pvp2/impl/binding/RedirectBinding.java | 215 ++++ .../modules/pvp2/impl/binding/SoapBinding.java | 148 +++ .../pvp2/impl/builder/CitizenTokenBuilder.java | 97 ++ .../pvp2/impl/builder/PVPAttributeBuilder.java | 186 +++ .../pvp2/impl/builder/PVPMetadataBuilder.java | 425 +++++++ .../pvp2/impl/builder/SamlAttributeGenerator.java | 68 ++ .../modules/pvp2/impl/message/InboundMessage.java | 99 ++ .../pvp2/impl/message/PVPSProfileRequest.java | 45 + .../pvp2/impl/message/PVPSProfileResponse.java | 37 + .../metadata/AbstractChainingMetadataProvider.java | 446 +++++++ .../pvp2/impl/metadata/MetadataFilterChain.java | 56 + .../pvp2/impl/metadata/SimpleMetadataProvider.java | 212 ++++ .../opensaml/HTTPPostEncoderWithOwnTemplate.java | 97 ++ .../opensaml/KeyStoreX509CredentialAdapter.java | 32 + .../opensaml/StringRedirectDeflateEncoder.java | 57 + .../initialize/EAAFDefaultSAML2Bootstrap.java | 42 + .../EAAFDefaultSecurityConfigurationBootstrap.java | 132 +++ .../impl/utils/AbstractCredentialProvider.java | 201 ++++ .../modules/pvp2/impl/utils/QAALevelVerifier.java | 41 + .../eaaf/modules/pvp2/impl/utils/SAML2Utils.java | 125 ++ .../pvp2/impl/validation/EAAFURICompare.java | 36 + .../pvp2/impl/validation/TrustEngineFactory.java | 41 + .../metadata/AbstractMetadataSignatureFilter.java | 128 ++ .../metadata/PVPEntityCategoryFilter.java | 211 ++++ .../metadata/SchemaValidationFilter.java | 81 ++ .../AbstractRequestSignedSecurityPolicyRule.java | 171 +++ .../impl/verification/AuthnRequestValidator.java | 45 + .../verification/PVPAuthRequestSignedRole.java | 29 + .../verification/PVPSignedRequestPolicyRule.java | 60 + .../impl/verification/SAMLVerificationEngine.java | 183 +++ ...iz.components.spring.api.SpringResourceProvider | 1 + .../src/main/resources/eaaf_pvp.beans.xml | 30 + eaaf_modules/eaaf_module_pvp2_idp/pom.xml | 71 ++ .../src/main/java/META-INF/MANIFEST.MF | 3 + .../idp/PVP2SProfileIDPSpringResourceProvider.java | 30 + .../idp/api/builder/ISubjectNameIdGenerator.java | 21 + .../InvalidAssertionConsumerServiceException.java | 30 + .../InvalidAssertionEncryptionException.java | 18 + .../pvp2/idp/exception/RequestDeniedException.java | 21 + .../idp/exception/ResponderErrorException.java | 26 + .../exception/SAMLRequestNotSignedException.java | 26 + .../idp/exception/SAMLRequestNotSupported.java | 22 + .../exception/UnprovideableAttributeException.java | 19 + .../pvp2/idp/impl/AbstractPVP2XProtocol.java | 537 +++++++++ .../pvp2/idp/impl/AuthenticationAction.java | 154 +++ .../eaaf/modules/pvp2/idp/impl/MetadataAction.java | 99 ++ .../pvp2/idp/impl/PVPSProfilePendingRequest.java | 103 ++ .../pvp2/idp/impl/builder/AuthResponseBuilder.java | 129 ++ .../idp/impl/builder/PVP2AssertionBuilder.java | 448 +++++++ ...iz.components.spring.api.SpringResourceProvider | 1 + .../src/main/resources/eaaf_pvp_idp.beans.xml | 19 + eaaf_modules/eaaf_module_pvp2_sp/pom.xml | 71 ++ .../src/main/java/META-INF/MANIFEST.MF | 3 + .../api/IPVPAuthnRequestBuilderConfiguruation.java | 142 +++ .../AssertionAttributeExtractorExeption.java | 32 + .../sp/exception/AssertionValidationExeption.java | 29 + .../sp/exception/AuthnRequestBuildException.java | 29 + .../AuthnResponseValidationException.java | 30 + .../pvp2/sp/impl/PVPAuthnRequestBuilder.java | 205 ++++ .../sp/impl/utils/AssertionAttributeExtractor.java | 275 +++++ eaaf_modules/pom.xml | 23 + pom.xml | 200 ++++ 324 files changed, 43188 insertions(+) create mode 100644 .gitignore create mode 100644 eaaf_core/pom.xml create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IDestroyableObject.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IGarbageCollectorProcessing.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IPostStartupInitializable.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequestStorage.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IStatusMessager.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/EAAFConfigConstants.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/EAAFConstants.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExceptionContainer.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/XMLNamespaceConstants.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIBuilderConfiguration.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIBuilderConfigurationFactory.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIFormBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/ModifyableGuiBuilderConfiguration.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAction.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthenticationDataBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IModulInfo.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IPVPAttributeBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISPConfiguration.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExecutionContext.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluationContext.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluator.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessEngine.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessInstanceStoreDAO.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/Task.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/ISLOInformationContainer.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/SLOInformationInterface.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/logging/IRevisionLogger.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/logging/IStatisticLogger.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributePolicyException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AuthnRequestValidatorException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFAuthenticationException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFConfigurationException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIllegalStateException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFParserException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFProtocolException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFSSOException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFStorageException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/GUIBuildException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/InvalidDateFormatAttributeException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/InvalidProtocolRequestException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/NoPassivAuthenticationException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProcessExecutionException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProtocolNotActiveException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/SLOException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/TaskExecutionException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/XPathException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/Pair.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/SLOInformationImpl.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/Trible.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderImpl.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityLogAdapter.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityProvider.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EAAFCoreSpringResourceProvider.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BPKBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/AbstractAuthServletTask.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/ModuleRegistration.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BPKAttributeBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BirthdateAttributeBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDIdentityLinkBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDIssuingNationAttributeBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSectorForIDAttributeBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePIN.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePINType.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDeIDASQAALevelAttributeBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/GivenNameAttributeBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PVPVersionAttributeBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PrincipalNameAttributeBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SPConfigurationImpl.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractAuthProtocolModulController.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/FinalizeAuthenticationTask.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/RestartAuthProzessManagement.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExpressionEvaluationContextImpl.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessDefinitionParser.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessDefinitionParserException.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessEngineImpl.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessInstance.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessInstanceState.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/dao/ProcessInstanceStore.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/dao/ProcessInstanceStoreDAOImpl.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/EndEvent.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/ProcessDefinition.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/ProcessNode.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/StartEvent.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/TaskInfo.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/Transition.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/SpringExpressionEvaluator.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/AbstractAuthSourceServlet.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/AbstractTask.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/DummyRevisionsLogger.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/DummyStatisticLogger.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DOMUtils.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataURLBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EAAFDomEntityResolver.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HTTPUtils.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ServletUtils.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIDUtils.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/XPathUtils.java create mode 100644 eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider create mode 100644 eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder create mode 100644 eaaf_core/src/main/resources/eaaf_core.beans.xml create mode 100644 eaaf_core/src/main/resources/process/ProcessDefinition.xsd create mode 100644 eaaf_core/src/main/resources/schemas/Core-1.2.xsd create mode 100644 eaaf_core/src/main/resources/schemas/Core.20020225.xsd create mode 100644 eaaf_core/src/main/resources/schemas/Core.20020831.xsd create mode 100644 eaaf_core/src/main/resources/schemas/ECDSAKeyValue.ancient.xsd create mode 100644 eaaf_core/src/main/resources/schemas/ECDSAKeyValue.wrong.xsd create mode 100644 eaaf_core/src/main/resources/schemas/ECDSAKeyValue.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.2.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.3.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.2.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.3.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.7.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.0.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.1.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.2.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-1.3.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-1.4.7.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-2.0.0.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.3.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.3.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.5.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.7.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.5.1.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-config-2.0.0.xsd create mode 100644 eaaf_core/src/main/resources/schemas/MOAIdentities.xsd create mode 100644 eaaf_core/src/main/resources/schemas/PersonData.xsd create mode 100644 eaaf_core/src/main/resources/schemas/PersonData_20_en_moaWID.xsd create mode 100644 eaaf_core/src/main/resources/schemas/PersonName-1_2.xsd create mode 100644 eaaf_core/src/main/resources/schemas/PostalAddress-1_2.xsd create mode 100644 eaaf_core/src/main/resources/schemas/TelcomNumber-1_0.xsd create mode 100644 eaaf_core/src/main/resources/schemas/XAdES-1.1.1.xsd create mode 100644 eaaf_core/src/main/resources/schemas/XAdES-1.2.2.xsd create mode 100644 eaaf_core/src/main/resources/schemas/XAdES-1.3.2.xsd create mode 100644 eaaf_core/src/main/resources/schemas/XAdES-1.4.1.xsd create mode 100644 eaaf_core/src/main/resources/schemas/XMLSchema-instance.xsd create mode 100644 eaaf_core/src/main/resources/schemas/XMLSchema.dtd create mode 100644 eaaf_core/src/main/resources/schemas/cs-sstc-schema-assertion-01.xsd create mode 100644 eaaf_core/src/main/resources/schemas/cs-sstc-schema-protocol-01.xsd create mode 100644 eaaf_core/src/main/resources/schemas/datatypes.dtd create mode 100644 eaaf_core/src/main/resources/schemas/eIDAS_saml_extensions.xsd create mode 100644 eaaf_core/src/main/resources/schemas/exclusive-canonicalization.xsd create mode 100644 eaaf_core/src/main/resources/schemas/saml-schema-assertion-2.0.xsd create mode 100644 eaaf_core/src/main/resources/schemas/saml-schema-metadata-2.0.xsd create mode 100644 eaaf_core/src/main/resources/schemas/saml-schema-protocol-2.0.xsd create mode 100644 eaaf_core/src/main/resources/schemas/sstc-metadata-attr.xsd create mode 100644 eaaf_core/src/main/resources/schemas/stork-schema-assertion-1.0.xsd create mode 100644 eaaf_core/src/main/resources/schemas/stork-schema-protocol-1.0.xsd create mode 100644 eaaf_core/src/main/resources/schemas/ts_102231v030102_additionaltypes_xsd.xsd create mode 100644 eaaf_core/src/main/resources/schemas/ts_102231v030102_sie_xsd.xsd create mode 100644 eaaf_core/src/main/resources/schemas/ts_102231v030102_xsd.xsd create mode 100644 eaaf_core/src/main/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd create mode 100644 eaaf_core/src/main/resources/schemas/ts_119612v010201_sie_xsd.xsd create mode 100644 eaaf_core/src/main/resources/schemas/ts_119612v010201_xsd.xsd create mode 100644 eaaf_core/src/main/resources/schemas/xenc-schema.xsd create mode 100644 eaaf_core/src/main/resources/schemas/xml.xsd create mode 100644 eaaf_core/src/main/resources/schemas/xmldsig-core-schema.xsd create mode 100644 eaaf_core/src/main/resources/schemas/xmldsig-filter2.xsd create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/DummyTransactionStorage.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/ExpressionContextAdapter.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SimplePojo.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionAwareProcessEngineTest.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/CreateSAML1AssertionTask.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/GetIdentityLinkTask.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/SelectBKUTask.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/SignAuthBlockTask.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/ValidateIdentityLinkTask.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/ValidateSignedAuthBlockTask.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/BooleanStringExpressionEvaluator.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/HalloWeltTask.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/HelloWorldTask.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/ProcessDefinitionParserTest.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/ProcessEngineTest.java create mode 100644 eaaf_core/src/test/resources/log4j.xml create mode 100644 eaaf_core/src/test/resources/process/hibernate.configuration.test.properties create mode 100644 eaaf_core/src/test/resources/process/spring/test/SampleProcessDefinitionForSAML1Authentication.xml create mode 100644 eaaf_core/src/test/resources/process/spring/test/SampleProcessDefinitionWithExpression1.xml create mode 100644 eaaf_core/src/test/resources/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml create mode 100644 eaaf_core/src/test/resources/process/spring/test/SpringExpressionEvaluatorTest-context.xml create mode 100644 eaaf_core/src/test/resources/process/spring/test/task/IdentityLink_Max_Mustermann.xml create mode 100644 eaaf_core/src/test/resources/process/spring/test/task/SAML1Assertion.xml create mode 100644 eaaf_core/src/test/resources/process/spring/test/task/SignedAuthBlock.xml create mode 100644 eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_MultipleStartEvents.xml create mode 100644 eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_NoStartEvents.xml create mode 100644 eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionLoop.xml create mode 100644 eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionRefsTransition.xml create mode 100644 eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionStartsFromEndEvent.xml create mode 100644 eaaf_core/src/test/resources/process/test/SampleProcessDefinition1.xml create mode 100644 eaaf_core/src/test/resources/process/test/SampleProcessDefinition2.xml create mode 100644 eaaf_modules/eaaf_module_pvp2_core/pom.xml create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVP2SProfileCoreSpringResourceProvider.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPEventConstants.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidPVPRequestException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIDFormatNotSupportedException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2Exception.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2MetadataException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotAllowedException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotSupportedException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPMetadataBuilder.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileRequest.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileResponse.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HTTPPostEncoderWithOwnTemplate.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSAML2Bootstrap.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSecurityConfigurationBootstrap.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/SAML2Utils.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EAAFURICompare.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PVPEntityCategoryFilter.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AuthnRequestValidator.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPAuthRequestSignedRole.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPSignedRequestPolicyRule.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SAMLVerificationEngine.java create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/pom.xml create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/META-INF/MANIFEST.MF create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/PVP2SProfileIDPSpringResourceProvider.java create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionEncryptionException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/RequestDeniedException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/ResponderErrorException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SAMLRequestNotSignedException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SAMLRequestNotSupported.java create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/PVPSProfilePendingRequest.java create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/resources/eaaf_pvp_idp.beans.xml create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/pom.xml create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/src/main/java/META-INF/MANIFEST.MF create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionAttributeExtractorExeption.java create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java create mode 100644 eaaf_modules/pom.xml create mode 100644 pom.xml diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..16a0a262 --- /dev/null +++ b/.gitignore @@ -0,0 +1,12 @@ +bin +gen +target +*~ +*.orig +*.log +.settings +.project +.classpath +.directory +.checkstyle +/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/version.txt diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml new file mode 100644 index 00000000..719a1989 --- /dev/null +++ b/eaaf_core/pom.xml @@ -0,0 +1,133 @@ + + 4.0.0 + + at.gv.egiz + eaaf + 1.x + + + at.gv.egiz.eaaf + eaaf-core + ${egiz.eaaf.version} + EAAF core components + Core components for identity managment implementations + + + 2.20.1 + 1.7.25 + + + + + + at.gv.egiz.components + eventlog-api + + + at.gv.egiz.components + egiz-spring-api + + + javax.annotation + javax.annotation-api + + + org.springframework + spring-webmvc + + + org.slf4j + slf4j-api + + + org.slf4j + slf4j-log4j12 + + + commons-codec + commons-codec + + + org.apache.commons + commons-lang3 + + + org.apache.commons + commons-collections4 + + + org.apache.commons + commons-text + + + commons-fileupload + commons-fileupload + + + javax.servlet + javax.servlet-api + + + org.apache.velocity + velocity + + + jaxen + jaxen + + + xerces + xercesImpl + + + xalan + xalan + + + + junit + junit + test + + + org.springframework + spring-test + test + + + + + eaaf_core + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.7.0 + + 1.8 + 1.8 + + + + + + maven-surefire-plugin + ${surefire.version} + + 1 + --add-modules java.xml.bind + + + + org.apache.maven.surefire + surefire-junit47 + ${surefire.version} + + + + + + + + \ No newline at end of file diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IDestroyableObject.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IDestroyableObject.java new file mode 100644 index 00000000..52979cd2 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IDestroyableObject.java @@ -0,0 +1,16 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api; + +/** + * @author tlenz + * + */ +public interface IDestroyableObject { + /** + * Manually deep destroy a Java object with all child objects like timers and threads + * + */ + public void fullyDestroy(); + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IGarbageCollectorProcessing.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IGarbageCollectorProcessing.java new file mode 100644 index 00000000..7b153b2e --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IGarbageCollectorProcessing.java @@ -0,0 +1,16 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api; + +/** + * @author tlenz + * + */ +public interface IGarbageCollectorProcessing { + + /** + * This method gets executed by the MOA garbage collector at regular intervals. + * + */ + public void runGarbageCollector(); +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IPostStartupInitializable.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IPostStartupInitializable.java new file mode 100644 index 00000000..f2fae3af --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IPostStartupInitializable.java @@ -0,0 +1,21 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api; + + +/** + * + * @author tlenz + * + * Interface initialize a Object when the MOA-ID-Auth start-up process is fully completed + * + */ +public interface IPostStartupInitializable { + + /** + * This method is called once when MOA-ID-Auth start-up process is fully completed + * + */ + public void executeAfterStartup(); + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java new file mode 100644 index 00000000..02070ee1 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java @@ -0,0 +1,234 @@ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* +* + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api; + +import java.util.Map; + +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; + +public interface IRequest { + + /** + * Indicates the module, which implements this authentication protocol. + * The class, which is referenced, had to implement the 'IModulInfo' interface. + * + * @return Full-qualified name of the class which implements this protocol + */ + public String requestedModule(); + + /** + * Indicates the protocol specific action, which should executed if the request is processed. + * The class, which is referenced, had to implement the 'IAction' interface. + * + * @return Full-qualified name of the class which implements the action + */ + public String requestedAction(); + + /** + * Unique identifier, which indicates the service provider. + * + * @return Unique identifier for the service provider + */ + public String getSPEntityId(); + + /** + * Indicates the passive flag in authentication requests. + * If the passive flag is set, the identification and authentication process + * failed if no active SSO session is found. + * + * @return true, if the is passive flag is set in authentication request, otherwise false + */ + public boolean isPassiv(); + + /** + * Indicates the force authentication flag in authentication request + * If this flag is set, a new identification and authentication process + * is carried out in any case. + * + * @return true, if the force authentication flag is set, otherwise false + */ + public boolean forceAuth(); + + + /** + * Returns a generic request-data object with is stored with a specific identifier + * + * @param key The specific identifier of the request-data object + * @return The request-data object or null if no data is found with this key + */ + public Object getGenericData(String key); + + /** + * Returns a generic request-data object with is stored with a specific identifier + * + * @param key The specific identifier of the request-data object + * @param clazz The class type which is stored with this key + * @return The request-data object or null if no data is found with this key + */ + public T getGenericData(String key, final Class clazz); + + /** + * Store a generic data-object into pending request with a specific identifier + * + * @param key Identifier for this data-object + * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface + * @throws SessionDataStorageException Error message if the data-object can not stored to generic request-data storage + */ + public void setGenericDataToSession(String key, Object object) throws EAAFStorageException; + + /** + * Store generic data-objects into pending request with specific identifiers + * + * @param map Map with Identifiers and values + * @throws SessionDataStorageException Error message if the data-object can not stored to generic request-data storage + */ + public void setGenericDataToSession(Map map) throws EAAFStorageException; + + + + /** + * Get the internal dataStorage map + * + * @return read-only map of data stored to this pending request + */ + public Map genericFullDataStorage(); + + /** + * Hold the identifier of this request object. + * This identifier can be used to load the request from request storage + * + * @return Request identifier + */ + public String getPendingRequestId(); + + + /** + * Hold the identifier of the SSO-Session which is associated with this request + * + * @return SSO session-identifier if a associated session exists, otherwise null + */ + public String getSSOSessionIdentifier(); + + /** + * Set the in SSO session identifier, if an active SSO session exists + * + * @param internalSSOSessionId + */ + public void setSSOSessionIdentifier(String internalSSOSessionId); + + /** + * Holds a unique transaction identifier, which could be used for looging + * This transaction identifier is unique for a single identification and authentication process + * + * @return Unique transaction identifier. + */ + public String getUniqueTransactionIdentifier(); + + /** + * Holds a unique session identifier, which could be used for logging + * This session identifier is unique for the full Single Sign-On session time + * + * @return Unique session identifier + */ + public String getUniqueSessionIdentifier(); + + + /** + * Hold the identifier if the process instance, which is associated with this request + * + * @return ProcessInstanceID if this request is associated with a authentication process, otherwise null + */ + public String getProcessInstanceId(); + + + /** + * get the IDP URL PreFix, which was used for authentication request + * + * @return IDP URL PreFix . The URL prefix always ends without / + */ + public String getAuthURL(); + public String getAuthURLWithOutSlash(); + + /** + * Indicates if this pending request needs authentication + * + * @return true if this request needs authentication, otherwise false + */ + public boolean isNeedAuthentication(); + + /** + * Indicates, if this pending request needs Single Sign-On (SSO) functionality + * + * @return true if this request needs SSO, otherwise false + */ + public boolean needSingleSignOnFunctionality(); + public void setNeedSingleSignOnFunctionality(boolean needSSO); + + + /** + * Indicates, if this pending request needs an additional user consent + * + * @return true if this request needs additional user consent, otherwise false + */ + public boolean isNeedUserConsent(); + public void setNeedUserConsent(boolean needConsent); + + /** + * Indicates, if this pending request is already authenticated + * + * @return true if this request is already authenticated, otherwise false + */ + public boolean isAuthenticated(); + public void setAuthenticated(boolean isAuthenticated); + + /** + * Get get Service-Provider configuration which is associated with this request. + * + * @return Service-Provider configuration + */ + public ISPConfiguration getServiceProviderConfiguration(); + + + /** + * Get get Service-Provider configuration which is associated with this request. + * + * @return Service-Provider configuration as object + */ + public T getServiceProviderConfiguration(final Class decorator); + + + /** + * Indicates, if this pending-request is aborted by the user + * + * @return true, if it is aborted, otherwise false + */ + public boolean isAbortedByUser(); + + /** + * Set the 'isAboredByUser' flag of this pending-request + * + * @param b true, if the user has abort the authentication process, otherwise false + */ + public void setAbortedByUser(boolean isAborted); + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequestStorage.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequestStorage.java new file mode 100644 index 00000000..ce526fa8 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequestStorage.java @@ -0,0 +1,40 @@ +/******************************************************************************* + *******************************************************************************/ +/* + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egiz.eaaf.core.api; + + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + +/** + * @author tlenz + * + */ +public interface IRequestStorage { + + public IRequest getPendingRequest(String pendingReqID); + + public void storePendingRequest(IRequest pendingRequest) throws EAAFException; + + public void removePendingRequest(String requestID); + + public String changePendingRequestID(IRequest pendingRequest) throws EAAFException; + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IStatusMessager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IStatusMessager.java new file mode 100644 index 00000000..40d86352 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IStatusMessager.java @@ -0,0 +1,49 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api; + +public interface IStatusMessager { + + //internal error codes defined in EAAFCore + public static final String CODES_INTERNAL_ERROR_GENERIC = "internal.00"; + public static final String CODES_INTERNAL_ERROR_AUTH_NOSPCONFIG = "auth.00"; + public static final String CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID = "auth.26"; + public static final String CODES_INTERNAL_ERROR_AUTH_TIMEOUT = "auth.28"; + public static final String CODES_INTERNAL_ERROR_AUTH_USERSTOP = "auth.21"; + public static final String CODES_INTERNAL_ERROR_AUTH_REQUEST_INVALID = "auth.35"; + + public static final String CODES_INTERNAL_ILLEGAL_STATE = "process.03"; + + //external error codes defined in EAAFCore + public static final String CODES_EXTERNAL_ERROR_GENERIC = "9199"; + public static final String CODES_EXTERNAL_ERROR_PROCESSENGINE = "1100"; + + + /** + * Get the message corresponding to a given message ID. + * + * @param messageId The ID of the message. + * @param parameters The parameters to fill in into the message arguments. + * @return The formatted message. + */ + public String getMessage(String messageId, Object[] parameters); + + + /** + * Get external errorCode from from Exception + * + * @param throwable + * @return + */ + public String getResponseErrorCode(Throwable throwable); + + + /** + * Map internal to external errorCode + * + * @param intErrorCode + * @return + */ + public String mapInternalErrorToExternalError(String intErrorCode); + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/EAAFConfigConstants.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/EAAFConfigConstants.java new file mode 100644 index 00000000..4f35a681 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/EAAFConfigConstants.java @@ -0,0 +1,8 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.data; + +public class EAAFConfigConstants { + + public static final String SERVICE_UNIQUEIDENTIFIER = "uniqueID"; //publicURLPrefix +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/EAAFConstants.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/EAAFConstants.java new file mode 100644 index 00000000..c9d1263a --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/EAAFConstants.java @@ -0,0 +1,42 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.data; + + +public class EAAFConstants { + + public static final String CONTENTTYPE_HTML_UTF8 = "text/html; charset=UTF-8"; + + //http request parameters for process management + public static final String PARAM_HTTP_TARGET_PENDINGREQUESTID = "pendingid"; + public static final String PARAM_HTTP_ERROR_CODE = "errorid"; + + + public static final String EIDAS_QAA_PREFIX = "http://eidas.europa.eu/LoA/"; + public static final String EIDAS_QAA_LOW = EIDAS_QAA_PREFIX + "low"; + public static final String EIDAS_QAA_SUBSTANTIAL = EIDAS_QAA_PREFIX + "substantial"; + public static final String EIDAS_QAA_HIGH = EIDAS_QAA_PREFIX + "high"; + + + //Austrian specific prefixes for pseudonyms of users + public static final String URN_PREFIX = "urn:publicid:gv.at"; + public static final String URN_PREFIX_BASEID = URN_PREFIX + ":baseid"; + public static final String URN_PREFIX_CDID = URN_PREFIX + ":cdid+"; + public static final String URN_PREFIX_BPK = URN_PREFIX_CDID + "bpk"; + public static final String URN_PREFIX_WBPK = URN_PREFIX + ":wbpk+"; + public static final String URN_PREFIX_EIDAS = URN_PREFIX + ":eidasid+"; + + //Authentication process data_constants + public static final String UNIQUESESSIONIDENTIFIER = "eaaf_uniqueSessionIdentifier"; + public static final String AUTH_DATA_CREATED = "eaaf_authdata_created"; + + + public static final String PROCESS_ENGINE_PREFIX = "PARAMS_"; + public static final String PROCESS_ENGINE_PENDINGREQUESTID = PROCESS_ENGINE_PREFIX + PARAM_HTTP_TARGET_PENDINGREQUESTID; + public static final String PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID = PROCESS_ENGINE_PREFIX + "uniqueSPId"; + public static final String PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE = PROCESS_ENGINE_PREFIX + "holderofkey_cert"; + + public static final int ALLOWED_TIME_JITTER = 5; //minutes + public static final String COUNTRYCODE_AUSTRIA = "AT"; + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExceptionContainer.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExceptionContainer.java new file mode 100644 index 00000000..1b16d4c2 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExceptionContainer.java @@ -0,0 +1,74 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.data; + +import java.io.Serializable; + +import at.gv.egiz.eaaf.core.api.IRequest; + +/** + * @author tlenz + * + */ +public class ExceptionContainer implements Serializable { + + private static final long serialVersionUID = 5355860753609684995L; + private Throwable exceptionThrown = null; + private IRequest pendingReq = null; + + + /** + * + */ + public ExceptionContainer(IRequest pendingReq, Throwable exception) { + this.pendingReq = pendingReq; + this.exceptionThrown = exception; + + } + + /** + * @return the exceptionThrown + */ + public Throwable getExceptionThrown() { + return this.exceptionThrown; + } + + public IRequest getPendingRequest() { + return this.pendingReq; + + } + + /** + * @return the uniqueSessionID + */ + public String getUniqueSessionID() { + if (this.pendingReq != null) + return this.pendingReq.getUniqueSessionIdentifier(); + else + return null; + } + /** + * @return the uniqueTransactionID + */ + public String getUniqueTransactionID() { + if (this.pendingReq != null) + return this.pendingReq.getUniqueTransactionIdentifier(); + else + return null; + } + + /** + * @return the uniqueServiceProviderId + */ + public String getUniqueServiceProviderId() { + if (this.pendingReq != null && + this.pendingReq.getServiceProviderConfiguration() != null) + return this.pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(); + else + return null; + } + + + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java new file mode 100644 index 00000000..d4f49916 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java @@ -0,0 +1,22 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.data; + +public interface ILoALevelMapper { + + /** + * Map an arbitrary QAA level to eIDAS LoA + * + * @param qaa, but not null + * @return An eIDAS LoA if there is a mapping, otherwise null + */ + public String mapToeIDASLoA(String qaa); + + /** + * Map an arbitrary QAA level to PVP SecClass + * + * @param qaa, but not null + * @return An PVP SecClass if there is a mapping, otherwise null + */ + public String mapToSecClass(String qaa); +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java new file mode 100644 index 00000000..9a439072 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java @@ -0,0 +1,251 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.data; + +public interface PVPAttributeDefinitions { + + public static final String URN_OID_PREFIX = "urn:oid:"; + + public static final String PVP_VERSION_OID = "1.2.40.0.10.2.1.1.261.10"; + public static final String PVP_VERSION_NAME = URN_OID_PREFIX + PVP_VERSION_OID; + public static final String PVP_VERSION_FRIENDLY_NAME = "PVP-VERSION"; + public static final String PVP_VERSION_2_1 = "2.1"; + + + public static final String SECCLASS_OID = "1.2.40.0.10.2.1.1.261.110"; + public static final String SECCLASS_FRIENDLY_NAME = "SECCLASS"; + public static final String SECCLASS_NAME = URN_OID_PREFIX + SECCLASS_OID; + public static final int SECCLASS_MAX_LENGTH = 128; + + public static final String PRINCIPAL_NAME_OID = "1.2.40.0.10.2.1.1.261.20"; + public static final String PRINCIPAL_NAME_NAME = URN_OID_PREFIX + PRINCIPAL_NAME_OID; + public static final String PRINCIPAL_NAME_FRIENDLY_NAME = "PRINCIPAL-NAME"; + public static final int PRINCIPAL_NAME_MAX_LENGTH = 128; + + public static final String GIVEN_NAME_OID = "2.5.4.42"; + public static final String GIVEN_NAME_NAME = URN_OID_PREFIX + GIVEN_NAME_OID; + public static final String GIVEN_NAME_FRIENDLY_NAME = "GIVEN-NAME"; + public static final int GIVEN_NAME_MAX_LENGTH = 128; + + public static final String BIRTHDATE_OID = "1.2.40.0.10.2.1.1.55"; + public static final String BIRTHDATE_NAME = URN_OID_PREFIX + BIRTHDATE_OID; + public static final String BIRTHDATE_FRIENDLY_NAME = "BIRTHDATE"; + public static final String BIRTHDATE_FORMAT_PATTERN = "yyyy-MM-dd"; + + public static final String USERID_OID = "0.9.2342.19200300.100.1.1"; + public static final String USERID_NAME = URN_OID_PREFIX + USERID_OID; + public static final String USERID_FRIENDLY_NAME = "USERID"; + public static final int USERID_MAX_LENGTH = 128; + + public static final String GID_OID = "1.2.40.0.10.2.1.1.1"; + public static final String GID_NAME = URN_OID_PREFIX + GID_OID; + public static final String GID_FRIENDLY_NAME = "GID"; + public static final int GID_MAX_LENGTH = 128; + + public static final String BPK_OID = "1.2.40.0.10.2.1.1.149"; + public static final String BPK_NAME = URN_OID_PREFIX + BPK_OID; + public static final String BPK_FRIENDLY_NAME = "BPK"; + public static final int BPK_MAX_LENGTH = 1024; + + public static final String ENC_BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.22"; + public static final String ENC_BPK_LIST_NAME = URN_OID_PREFIX+ENC_BPK_LIST_OID; + public static final String ENC_BPK_LIST_FRIENDLY_NAME = "ENC-BPK-LIST"; + public static final int ENC_BPK_LIST_MAX_LENGTH = 32767; + + public static final String MAIL_OID = "0.9.2342.19200300.100.1.3"; + public static final String MAIL_NAME = URN_OID_PREFIX + MAIL_OID; + public static final String MAIL_FRIENDLY_NAME = "MAIL"; + public static final int MAIL_MAX_LENGTH = 128; + + public static final String TEL_OID = "2.5.4.20"; + public static final String TEL_NAME = URN_OID_PREFIX + TEL_OID; + public static final String TEL_FRIENDLY_NAME = "TEL"; + public static final int TEL_MAX_LENGTH = 32; + + public static final String PARTICIPANT_ID_OID = "1.2.40.0.10.2.1.1.71"; + public static final String PARTICIPANT_ID_NAME = URN_OID_PREFIX + PARTICIPANT_ID_OID; + public static final String PARTICIPANT_ID_FRIENDLY_NAME = "PARTICIPANT-ID"; + public static final int PARTICIPANT_MAX_LENGTH = 39; + + public static final String PARTICIPANT_OKZ_OID = "1.2.40.0.10.2.1.1.261.24"; + public static final String PARTICIPANT_OKZ_NAME = URN_OID_PREFIX + PARTICIPANT_OKZ_OID; + public static final String PARTICIPANT_OKZ_FRIENDLY_NAME = "PARTICIPANT-OKZ"; + public static final int PARTICIPANT_OKZ_MAX_LENGTH = 32; + + public static final String OU_OKZ_OID = "1.2.40.0.10.2.1.1.153"; + public static final String OU_OKZ_NAME = URN_OID_PREFIX + OU_OKZ_OID; + public static final int OU_OKZ_MAX_LENGTH = 32; + + public static final String OU_GV_OU_ID_OID = "1.2.40.0.10.2.1.1.3"; + public static final String OU_GV_OU_ID_NAME = URN_OID_PREFIX + OU_GV_OU_ID_OID; + public static final String OU_GV_OU_ID_FRIENDLY_NAME = "OU-GV-OU-ID"; + public static final int OU_GV_OU_ID_MAX_LENGTH = 39; + + public static final String OU_OID = "2.5.4.11"; + public static final String OU_NAME = URN_OID_PREFIX + OU_OID; + public static final String OU_FRIENDLY_NAME = "OU"; + public static final int OU_MAX_LENGTH = 64; + + public static final String FUNCTION_OID = "1.2.40.0.10.2.1.1.33"; + public static final String FUNCTION_NAME = URN_OID_PREFIX + FUNCTION_OID; + public static final String FUNCTION_FRIENDLY_NAME = "FUNCTION"; + public static final int FUNCTION_MAX_LENGTH = 32; + + public static final String ROLES_OID = "1.2.40.0.10.2.1.1.261.30"; + public static final String ROLES_NAME = URN_OID_PREFIX + ROLES_OID; + public static final String ROLES_FRIENDLY_NAME = "ROLES"; + public static final int ROLES_MAX_LENGTH = 32767; + + @Deprecated public static final String EID_CITIZEN_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.94"; + @Deprecated public static final String EID_CITIZEN_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_QAA_LEVEL_OID; + @Deprecated public static final String EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-LEVEL"; + + public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.108"; + public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_EIDAS_QAA_LEVEL_OID; + public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-EIDAS-LEVEL"; + + public static final String EID_ISSUING_NATION_OID = "1.2.40.0.10.2.1.1.261.32"; + public static final String EID_ISSUING_NATION_NAME = URN_OID_PREFIX + EID_ISSUING_NATION_OID; + public static final String EID_ISSUING_NATION_FRIENDLY_NAME = "EID-ISSUING-NATION"; + public static final int EID_ISSUING_NATION_MAX_LENGTH = 2; + + public static final String EID_SECTOR_FOR_IDENTIFIER_OID = "1.2.40.0.10.2.1.1.261.34"; + public static final String EID_SECTOR_FOR_IDENTIFIER_NAME = URN_OID_PREFIX + EID_SECTOR_FOR_IDENTIFIER_OID; + public static final String EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME = "EID-SECTOR-FOR-IDENTIFIER"; + public static final int EID_SECTOR_FOR_IDENTIFIER_MAX_LENGTH = 255; + + public static final String EID_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.36"; + public static final String EID_SOURCE_PIN_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_OID; + public static final String EID_SOURCE_PIN_FRIENDLY_NAME = "EID-SOURCE-PIN"; + public static final int EID_SOURCE_PIN_MAX_LENGTH = 128; + + public static final String EID_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.104"; + public static final String EID_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_TYPE_OID; + public static final String EID_SOURCE_PIN_TYPE_FRIENDLY_NAME = "EID-SOURCE-PIN-TYPE"; + public static final int EID_SOURCE_PIN_TYPE_MAX_LENGTH = 128; + + public static final String EID_IDENTITY_LINK_OID = "1.2.40.0.10.2.1.1.261.38"; + public static final String EID_IDENTITY_LINK_NAME = URN_OID_PREFIX + EID_IDENTITY_LINK_OID; + public static final String EID_IDENTITY_LINK_FRIENDLY_NAME = "EID-IDENTITY-LINK"; + public static final int EID_IDENTITY_LINK_MAX_LENGTH = 32767; + + public static final String EID_AUTH_BLOCK_OID = "1.2.40.0.10.2.1.1.261.62"; + public static final String EID_AUTH_BLOCK_NAME = URN_OID_PREFIX + EID_AUTH_BLOCK_OID; + public static final String EID_AUTH_BLOCK_FRIENDLY_NAME = "EID-AUTH-BLOCK"; + public static final int EID_AUTH_BLOCK_MAX_LENGTH = 32767; + + public static final String EID_CCS_URL_OID = "1.2.40.0.10.2.1.1.261.64"; + public static final String EID_CCS_URL_NAME = URN_OID_PREFIX + EID_CCS_URL_OID; + public static final String EID_CCS_URL_FRIENDLY_NAME = "EID-CCS-URL"; + public static final int EID_CCS_URL_MAX_LENGTH = 1024; + + public static final String EID_SIGNER_CERTIFICATE_OID = "1.2.40.0.10.2.1.1.261.66"; + public static final String EID_SIGNER_CERTIFICATE_NAME = URN_OID_PREFIX + EID_SIGNER_CERTIFICATE_OID; + public static final String EID_SIGNER_CERTIFICATE_FRIENDLY_NAME = "EID-SIGNER-CERTIFICATE"; + public static final int EID_SIGNER_CERTIFICATE_MAX_LENGTH = 32767; + + public static final String EID_STORK_TOKEN_OID = "1.2.40.0.10.2.1.1.261.96"; + public static final String EID_STORK_TOKEN_NAME = URN_OID_PREFIX + EID_STORK_TOKEN_OID; + public static final String EID_STORK_TOKEN_FRIENDLY_NAME = "EID-STORK-TOKEN"; + public static final int EID_STORK_TOKEN_MAX_LENGTH = 32767; + + public static final String MANDATE_TYPE_OID = "1.2.40.0.10.2.1.1.261.68"; + public static final String MANDATE_TYPE_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID; + public static final String MANDATE_TYPE_FRIENDLY_NAME = "MANDATE-TYPE"; + public static final int MANDATE_TYPE_MAX_LENGTH = 256; + + public static final String MANDATE_TYPE_OID_OID = "1.2.40.0.10.2.1.1.261.106"; + public static final String MANDATE_TYPE_OID_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID_OID; + public static final String MANDATE_TYPE_OID_FRIENDLY_NAME = "MANDATE-TYPE-OID"; + public static final int MANDATE_TYPE_OID_MAX_LENGTH = 256; + + public static final String MANDATE_NAT_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.70"; + public static final String MANDATE_NAT_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_OID; + public static final String MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN"; + public static final int MANDATE_NAT_PER_SOURCE_PIN_MAX_LENGTH = 128; + + public static final String MANDATE_LEG_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.100"; + public static final String MANDATE_LEG_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_OID; + public static final String MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN"; + public static final int MANDATE_LEG_PER_SOURCE_PIN_MAX_LENGTH = 128; + + public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.102"; + public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID; + public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN-TYPE"; + public static final int MANDATE_NAT_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128; + + public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.76"; + public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID; + public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE"; + public static final int MANDATE_LEG_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128; + + public static final String MANDATE_NAT_PER_BPK_OID = "1.2.40.0.10.2.1.1.261.98"; + public static final String MANDATE_NAT_PER_BPK_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_BPK_OID; + public static final String MANDATE_NAT_PER_BPK_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-BPK"; + public static final int MANDATE_NAT_PER_BPK_MAX_LENGTH = 1024; + + public static final String MANDATE_NAT_PER_ENC_BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.72"; + public static final String MANDATE_NAT_PER_ENC_BPK_LIST_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_ENC_BPK_LIST_OID; + public static final String MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-ENC-BPK-LIST"; + public static final int MANDATE_NAT_PER_ENC_BPK_LIST_MAX_LENGTH = 32767; + + public static final String MANDATE_NAT_PER_GIVEN_NAME_OID = "1.2.40.0.10.2.1.1.261.78"; + public static final String MANDATE_NAT_PER_GIVEN_NAME_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_GIVEN_NAME_OID; + public static final String MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-GIVEN-NAME"; + public static final int MANDATE_NAT_PER_GIVEN_NAME_MAX_LENGTH = 128; + + public static final String MANDATE_NAT_PER_FAMILY_NAME_OID = "1.2.40.0.10.2.1.1.261.80"; + public static final String MANDATE_NAT_PER_FAMILY_NAME_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_FAMILY_NAME_OID; + public static final String MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-FAMILY-NAME"; + public static final int MANDATE_NAT_PER_FAMILY_NAME_MAX_LENGTH = 128; + + public static final String MANDATE_NAT_PER_BIRTHDATE_OID = "1.2.40.0.10.2.1.1.261.82"; + public static final String MANDATE_NAT_PER_BIRTHDATE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_BIRTHDATE_OID; + public static final String MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-BIRTHDATE"; + public static final String MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN = BIRTHDATE_FORMAT_PATTERN; + + public static final String MANDATE_LEG_PER_FULL_NAME_OID = "1.2.40.0.10.2.1.1.261.84"; + public static final String MANDATE_LEG_PER_FULL_NAME_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_FULL_NAME_OID; + public static final String MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-FULL-NAME"; + public static final int MANDATE_LEG_PER_FULL_NAME_MAX_LENGTH = 256; + + public static final String MANDATE_PROF_REP_OID_OID = "1.2.40.0.10.2.1.1.261.86"; + public static final String MANDATE_PROF_REP_OID_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_OID_OID; + public static final String MANDATE_PROF_REP_OID_FRIENDLY_NAME = "MANDATE-PROF-REP-OID"; + public static final int MANDATE_PROF_REP_OID_MAX_LENGTH = 256; + + public static final String MANDATE_PROF_REP_DESC_OID = "1.2.40.0.10.2.1.1.261.88"; + public static final String MANDATE_PROF_REP_DESC_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_DESC_OID; + public static final String MANDATE_PROF_REP_DESC_FRIENDLY_NAME = "MANDATE-PROF-REP-DESCRIPTION"; + public static final int MANDATE_PROF_REP_DESC_MAX_LENGTH = 1024; + + public static final String MANDATE_REFERENCE_VALUE_OID = "1.2.40.0.10.2.1.1.261.90"; + public static final String MANDATE_REFERENCE_VALUE_NAME = URN_OID_PREFIX + MANDATE_REFERENCE_VALUE_OID; + public static final String MANDATE_REFERENCE_VALUE_FRIENDLY_NAME = "MANDATE-REFERENCE-VALUE"; + public static final int MANDATE_REFERENCE_VALUE_MAX_LENGTH = 100; + + public static final String MANDATE_FULL_MANDATE_OID = "1.2.40.0.10.2.1.1.261.92"; + public static final String MANDATE_FULL_MANDATE_NAME = URN_OID_PREFIX + MANDATE_FULL_MANDATE_OID; + public static final String MANDATE_FULL_MANDATE_FRIENDLY_NAME = "MANDATE-FULL-MANDATE"; + public static final int MANDATE_FULL_MANDATE_MAX_LENGTH = 32767; + + public static final String INVOICE_RECPT_ID_OID = "1.2.40.0.10.2.1.1.261.40"; + public static final String INVOICE_RECPT_ID_NAME = URN_OID_PREFIX + INVOICE_RECPT_ID_OID; + public static final String INVOICE_RECPT_ID_FRIENDLY_NAME = "INVOICE-RECPT-ID"; + public static final int INVOICE_RECPT_ID_MAX_LENGTH = 64; + + public static final String COST_CENTER_ID_OID = "1.2.40.0.10.2.1.1.261.50"; + public static final String COST_CENTER_ID_NAME = URN_OID_PREFIX + COST_CENTER_ID_OID; + public static final String COST_CENTER_ID_FRIENDLY_NAME = "COST-CENTER-ID"; + public static final int COST_CENTER_ID_MAX_LENGTH = 32767; + + public static final String CHARGE_CODE_OID = "1.2.40.0.10.2.1.1.261.60"; + public static final String CHARGE_CODE_NAME = URN_OID_PREFIX + CHARGE_CODE_OID; + public static final String CHARGE_CODE_FRIENDLY_NAME = "CHARGE-CODE"; + public static final int CHARGE_CODE_MAX_LENGTH = 32767; + + public static final String PVP_HOLDEROFKEY_OID = "1.2.40.0.10.2.1.1.261.xx.xx"; + public static final String PVP_HOLDEROFKEY_NAME = URN_OID_PREFIX + PVP_HOLDEROFKEY_OID; + public static final String PVP_HOLDEROFKEY_FRIENDLY_NAME = "HOLDER-OF-KEY-CERTIFICATE"; + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/XMLNamespaceConstants.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/XMLNamespaceConstants.java new file mode 100644 index 00000000..4ed321bd --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/XMLNamespaceConstants.java @@ -0,0 +1,474 @@ +/******************************************************************************* + *******************************************************************************/ + + +package at.gv.egiz.eaaf.core.api.data; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + + +/** + * Contains various constants used throughout the system. + + */ +public interface XMLNamespaceConstants { + /** Root location of the schema files. */ + public static final String SCHEMA_ROOT = "/schemas/"; + + /** URI of the Widerrufregister XML namespace. */ + public static final String WRR_NS_URI = + "http://reference.e-government.gv.at/namespace/moavv/20041223"; + + /** Prefix used for the Widerrufregister XML namespace */ + public static final String WRR_PREFIX = "wrr"; + + /** URI of the StandardTextBlock XML namespace. */ + public static final String STB_NS_URI = + "http://reference.e-government.gv.at/namespace/standardtextblock/20041105#"; + + /** Prefix used for the standard text block XML namespace */ + public static final String STB_PREFIX = "stb"; + + /** URI of the MOA XML namespace. */ + public static final String MOA_NS_URI = + "http://reference.e-government.gv.at/namespace/moa/20020822#"; + + /** Name of the mandates infobox */ + public static final String INFOBOXIDENTIFIER_MANDATES = "Mandates"; + + /** Prefix used for the Mandate XML namespace */ + public static final String MD_PREFIX = "md"; + + /** URI of the Mandate XML namespace. */ + public static final String MD_NS_URI = + "http://reference.e-government.gv.at/namespace/mandates/20040701#"; + + /** Prefix used for the Mandate XML namespace */ + public static final String MVV_PREFIX = "mvv"; + + /** URI of the Mandate XML namespace. */ + public static final String MVV_NS_URI = + "http://reference.e-government.gv.at/namespace/moavv/app2mvv/20041125"; + + /** Prefix used for the MandateCheckProfile XML namespace */ + public static final String MDP_PREFIX = "mdp"; + + /** URI of the Mandate XML namespace. */ + public static final String MDP_NS_URI = + "http://reference.e-government.gv.at/namespace/mandateprofile/20041105#"; + + /** Prefix used for the MOA XML namespace */ + public static final String MOA_PREFIX = "moa"; + + /** Local location of the MOA XML schema definition. */ + public static final String MOA_SCHEMA_LOCATION = + SCHEMA_ROOT + "MOA-SPSS-2.0.0.xsd"; + + /** URI of the MOA configuration XML namespace. */ + public static final String MOA_CONFIG_NS_URI = + "http://reference.e-government.gv.at/namespace/moaconfig/20021122#"; + + /** URI of the MOA ID configuration XML namespace. */ + public static final String MOA_ID_CONFIG_NS_URI = + "http://www.buergerkarte.at/namespaces/moaconfig#"; + + /** Prefix used for the MOA configuration XML namespace */ + public static final String MOA_CONFIG_PREFIX = "conf"; + + /** Prefix used for the MOA configuration XML namespace */ + public static final String MOA_ID_CONFIG_PREFIX = "confID"; + + /** Local location of the MOA configuration XML schema definition. */ + public static final String MOA_CONFIG_SCHEMA_LOCATION = + SCHEMA_ROOT + "MOA-SPSS-config-2.0.0.xsd"; + + /** Local location of the MOA ID configuration XML schema definition. */ + public static final String MOA_ID_CONFIG_SCHEMA_LOCATION = + SCHEMA_ROOT + "MOA-ID-Configuration-1.5.2.xsd"; + + /** URI of the Security Layer 1.0 namespace. */ + public static final String SL10_NS_URI = + "http://www.buergerkarte.at/namespaces/securitylayer/20020225#"; + + /** Prefix used for the Security Layer 1.0 XML namespace */ + public static final String SL10_PREFIX = "sl10"; + + /** Local location of the Security Layer 1.0 XML schema definition */ + public static final String SL10_SCHEMA_LOCATION = + SCHEMA_ROOT + "Core.20020225.xsd"; + + /** URI of the Security Layer 1.1 XML namespace */ + public static final String SL11_NS_URI = + "http://www.buergerkarte.at/namespaces/securitylayer/20020831#"; + + /** Prefix used for the Security Layer 1.1 XML namespace */ + public static final String SL11_PREFIX = "sl11"; + + /** Local location of the Security Layer 1.1 XML schema definition */ + public static final String SL11_SCHEMA_LOCATION = + SCHEMA_ROOT + "Core.20020831.xsd"; + + /** URI of the Security Layer 1.2 XML namespace */ + public static final String SL12_NS_URI = + "http://www.buergerkarte.at/namespaces/securitylayer/1.2#"; + + /** Prefix used for the Security Layer 1.2 XML namespace */ + public static final String SL12_PREFIX = "sl"; + + /** Local location of the Security Layer 1.2 XML schema definition */ + public static final String SL12_SCHEMA_LOCATION = + SCHEMA_ROOT + "Core-1.2.xsd"; + + /** URI of the ECDSA XML namespace */ + public static final String ECDSA_NS_URI = + "http://www.w3.org/2001/04/xmldsig-more#"; + + /** Prefix used for ECDSA namespace */ + public static final String ECDSA_PREFIX = "ecdsa"; + + /** Local location of ECDSA XML schema definition */ + public static final String ECDSA_SCHEMA_LOCATION = + SCHEMA_ROOT + "ECDSAKeyValue.xsd"; + + /** URI of the PersonData XML namespace. */ + public static final String PD_NS_URI = + "http://reference.e-government.gv.at/namespace/persondata/20020228#"; + + /** Prefix used for the PersonData XML namespace */ + public static final String PD_PREFIX = "pr"; + +// /** Local location of the PersonData XML schema definition */ +// public static final String PD_SCHEMA_LOCATION = +// SCHEMA_ROOT + "PersonData.xsd"; + + /** Local location of the PersonData XML schema definition */ + public static final String PD_SCHEMA_LOCATION = + SCHEMA_ROOT + "PersonData_20_en_moaWID.xsd"; + + /** URI of the SAML namespace. */ + public static final String SAML_NS_URI = + "urn:oasis:names:tc:SAML:1.0:assertion"; + + /** Prefix used for the SAML XML namespace */ + public static final String SAML_PREFIX = "saml"; + + /** Local location of the SAML XML schema definition. */ + public static final String SAML_SCHEMA_LOCATION = + SCHEMA_ROOT + "cs-sstc-schema-assertion-01.xsd"; + + /** URI of the SAML request-response protocol namespace. */ + public static final String SAMLP_NS_URI = + "urn:oasis:names:tc:SAML:1.0:protocol"; + + /** Prefix used for the SAML request-response protocol namespace */ + public static final String SAMLP_PREFIX = "samlp"; + + /** Local location of the SAML request-response protocol schema definition. */ + public static final String SAMLP_SCHEMA_LOCATION = + SCHEMA_ROOT + "cs-sstc-schema-protocol-01.xsd"; + + /** URI of the XML namespace. */ + public static final String XML_NS_URI = + "http://www.w3.org/XML/1998/namespace"; + + /** Prefix used for the XML namespace */ + public static final String XML_PREFIX = "xml"; + + /** Local location of the XML schema definition. */ + public static final String XML_SCHEMA_LOCATION = SCHEMA_ROOT + "xml.xsd"; + + /** URI of the XMLNS namespace */ + public static final String XMLNS_NS_URI = "http://www.w3.org/2000/xmlns/"; + + /** Prefix used for the XSI namespace */ + public static final String XSI_PREFIX = "xsi"; + + /** Local location of the XSI schema definition. */ + public static final String XSI_SCHEMA_LOCATION = + SCHEMA_ROOT + "XMLSchema-instance.xsd"; + + /** URI of the XSI XMLNS namespace */ + public static final String XSI_NS_URI = + "http://www.w3.org/2001/XMLSchema-instance"; + + /** URI of the XSLT XML namespace */ + public static final String XSLT_NS_URI = + "http://www.w3.org/1999/XSL/Transform"; + + /** Prefix used for the XSLT XML namespace */ + public static final String XSLT_PREFIX = "xsl"; + + /** URI of the XMLDSig XML namespace. */ + public static final String DSIG_NS_URI = "http://www.w3.org/2000/09/xmldsig#"; + + /** Prefix used for the XMLDSig XML namespace */ + public static final String DSIG_PREFIX = "dsig"; + + /** Local location of the XMLDSig XML schema. */ + public static final String DSIG_SCHEMA_LOCATION = + SCHEMA_ROOT + "xmldsig-core-schema.xsd"; + + /** URI of the XMLDSig XPath Filter XML namespace. */ + public static final String DSIG_FILTER2_NS_URI = + "http://www.w3.org/2002/06/xmldsig-filter2"; + + /** Prefix used for the XMLDSig XPath Filter XML namespace */ + public static final String DSIG_FILTER2_PREFIX = "dsig-filter2"; + + /** Local location of the XMLDSig XPath Filter XML schema definition. */ + public static final String DSIG_FILTER2_SCHEMA_LOCATION = + SCHEMA_ROOT + "xmldsig-filter2.xsd"; + + /** URI of the Exclusive Canonicalization XML namespace */ + public static final String DSIG_EC_NS_URI = + "http://www.w3.org/2001/10/xml-exc-c14n#"; + + /** Prefix used for the Exclusive Canonicalization XML namespace */ + public static final String DSIG_EC_PREFIX = "ec"; + + /** Local location of the Exclusive Canonicalizaion XML schema definition */ + public static final String DSIG_EC_SCHEMA_LOCATION = + SCHEMA_ROOT + "exclusive-canonicalization.xsd"; + + /** URI of the XMLLoginParameterResolver Configuration XML namespace */ + public static final String XMLLPR_NS_URI="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814"; + + /** Local location of the XMLLoginParameterResolver Configuration XML schema definition */ + public static final String XMLLPR_SCHEMA_LOCATION = + SCHEMA_ROOT + "MOAIdentities.xsd"; + + /** Local location of the XAdES v1.1.1 schema definition */ + public static final String XADES_1_1_1_SCHEMA_LOCATION = + SCHEMA_ROOT + "XAdES-1.1.1.xsd"; + + /** URI of the XAdES v1.1.1 namespace */ + public static final String XADES_1_1_1_NS_URI = "http://uri.etsi.org/01903/v1.1.1#"; + + public static final String XADES_1_1_1_NS_PREFIX = "xades111"; + + /** Local location of the XAdES v1.2.2 schema definition */ + public static final String XADES_1_2_2_SCHEMA_LOCATION = + SCHEMA_ROOT + "XAdES-1.2.2.xsd"; + + /** URI of the XAdES v1.2.2 namespace */ + public static final String XADES_1_2_2_NS_URI = "http://uri.etsi.org/01903/v1.2.2#"; + + public static final String XADES_1_2_2_NS_PREFIX = "xades122"; + + /** Local location of the XAdES v1.1.1 schema definition */ + public static final String XADES_1_3_2_SCHEMA_LOCATION = + SCHEMA_ROOT + "XAdES-1.3.2.xsd"; + + /** URI of the XAdES v1.3.2 namespace */ + public static final String XADES_1_3_2_NS_URI = "http://uri.etsi.org/01903/v1.3.2#"; + + public static final String XADES_1_3_2_NS_PREFIX = "xades132"; + + /** Local location of the XAdES v1.4.1 schema definition */ + public static final String XADES_1_4_1_SCHEMA_LOCATION = + SCHEMA_ROOT + "XAdES-1.4.1.xsd"; + + /** URI of the XAdES v1.4.1 namespace */ + public static final String XADES_1_4_1_NS_URI = "http://uri.etsi.org/01903/v1.4.1#"; + + public static final String XADES_1_4_1_NS_PREFIX = "xades141"; + /** URI of the SAML 2.0 namespace. */ + public static final String SAML2_NS_URI = + "urn:oasis:names:tc:SAML:2.0:assertion"; + + /** Prefix used for the SAML 2.0 XML namespace */ + public static final String SAML2_PREFIX = "saml2"; + + /** Local location of the SAML 2.0 XML schema definition. */ + public static final String SAML2_SCHEMA_LOCATION = + SCHEMA_ROOT + "saml-schema-assertion-2.0.xsd"; + + /** URI of the SAML 2.0 protocol namespace. */ + public static final String SAML2P_NS_URI = + "urn:oasis:names:tc:SAML:2.0:protocol"; + + /** Prefix used for the SAML 2.0 protocol XML namespace */ + public static final String SAML2P_PREFIX = "saml2p"; + + /** Local location of the SAML 2.0 protocol XML schema definition. */ + public static final String SAML2P_SCHEMA_LOCATION = + SCHEMA_ROOT + "saml-schema-protocol-2.0.xsd"; + + /** URI of the STORK namespace. */ + public static final String STORK_NS_URI = + "urn:eu:stork:names:tc:STORK:1.0:assertion"; + + /** Prefix used for the STORK XML namespace */ + public static final String STORK_PREFIX = "stork"; + + /** Local location of the STORK XML schema definition. */ + public static final String STORK_SCHEMA_LOCATION = + SCHEMA_ROOT + "stork-schema-assertion-1.0.xsd"; + + /** URI of the STORK protocol namespace. */ + public static final String STORKP_NS_URI = + "urn:eu:stork:names:tc:STORK:1.0:protocol"; + + /** Prefix used for the STORK protocol XML namespace */ + public static final String STORKP_PREFIX = "storkp"; + + /** Local location of the STORK protocol XML schema definition. */ + public static final String STORKP_SCHEMA_LOCATION = + SCHEMA_ROOT + "stork-schema-protocol-1.0.xsd"; + + /** URI of the TSL namespace. */ + public static final String TSL_NS_URI = + "http://uri.etsi.org/02231/v2#"; + + /** Prefix used for the TSL namespace */ + public static final String TSL_PREFIX = "tsl1"; + + /** Local location of the TSL schema definition. */ + public static final String TSL_SCHEMA_LOCATION = + SCHEMA_ROOT + "ts_119612v010201_xsd.xsd"; + + /** URI of the TSL SIE namespace. */ + public static final String TSL_SIE_NS_URI = + "http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#"; + + /** Prefix used for the TSL SIE namespace */ + public static final String TSL_SIE_PREFIX = "tslsie"; + + /** Local location of the TSL SIE schema definition. */ + public static final String TSL_SIE_SCHEMA_LOCATION = + SCHEMA_ROOT + "ts_119612v010201_sie_xsd.xsd"; + + /** URI of the TSL additional types namespace. */ + public static final String TSL_ADDTYPES_NS_URI = + "http://uri.etsi.org/02231/v2/additionaltypes#"; + + /** Prefix used for the TSL additional types namespace */ + public static final String TSL_ADDTYPES_PREFIX = "tsltype"; + + /** Local location of the TSL additional types schema definition. */ + public static final String TSL_ADDTYPES_SCHEMA_LOCATION = + SCHEMA_ROOT + "ts_ts_119612v010201_additionaltypes_xsd.xsd"; + + /** URI of the XML Encryption namespace. */ + public static final String XENC_NS_URI = + "http://www.w3.org/2001/04/xmlenc#"; + + /** Prefix used for the XML Encryption XML namespace */ + public static final String XENC_PREFIX = "xenc"; + + /** Local location of the XML Encryption XML schema definition. */ + public static final String XENC_SCHEMA_LOCATION = + SCHEMA_ROOT + "xenc-schema.xsd"; + + /** Prefix used for the XML Encryption XML namespace */ + public static final String SAML2_METADATA_PREFIX = "md"; + + /** Prefix used for the XML Encryption XML namespace */ + public static final String SAML2_METADATA_URI = "urn:oasis:names:tc:SAML:2.0:metadata"; + + /** Local location of the XML Encryption XML schema definition. */ + public static final String SAML2_METADATA_SCHEMA_LOCATION = + SCHEMA_ROOT + "saml-schema-metadata-2.0.xsd"; + + + /* Prefix and Schema definition for eIDAS specific SAML2 extensions*/ + public static final String SAML2_eIDAS_EXTENSIONS_PREFIX = "eidas"; + public static final String SAML2_eIDAS_EXTENSIONS = "http://eidas.europa.eu/saml-extensions"; + public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd"; + + + /* Prefix and Schema for SAML2 Entity Attributes */ + public static final String SAML2_MDATTR_EXTENSIONS_PREFIX = "mdattr"; + public static final String SAML2_MDATTR_EXTENSIONS = "urn:oasis:names:tc:SAML:metadata:attribute"; + public static final String SAML2_MDATTR_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "sstc-metadata-attr.xsd"; + + /** + * Contains all namespaces and local schema locations for XML schema + * definitions relevant for MOA. For use in validating XML parsers. + */ + public static final String ALL_SCHEMA_LOCATIONS = + (MOA_NS_URI + " " + MOA_SCHEMA_LOCATION + " ") + + (MOA_CONFIG_NS_URI + " " + MOA_CONFIG_SCHEMA_LOCATION + " ") + + (MOA_ID_CONFIG_NS_URI + " " + MOA_ID_CONFIG_SCHEMA_LOCATION + " ") + + (SL10_NS_URI + " " + SL10_SCHEMA_LOCATION + " ") + + (SL11_NS_URI + " " + SL11_SCHEMA_LOCATION + " ") + + (SL12_NS_URI + " " + SL12_SCHEMA_LOCATION + " ") + + (ECDSA_NS_URI + " " + ECDSA_SCHEMA_LOCATION + " ") + + (PD_NS_URI + " " + PD_SCHEMA_LOCATION + " ") + + (SAML_NS_URI + " " + SAML_SCHEMA_LOCATION + " ") + + (SAMLP_NS_URI + " " + SAMLP_SCHEMA_LOCATION + " ") + + (XML_NS_URI + " " + XML_SCHEMA_LOCATION + " ") + + (XSI_NS_URI + " " + XSI_SCHEMA_LOCATION + " ") + + (DSIG_NS_URI + " " + DSIG_SCHEMA_LOCATION + " ") + + (DSIG_FILTER2_NS_URI + " " + DSIG_FILTER2_SCHEMA_LOCATION + " ") + + (DSIG_EC_NS_URI + " " + DSIG_EC_SCHEMA_LOCATION + " ") + + (XMLLPR_NS_URI + " " + XMLLPR_SCHEMA_LOCATION + " ") + + (XADES_1_1_1_NS_URI + " " + XADES_1_1_1_SCHEMA_LOCATION + " ") + + (XADES_1_2_2_NS_URI + " " + XADES_1_2_2_SCHEMA_LOCATION + " ") + + (XADES_1_3_2_NS_URI + " " + XADES_1_3_2_SCHEMA_LOCATION + " ") + + (XADES_1_4_1_NS_URI + " " + XADES_1_4_1_SCHEMA_LOCATION + " ") + + (TSL_NS_URI + " " + TSL_SCHEMA_LOCATION + " ") + + (TSL_SIE_NS_URI + " " + TSL_SIE_SCHEMA_LOCATION + " ") + + (TSL_ADDTYPES_NS_URI + " " + TSL_ADDTYPES_SCHEMA_LOCATION + " ") + + (SAML2_NS_URI + " " + SAML2_SCHEMA_LOCATION + " ") + + (SAML2P_NS_URI + " " + SAML2P_SCHEMA_LOCATION + " ") + + (STORK_NS_URI + " " + STORK_SCHEMA_LOCATION + " ") + + (STORKP_NS_URI + " " + STORKP_SCHEMA_LOCATION + " ") + + (SAML2_METADATA_URI + " " + SAML2_METADATA_SCHEMA_LOCATION + " ") + + (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION + " ") + + (SAML2_eIDAS_EXTENSIONS + " " + SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION + " ") + + (SAML2_MDATTR_EXTENSIONS + " " + SAML2_MDATTR_EXTENSIONS_SCHEMA_LOCATION); + + + /** Security Layer manifest type URI. */ + public static final String SL_MANIFEST_TYPE_URI = + "http://www.buergerkarte.at/specifications/Security-Layer/20020225#SignatureManifest"; + + /** URI of the SHA1 digest algorithm */ + public static final String SHA1_URI = + "http://www.w3.org/2000/09/xmldsig#sha1"; + + /** URI of the SHA1 digest algorithm */ + public static final String SHA256_URI = + "http://www.w3.org/2000/09/xmldsig#sha256"; + + /** URI of the SHA1 digest algorithm */ + public static final String SHA384_URI = + "http://www.w3.org/2000/09/xmldsig#sha384"; + + /** URI of the SHA1 digest algorithm */ + public static final String SHA512_URI = + "http://www.w3.org/2000/09/xmldsig#sha512"; + + /** URI of the Canonical XML algorithm */ + public static final String C14N_URI = + "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; + + /** URI of the Canoncial XML with comments algorithm */ + public static final String C14N_WITH_COMMENTS_URI = + "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"; + + /** URI of the Exclusive Canonical XML algorithm */ + public static final String EXC_C14N_URI = + "http://www.w3.org/2001/10/xml-exc-c14n#"; + + /** URI of the Exclusive Canonical XML with commments algorithm */ + public static final String EXC_C14N_WITH_COMMENTS_URI = + "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"; + + /** + * A map used to map namespace prefixes to namespace URIs + */ + public static final Map nSMap = Collections.unmodifiableMap(new HashMap(){ + private static final long serialVersionUID = 3845384324295136490L; + { + put(XMLNamespaceConstants.SAML_PREFIX, XMLNamespaceConstants.SAML_NS_URI); + put(XMLNamespaceConstants.ECDSA_PREFIX, "http://www.w3.org/2001/04/xmldsig-more#"); + put(XMLNamespaceConstants.DSIG_PREFIX, XMLNamespaceConstants.DSIG_NS_URI); + } + }); + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIBuilderConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIBuilderConfiguration.java new file mode 100644 index 00000000..80a686f9 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIBuilderConfiguration.java @@ -0,0 +1,54 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.gui; + +import java.io.InputStream; +import java.util.Map; + +/** + * @author tlenz + * + */ +public interface IGUIBuilderConfiguration { + + + /** + * Define the name of the template (with suffix) which should be used + * + * @return templatename, but never null + */ + public String getViewName(); + + /** + * Define the parameters, which should be evaluated in the template + * + * @return Map of parameters, which should be added to template + */ + public Map getViewParameters(); + + + /** + * Get a specific classpath template-directory prefix, which is used + * to load a template from classpath by using ClassLoader.getResourceAsStream(...) + * + * @return Classpath directory, or null if the default directory should be used + */ + public String getClasspathTemplateDir(); + + /** + * Get the GUI template with a specific name + * + * @param viewName Name of the template + * @return Tempate as InputStream, or null if default getTemplate method should be used + */ + public InputStream getTemplate(String viewName); + + /** + * Get the contentType, which should be set in HTTP response + *

+ * DefaultValue: text/html;charset=UTF-8 + * + * @return ContentType, or null if default ContentType should be used. + */ + public String getDefaultContentType(); +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIBuilderConfigurationFactory.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIBuilderConfigurationFactory.java new file mode 100644 index 00000000..0d6b1470 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIBuilderConfigurationFactory.java @@ -0,0 +1,30 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.gui; + +import java.net.MalformedURLException; +import java.net.URI; + +import at.gv.egiz.eaaf.core.api.IRequest; + +public interface IGUIBuilderConfigurationFactory { + + /** + * Get a DefaultGuiBuilderConfiguration to render an error message + * + * @param authURL PublicURLPrefix of the IDP but never null + * @return + */ + public IGUIBuilderConfiguration getDefaultErrorGUI(String authURL); + + /** + * @param Current processed pending-request but never null + * @param viewName Name of the default template (with suffix) but never null + * @param configRootContextDir Path to configuration root directory + * @return + * @throws MalformedURLException If configRootContextDir is not a valid URI + */ + public IGUIBuilderConfiguration getSPSpecificSAML2PostConfiguration(IRequest pendingReq, String viewName, URI configRootContextDir) + throws MalformedURLException; + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIFormBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIFormBuilder.java new file mode 100644 index 00000000..40238c2b --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIFormBuilder.java @@ -0,0 +1,70 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.gui; + +import java.io.InputStream; + +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.VelocityContext; + +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; + +/** + * @author tlenz + * + */ +public interface IGUIFormBuilder { + + /** + * Parse a GUI template, with parameters into a http servlet-response + * and use the default http-response content-type. + *

+ * The parser use the VelocityEngine as internal template evaluator. + * + * @param httpResp http-response object + * @param viewName Name of the template (with suffix), which should be used. + * The template is selected by using the getTemplate(String viewName) method + * @param viewParams Map of parameters, which should be added to template + * @param loggerName String, which should be used from logger + * + * @throws GUIBuildException + */ + public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException; + + /** + * Parse a GUI template, with parameters into a http servlet-response. + *

+ * The parser use the VelocityEngine as internal template evaluator. + * + * @param httpResp http-response object + * @param viewName Name of the template (with suffix), which should be used. + * The template is selected by using the getTemplate(String viewName) method + * @param viewParams Map of parameters, which should be added to template + * @param contentType http-response content-type, which should be set + * @param loggerName String, which should be used from logger + * + * @throws GUIBuildException + */ + void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String contentType, + String loggerName) throws GUIBuildException; + + + /** + * Generate a new {@link VelocityContext} and populate it with MOA-ID GUI parameters + * + * @param config + * @return + */ + public VelocityContext generateVelocityContextFromConfiguration(IGUIBuilderConfiguration config); + + + /** + * Load the template from different resources + * + * @param config + * @return An {@link InputStream} but never null. The {@link InputStream} had to be closed be the invoking method + * @throws GUIBuildException + */ + public InputStream getTemplateInputStream(IGUIBuilderConfiguration config) throws GUIBuildException; +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/ModifyableGuiBuilderConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/ModifyableGuiBuilderConfiguration.java new file mode 100644 index 00000000..3183ffad --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/ModifyableGuiBuilderConfiguration.java @@ -0,0 +1,25 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.gui; + +public interface ModifyableGuiBuilderConfiguration { + + /** + * Add a key/value pair into Velocity context.
+ * IMPORTANT: external HTML escapetion is required, because it is NOT done internally + * + * @param key velocity context key + * @param value of this key + */ + void putCustomParameterWithOutEscaption(String key, Object value); + + /** + * Add a key/value pair into Velocity context.
+ * All parameters get escaped internally + * + * @param key velocity context key + * @param value of this key + */ + void putCustomParameter(String key, String value); + +} \ No newline at end of file diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java new file mode 100644 index 00000000..f7a9a847 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java @@ -0,0 +1,21 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +public interface EAAFAuthProcessDataConstants { + + public static final String GENERIC_PREFIX = "generic_"; + + public static final String VALUE_ISSUEINSTANT = "direct_issueInstant"; + + public static final String FLAG_IS_AUTHENTICATED = "direct_flagIsAuth"; + public static final String FLAG_IS_FOREIGNER = "direct_flagIsForeigner"; + public static final String FLAG_USE_MANDATE = "direct_flagUseMandate"; + public static final String FLAG_IS_ORGANWALTER = "direct_flagOrganwalter"; + + public static final String VALUE_IDENTITYLINK = "direct_idl"; + public static final String VALUE_QAALEVEL = "direct_qaaLevel"; + public static final String VALUE_MISMANDATE = "direct_MIS_Mandate"; + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAction.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAction.java new file mode 100644 index 00000000..c8d55b96 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAction.java @@ -0,0 +1,43 @@ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + + +/** + * Basic interface of a specific operation that is requested by an authentication protocol implementation + * + * @author tlenz + * + */ +public interface IAction { + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) + throws EAAFException; + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp); + + public String getDefaultActionName(); +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java new file mode 100644 index 00000000..ded9731c --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java @@ -0,0 +1,32 @@ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; + +public interface IAttributeBuilder { + public String getName(); + + public ATT build(final ISPConfiguration oaParam, final IAuthData authData, + final IAttributeGenerator g) throws AttributeBuilderException; + + public ATT buildEmpty(final IAttributeGenerator g); +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java new file mode 100644 index 00000000..01bb68cc --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java @@ -0,0 +1,39 @@ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +public interface IAttributeGenerator { + /** + * + * @param friendlyName FriendlyName + * @param name Name + * @param value value + * @return + */ + public abstract ATT buildStringAttribute(final String friendlyName, final String name, final String value); + + public abstract ATT buildIntegerAttribute(final String friendlyName, final String name, final int value); + + public abstract ATT buildLongAttribute(final String friendlyName, final String name, final long value); + + public abstract ATT buildEmptyAttribute(final String friendlyName, final String name); +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java new file mode 100644 index 00000000..888b6e92 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java @@ -0,0 +1,198 @@ +/******************************************************************************* + *******************************************************************************/ +/** + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egiz.eaaf.core.api.idp; + +import java.util.Date; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; + +/** + * @author tlenz + * + */ +public interface IAuthData { + + /** + * BaseId transfer policy + * + * @return true if baseID transfer to service provider is allowed, otherwise false + */ + boolean isBaseIDTransferRestrication(); + + /** + * Identifier of the IDP that authenicates the user + * + * @return + */ + String getAuthenticationIssuer(); + + /** + * Timestamp of the authentication process + * + * @return + */ + Date getAuthenticationIssueInstant(); + + /** + * Get string formated timestamp of the authentication process + * + * @return + */ + String getAuthenticationIssueInstantString(); + + + /** + * Familyname of the user + * + * @return + */ + String getFamilyName(); + + /** + * Givenname of the user + * + * @return + */ + String getGivenName(); + + /** + * Date of birth of the user + * + * @return date of birth or null no data of birth is available + */ + Date getDateOfBirth(); + + /** + * String formated date of birth of the user with pattern yyyy-MM-dd + * + * + * @return date of birth or '2999-12-31' if no data of birth is available + */ + String getFormatedDateOfBirth(); + + /** + * Get bPK of the user + * + * @return + */ + String getBPK(); + + /** + * Get sector for user's bPK + * + * + * @return Sector identifier with prefix + */ + String getBPKType(); + + /** + * Get baseId of this user + * + * @return + */ + String getIdentificationValue(); + + /** + * Get type identifier of the baseId + * By default, this type is urn:publicid:gv.at:baseid + * + * @return + */ + String getIdentificationType(); + + + /** + * Get the identityLink for the authenticated user + * + * @return IDL, or NULL if no IDL is available + */ + IIdentityLink getIdentityLink(); + + /** + * Return LoA for this user authentication + * + * @return eIDAS LoA URI + */ + public String getEIDASQAALevel(); + + + /** + * Indicates that the user is a foreigner + * + * @return true if the user is foreigner, otherwise false + */ + boolean isForeigner(); + + /** + * Code of the citizen country of the authenticated user + * + * @return + */ + String getCiticenCountryCode(); + + + /** + * Indicate that the authentication was done by using an active single sign-on session + * + * @return true if it an SSO session was used, otherwise false + */ + boolean isSsoSession(); + + /** + * Date, up to which the SSO that was used for authentication is valid to + * + * @return + */ + Date getSsoSessionValidTo(); + + + /** + * SessionIndex, if it was an reauthentication on a service provider by using the same SSO session + * + * @return + */ + String getSessionIndex(); + + /** + * SAML2 NameID for the user + * + * @return + */ + String getNameID(); + + /** + * Format of the SAML2 NameID + * + * @return + */ + String getNameIDFormat(); + + + /** + * Get generic information for this authenticated user + * + * @param key Identifier for the generic data + * @param clazz Type of the generic data + * @return return the generic data of specific type, otherwise null + */ + public T getGenericData(String key, final Class clazz); + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthenticationDataBuilder.java new file mode 100644 index 00000000..4bdefb06 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthenticationDataBuilder.java @@ -0,0 +1,14 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; + +public interface IAuthenticationDataBuilder { + + IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException; + + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java new file mode 100644 index 00000000..6aac90f8 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java @@ -0,0 +1,108 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import java.net.URI; +import java.net.URL; +import java.util.Map; +import java.util.Properties; + +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + +public interface IConfiguration { + + public static final String CONFIG_PROPS_AUTH_DEFAULT_COUNTRYCODE = "configuration.auth.default.countrycode"; + + /** + * Get a configuration value from file based configuration + * + * @param key configuration key + * @return configuration value or null if it is not found + */ + public String getBasicConfiguration(final String key); + + + /** + * Get a configuration value from file based configuration + * + * @param key configuration key + * @param defaultValue Default value if no value with this key is found + * @return configuration value + */ + public String getBasicConfiguration(final String key, final String defaultValue); + + /** + * Get a set of configuration values from file based configuration that starts with this prefix + *

+ * Important: The configuration values must be of type String! + * + * @param prefix Prefix of the configuration key + * @return Map without prefix, but never null + */ + public Map getBasicMOAIDConfigurationWithPrefix(final String prefix); + + + /** + * Get a boolean value from basic MOA-ID configuration file + * + * @param key Configuration key + * @param defaultValue Default result + * @return returns the value of the configuration key, or the default value if the key is not set + */ + public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue); + + /** + * Get a configuration entry for a specific Service Provider + * + * @param uniqueID Unique identifier of the Service Provider + * @return + * @throws EAAFConfigurationException + */ + public ISPConfiguration getServiceProviderConfiguration(final String uniqueID) throws EAAFConfigurationException; + + + /** + * Get a configuration entry for a specific Service Provider that is decorated by a Object + * + * @param spIdentifier EntityID of a Service Provider + * @param decorator Decorator that should be used to decorate the result. + * This decorator has to be implement or extend the {@link ISPConfiguration} interface + * @return + * @throws EAAFConfigurationException + */ + public T getServiceProviderConfiguration(String spIdentifier, final Class decorator) throws EAAFConfigurationException; + + /** + * Get the full configuration properties object + * + * @return + */ + public Properties getFullConfigurationProperties(); + + /** + * Get the root directory of the configuration folder + * + * @return + */ + public URI getConfigurationRootDirectory(); + + + /** + * Get the path to EAAFCore configuration that is internally used + * + * @return + */ + public URI getConfigurationFilePath(); + + + /** + * Validate a URL if it it is allowed by configuration. + * + * @param authReqUrl URL for validation + * @return URL of the application context if the authReqUrl was valid, otherwise null + */ + public String validateIDPURL(URL authReqUrl) throws EAAFException; + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IModulInfo.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IModulInfo.java new file mode 100644 index 00000000..03a761f2 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IModulInfo.java @@ -0,0 +1,75 @@ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.api.IRequest; + +/** + * Basic interface of an authentication protocol implementation on IDP side + * + * @author tlenz + * + */ +public interface IModulInfo { + + /** + * Name of this IDP authentication module + * + * @return + */ + public String getName(); + + /** + * Authentication protocol identifier for this module + * + * @return + */ + public String getAuthProtocolIdentifier(); + + /** + * Generates a protocol specific error message + * + * + * @param e Exception that contains the error message + * @param request httpRequest object from servlet container + * @param response httpResponse object from servlet container + * @param protocolRequest incoming protocol request + * @return return true if a protocol specific error message was generated, otherwise false + * @throws Throwable + */ + public boolean generateErrorMessage(Throwable e, + HttpServletRequest request, HttpServletResponse response, + IRequest protocolRequest) throws Throwable; + + /** + * additional validation of a incoming authentication request + * + * @param request httpRequest object from servlet container + * @param response httpResponse object from servlet container + * @param pending incoming protocol request + * @return return true if the incoming request is valid, otherwise false + */ + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending); +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IPVPAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IPVPAttributeBuilder.java new file mode 100644 index 00000000..33693647 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IPVPAttributeBuilder.java @@ -0,0 +1,9 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; + +public interface IPVPAttributeBuilder extends PVPAttributeDefinitions, IAttributeBuilder { + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISPConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISPConfiguration.java new file mode 100644 index 00000000..82e4bd1e --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISPConfiguration.java @@ -0,0 +1,131 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import java.io.Serializable; +import java.util.List; +import java.util.Map; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; + +public interface ISPConfiguration extends Serializable { + + public static final String CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL = "configuration.restrictions.baseID.idpProcessing"; + public static final String CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION = "configuration.restrictions.baseID.spTransmission"; + + /** + * Get the full key/value configuration for this Service Provider + * + * @return an unmodifiable map of key/value pairs + */ + public Map getFullConfiguration(); + + /** + * Get a configuration value from Service Provider key/value configuration + * + * @param key The key identifier of a configuration value + * @return The configuration value {String} or null if the key does not exist + */ + public String getConfigurationValue(String key); + + /** + * Get a configuration value from Service Provider key/value configuration + * + * @param key The key identifier of a configuration value + * @param defaultValue Default value if key does not exist + * @return The configuration value {String} or defaultValue if the key does not exist + */ + public String getConfigurationValue(String key, String defaultValue); + + /** + * Get a boolean configuration value from Service Provider key/value configuration + * + * @param key The key identifier of a configuration value + * @return true / false, or null if the key does not exist + */ + public Boolean isConfigurationValue(String key); + + + /** + * Get a boolean configuration value from Service Provider key/value configuration + * + * @param key The key identifier of a configuration value + * @param defaultValue Default value if key does not exist + * @return true / false, or defaultValue if the key does not exist + */ + public boolean isConfigurationValue(String key, boolean defaultValue); + + /** + * Check if a configuration key is available in this Service Provider configuration + * + * @param key The key identifier of a configuration value + * @return true if the configuration key exists, otherwise false + */ + boolean containsConfigurationKey(String key); + + /** + * Return the unique identifier of this Service Provider + * + * @return + */ + public String getUniqueIdentifier(); + + /** + * Return the unique identifier of this Service Provider + * + * @return + */ + public String getFriendlyName(); + + /** + * Indicates if this service provider has private area restrictions that disallow baseId processing in general + * * + * @return true if there is a restriction, otherwise false + */ + public boolean hasBaseIdInternalProcessingRestriction(); + + + /** + * Indicates if this service provider has private area restrictions that disallow baseId transfer to SP + * + * @return true if there is a restriction, otherwise false + */ + public boolean hasBaseIdTransferRestriction(); + + /** + * Get the {@link List} of identifier's that indicates no baseID processing restriction exists.
+ * This list can be configured by key: "configuration.restrictions.baseID.idpProcessing" + * + * @return + */ + public List getTargetsWithNoBaseIdInternalProcessingRestriction(); + + /** + * Get the {@link List} of identifier's that indicates no baseID transfer restriction exists.
+ * This list can be configured by key: "configuration.restrictions.baseID.spTransmission" + * + * @return + */ + public List getTargetsWithNoBaseIdTransferRestriction(); + + /** + * Get the minimum eIDAS LoA that is required by this service provider + * + * {@link EAAFConstants.EIDAS_QAA_LOW} + * {@link EAAFConstants.EIDAS_QAA_SUBSTANTIAL} + * {@link EAAFConstants.EIDAS_QAA_HIGH} + * + * @return return eIDAS LoA + */ + public String getMinimumLevelOfAssurence(); + + /** + * Get the full area-identifier for this service provider to calculate the + * area-specific unique person identifier (bPK, wbPK, eIDAS unique identifier, ...). + * This identifier always contains the full prefix + * + * @return area identifier with prefix + */ + public String getAreaSpecificTargetIdentifier(); + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java new file mode 100644 index 00000000..82f87f49 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java @@ -0,0 +1,72 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.auth; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + +public interface IAuthenticationManager { + + //TODO + public static int EVENT_AUTHENTICATION_PROCESS_FOR_SP = -1; + public static int EVENT_AUTHENTICATION_PROCESS_STARTED = -1; + public static int EVENT_AUTHENTICATION_PROCESS_FINISHED = -1; + public static int EVENT_AUTHENTICATION_PROCESS_ERROR = -1; + + + /** + * Add a request parameter to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} + * + * @param httpReqParam http parameter name, but never null + */ + void addParameterNameToWhiteList(String httpReqParam); + + /** + * Add a request header to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} + * + * @param httpReqParam http header name, but never null + */ + void addHeaderNameToWhiteList(String httpReqParam); + + + /** + * Starts an authentication process for a specific pending request + * + * @param httpReq http servlet request + * @param httpResp http servlet response + * @param pendingReq Pending request for that an authentication is required + * @return true if the pending request is already authenticated, otherwise false + * @throws EAAFException + */ + boolean doAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp, + IRequest pendingReq) throws EAAFException; + + /** + * Close an active authenticated session on IDP side + * + * @param request http servlet request + * @param response http servlet response + * @param pendingReq ReqPending request for that an authentication session should be closed + */ + void performOnlyIDPLogOut(HttpServletRequest request, HttpServletResponse response, IRequest pendingReq); + + + /** + * Close an active authenticated session on IDP side and get a list authenticated service providers + * + * @param request http servlet request + * @param response http servlet response + * @param pendingReq ReqPending request for that an authentication session should be closed + * @param internalSSOId internal SSO session identifier + * @return A container that contains all active SP sessions + * @throws EAAFException + */ + ISLOInformationContainer performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String internalSSOId) throws EAAFException; + + +} \ No newline at end of file diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java new file mode 100644 index 00000000..9c7a7320 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java @@ -0,0 +1,92 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.auth; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException; + +public interface ISSOManager { + + //TODO + public static int EVENT_SSO_SESSION_INVALID = -1; + public static int EVENT_SSO_SESSION_VALID = -1; + + + public static final String PROCESS_ENGINE_SSO_CONSENTS_EVALUATION = "ssoconsentsevaluation"; + public static final String AUTH_DATA_SSO_SESSIONID = "eaaf_authdata_sso_sessionId"; + + + /** + * Check if there is an active and valid SSO session for the current pending request. + *
+ * If there is an active SSO session, the pending request will be populated with eID information from SSO session + * + * @param pendingReq Current incoming pending request + * @param httpReq http Servlet request + * @param httpResp http Servlet response + * @return true if there is a valid SSO session, otherwise false + * @throws EAAFSSOException + */ + public boolean checkAndValidateSSOSession(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp) throws EAAFSSOException; + + /** + * Populate service provider specific SSO settings + * + * Check if Single Sign-On is allowed for the current pending request and the requested service provider + * + * @param pendingReq Current incoming pending request + * @param httpReq http Servlet request + * @return true if SSO is allowed for this service provider, otherwise false + */ + public void isSSOAllowedForSP(IRequest pendingReq, HttpServletRequest httpReq); + + + /** + * Populate the current pending request with eID information from an existing SSO session + * + * @param pendingReq pending request that should be populated by SSO session + * @throws EAAFSSOException if pending request contains no SSO information or population failed + */ + public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException; + + + /** + * Destroy an active SSO session on IDP site only + * + * @param httpReq http servlet request + * @param httpResp http servlet response + * @param pendingReq + * @return true if a SSO session was closed successfully, otherwise false + * @throws EAAFSSOException in case of an internal processing error + */ + public boolean destroySSOSessionOnIDPOnly(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) throws EAAFSSOException; + + + + // ************************* old *************************************************** + String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) throws EAAFSSOException; + + + void createNewSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInformationInterface sloInformation) throws EAAFSSOException; +// { +// internalDBSSOSession = authenticatedSessionStorage.createInternalSSOSession(pendingReq); +// authenticatedSessionStorage.addSSOInformation(internalDBSSOSession.getSessionID(), +// newSSOSessionId, sloInformation, pendingReq); +// +// } + + + void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInformationInterface sloInformation) throws EAAFSSOException; +// { +// authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(), +// newSSOSessionId, sloInformation, pendingReq); +// } + + + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java new file mode 100644 index 00000000..743c7797 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java @@ -0,0 +1,144 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.auth.data; + +import java.util.Date; +import java.util.Map; + +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; + +public interface IAuthProcessDataContainer { + + /** + * Returns the issuing time of the AUTH-Block SAML assertion. + * + * @return The issuing time of the AUTH-Block SAML assertion. + */ + String getIssueInstant(); + + /** + * Sets the issuing time of the AUTH-Block SAML assertion. + * + * @param issueInstant + * The issueInstant to set. + */ + void setIssueInstant(String issueInstant); + + /** + * Indicate if the authentication process is finished + * + * @return + */ + boolean isAuthenticated(); + + /** + * Mark the authentication as authenticated, which means that the authenication process is completed + * + * @param authenticated + */ + void setAuthenticated(boolean authenticated); + + /** + * Returns the identityLink. + * + * @return IdentityLink + */ + IIdentityLink getIdentityLink(); + + /** + * Sets the identityLink. + * + * @param identityLink + * The identityLink to set + */ + void setIdentityLink(IIdentityLink identityLink); + + + /** + * Indicate that mandates was used in this auth. process + * + * @return + */ + boolean isMandateUsed(); + + /** + * Mark that mandates was used in this auth. process + * + * @param useMandates + */ + void setUseMandates(boolean useMandates); + + /** + * Indicate that the auth. process was performed by a foreigner + * + * @return + */ + boolean isForeigner(); + + /** + * Mark that the auth. process was done by a foreigner + * + * @param isForeigner + */ + void setForeigner(boolean isForeigner); + + /** + * Indicate that the auth. process was performed by an official representatives + * + * @return is official representatives + */ + boolean isOW(); + + /** + * Mark that the auth. process was done by an official representatives + * + */ + void setOW(boolean isOW); + + /** + * eIDAS QAA level + * + * @return the qAALevel + */ + String getQAALevel(); + + /** + * set QAA level in eIDAS form + * + * @param qAALevel the qAALevel to set + */ + void setQAALevel(String qAALevel); + + /** + * @return the sessionCreated + */ + Date getSessionCreated(); + + Map getGenericSessionDataStorage(); + + /** + * Returns a generic session-data object with is stored with a specific identifier + * + * @param key The specific identifier of the session-data object + * @return The session-data object or null if no data is found with this key + */ + Object getGenericDataFromSession(String key); + + /** + * Returns a generic session-data object with is stored with a specific identifier + * + * @param key The specific identifier of the session-data object + * @param clazz The class type which is stored with this key + * @return The session-data object or null if no data is found with this key + */ + T getGenericDataFromSession(String key, Class clazz); + + /** + * Store a generic data-object to session with a specific identifier + * + * @param key Identifier for this data-object + * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface + * @throws EAAFStorageException Error message if the data-object can not stored to generic session-data storage + */ + void setGenericDataToSession(String key, Object object) throws EAAFStorageException; +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java new file mode 100644 index 00000000..ca1f145d --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java @@ -0,0 +1,155 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.auth.data; + +import java.io.IOException; +import java.security.PublicKey; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +/** + * @author tlenz + * + */ +public interface IIdentityLink { + + /** + * Returns the dateOfBirth. + * @return Calendar + */ + String getDateOfBirth(); + + /** + * Returns the familyName. + * @return String + */ + String getFamilyName(); + + /** + * Returns the givenName. + * @return String + */ + String getGivenName(); + + /** + * Returns the name. + * @return The name. + */ + String getName(); + + /** + * Returns the identificationValue. + * "identificationValue" is the translation of "Stammzahl". + * @return String + */ + String getIdentificationValue(); + + /** + * Returns the identificationType. + * "identificationType" type of the identificationValue in the IdentityLink. + * @return String + */ + String getIdentificationType(); + + /** + * Sets the dateOfBirth. + * @param dateOfBirth The dateOfBirth to set + */ + void setDateOfBirth(String dateOfBirth); + + /** + * Sets the familyName. + * @param familyName The familyName to set + */ + void setFamilyName(String familyName); + + /** + * Sets the givenName. + * @param givenName The givenName to set + */ + void setGivenName(String givenName); + + /** + * Sets the identificationValue. + * "identificationValue" is the translation of "Stammzahl". + * @param identificationValue The identificationValue to set + */ + void setIdentificationValue(String identificationValue); + + /** + * Sets the Type of the identificationValue. + * @param identificationType The type of identificationValue to set + */ + void setIdentificationType(String identificationType); + + /** + * Returns the samlAssertion. + * @return Element + */ + Element getSamlAssertion(); + + /** + * Returns the samlAssertion. + * @return Element + */ + String getSerializedSamlAssertion(); + + /** + * Sets the samlAssertion and the serializedSamlAssertion. + * @param samlAssertion The samlAssertion to set + */ + void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException; + + /** + * Returns the dsigReferenceTransforms. + * @return Element[] + */ + Element[] getDsigReferenceTransforms(); + + /** + * Sets the dsigReferenceTransforms. + * @param dsigReferenceTransforms The dsigReferenceTransforms to set + */ + void setDsigReferenceTransforms(Element[] dsigReferenceTransforms); + + /** + * Returns the publicKey. + * @return PublicKey[] + */ + PublicKey[] getPublicKey(); + + /** + * Sets the publicKey. + * @param publicKey The publicKey to set + */ + void setPublicKey(PublicKey[] publicKey); + + /** + * Returns the prPerson. + * @return Element + */ + Element getPrPerson(); + + /** + * Sets the prPerson. + * @param prPerson The prPerson to set + */ + void setPrPerson(Element prPerson); + + /** + * Returns the issuing time of the identity link SAML assertion. + * + * @return The issuing time of the identity link SAML assertion. + */ + String getIssueInstant(); + + /** + * Sets the issuing time of the identity link SAML assertion. + * + * @param issueInstant The issueInstant to set. + */ + void setIssueInstant(String issueInstant); + +} \ No newline at end of file diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java new file mode 100644 index 00000000..d8f15aff --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java @@ -0,0 +1,44 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.auth.modules; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.impl.idp.process.model.ProcessDefinition; + +/** + * Provides metadata of a certain module. Uses for module discovery and process selection. + */ +public interface AuthModule { + + /** + * Returns the priority of the module. The priority defines the order of the respective module within the chain of + * discovered modules. Higher priorized modules are asked before lower priorized modules for a process that they can + * handle. + *

+ * Internal default modules are priorized neutral ({@code 0}. Use a higher priority ({@code 1...Integer.MAX_VALUE}) + * in order to have your module(s) priorized or a lower priority ({@code Integer.MIN_VALUE...-1}) in order to put + * your modules behind default modules. + * + * @return the priority of the module. + */ + int getPriority(); + + /** + * Selects a process (description), referenced by its unique id, which is able to perform authentication with the + * given {@link ExecutionContext}. Returns {@code null} if no appropriate process (description) was available within + * this module. + * + * @param context + * an ExecutionContext for a process. + * @return the process-ID of a process which is able to work with the given ExecutionContext, or {@code null}. + */ + String selectProcess(ExecutionContext context); + + /** + * Returns the an Array of {@link ProcessDefinition}s of the processes included in this module. + * + * @return an array of resource uris of the processes included in this module. + */ + String[] getProcessDefinitions(); + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExecutionContext.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExecutionContext.java new file mode 100644 index 00000000..e5e2011b --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExecutionContext.java @@ -0,0 +1,65 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.process; + +import java.io.Serializable; +import java.util.Set; + +/** + * Encapsulates data needed for or provided by task execution. + * + * @author tknall + * + */ +public interface ExecutionContext extends Serializable { + + /** + * Returns the identifier of underlying process instance. + * + * @return The identifier of the process instance. + */ + String getProcessInstanceId(); + + /** + * Sets the identifier of underlying process instance. + * + * @param processInstanceId + * The identifier of the process instance. + */ + void setProcessInstanceId(String processInstanceId); + + /** + * Stores a serializable object using {@code key}. + * + * @param key + * The key under that the {@code object} should be stored. + * @param object The object to be stored. + */ + void put(String key, Serializable object); + + /** + * Returns an serializable object stored within this process context using {@code key}. + * + * @param key + * The key that has been used to store the serializable object (may be {@code null}). + * @return The object or {@code null} in case the key does not relate to a stored object or the stored object itself + * was {@code null}. + */ + Serializable get(String key); + + /** + * Removes the object stored using {@code key}. + * @param key + * The key that has been used to store the serializable object (may be {@code null}). + * @return The object that has been removed or {@code null} there was no object stored using {@code key}. + */ + Serializable remove(String key); + + /** + * Returns an unmodifiable set containing the stored keys. + * + * @return The keyset (never {@code null}). + */ + Set keySet(); + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluationContext.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluationContext.java new file mode 100644 index 00000000..6e976422 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluationContext.java @@ -0,0 +1,25 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.process; + +import java.io.Serializable; +import java.util.Map; + +import at.gv.egiz.eaaf.core.impl.idp.process.model.Transition; + +/** + * Context used for evaluation of condition expressions set for {@linkplain Transition Transitions}. + * + * @author tknall + * + */ +public interface ExpressionEvaluationContext extends Serializable { + + /** + * Returns the context data map used for expression evaluation. + * + * @return An unmodifiable map (never {@code null}). + */ + Map getCtx(); + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluator.java new file mode 100644 index 00000000..eda6b3cb --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluator.java @@ -0,0 +1,27 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.process; + +/** + * Evaluates a given {@code expression} returning a boolean value. + * + * @author tknall + */ +public interface ExpressionEvaluator { + + /** + * Evaluates a given {@code expression} returning a boolean value. + * + * @param expressionContext + * The context which can be used for evaluation of the expression. + * @param expression + * The expression resulting in a boolean (must not be {@code null}). + * @return A boolean value. + * @throws IllegalArgumentException + * In case of an invalid {@code expression}. + * @throws NullPointerException + * In case of a {@code null} expression. + */ + boolean evaluate(ExpressionEvaluationContext expressionContext, String expression); + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessEngine.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessEngine.java new file mode 100644 index 00000000..523eb8dc --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessEngine.java @@ -0,0 +1,114 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.process; + + +import java.io.InputStream; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessDefinitionParserException; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessInstance; +import at.gv.egiz.eaaf.core.impl.idp.process.model.ProcessDefinition; + +/** + * Process engine providing means for starting and resuming processes. + * + * @author tknall + */ +public interface ProcessEngine { + + /** + * Registers a new process definition. Note that existing definitions with the same identifier will be replaced. + * + * @param processDefinition + * The process definition to be registered. + */ + void registerProcessDefinition(ProcessDefinition processDefinition); + + /** + * Registers a new process definition given as {@link InputStream}. Note that existing definitions with the same identifier will be replaced. + * + * @param processDefinitionInputStream The input stream to the definition to be registered. + * @throws ProcessDefinitionParserException Thrown in case of an error parsing the process definition. + * @return The process definition's identifier. + */ + String registerProcessDefinition(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException; + + /** + * Creates a process instance according to the referenced process definition, persists it into the database and returns it identifier. + *

+ * Note that the method returns the identifier of a process instance which will be needed in order to start a process or to continue + * process execution after asynchronous task execution (refer to {@link #start(String)} and + * {@link #signal(String)} for further information). + * + * @param processDefinitionId + * The identifier of the respective process definition. + * @param executionContext The execution context (may be {@code null}). + * @return The id of the newly created process instance (never {@code null}). + * @throws ProcessExecutionException + * Thrown in case of error, e.g. when a {@code processDefinitionId} is referenced that does not exist. + */ + String createProcessInstance(String processDefinitionId, ExecutionContext executionContext) throws ProcessExecutionException; + + /** + * Creates a process instance according to the referenced process definition, persists it into the database and returns it identifier. + *

+ * Note that the method returns the identifier of a process instance which will be needed in order to start a process or to continue + * process execution after asynchronous task execution (refer to {@link #start(String)} and + * {@link #signal(String)} for further information). + * + * @param processDefinitionId + * The identifier of the respective process definition. + * @return The id of the newly created process instance (never {@code null}). + * @throws ProcessExecutionException + * Thrown in case of error, e.g. when a {@code processDefinitionId} is referenced that does not exist. + */ + String createProcessInstance(String processDefinitionId) throws ProcessExecutionException; + + + /** + * Delete a process instance + * + * @param processInstanceId + * The identifier of the respective process. + * @throws ProcessExecutionException + * Thrown in case of error, e.g. when a {@code processInstanceId} is referenced that does not exist. + */ + void deleteProcessInstance(String processInstanceId) throws ProcessExecutionException; + + /** + * Returns the process instance with a given {@code processInstanceId}. + * + * @param processInstanceId + * The process instance id. + * @return The process instance (never {@code null}). + * @throws IllegalArgumentException + * In case the process instance does not/no longer exist. + * @throws RuntimeException + * In case the process instance could not be retrieved from persistence. + */ + ProcessInstance getProcessInstance(String processInstanceId); + + /** + * Starts the process using the given {@code pendingReq}. + * + * @param pendingReq + * The protocol request for which a process should be started. + * @throws ProcessExecutionException + * Thrown in case of error. + */ + void start(IRequest pendingReq) throws ProcessExecutionException; + + + /** + * Resumes process execution after an asynchronous task has been executed. + * + * @param pendingReq + * The process instance id. + * @throws ProcessExecutionException + * Thrown in case of error. + */ + void signal(IRequest pendingReq) throws ProcessExecutionException; + +} \ No newline at end of file diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessInstanceStoreDAO.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessInstanceStoreDAO.java new file mode 100644 index 00000000..1242620b --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessInstanceStoreDAO.java @@ -0,0 +1,47 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.process; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessInstance; +import at.gv.egiz.eaaf.core.impl.idp.process.dao.ProcessInstanceStore; + +public interface ProcessInstanceStoreDAO { + + /** + * Stores a {@link ProcessInstance} defined by {@code pIStore} in the + * database. + * + * @param pIStore + * the {@link ProcessInstanceStore} to persist. + * @throws EAAFStorageException + * is thrown if a problem occurs while accessing the database. + */ + void saveOrUpdate(ProcessInstanceStore pIStore) throws EAAFException; + + /** + * Returns a {@link ProcessInstanceStore}, defined by + * {@code processInstanceID} from the database, or {@code null} if the + * object could not be found. + * + * @param processInstanceId + * the id of the {@code ProcessInstanceStore} to retrieve. + * @return a ProcessInstanceStore, or {@code null}. + * @throws EAAFStorageException + * is thrown if a problem occurs while accessing the database. + */ + ProcessInstanceStore load(String processInstanceId) throws EAAFException; + + /** + * Deletes the {@link ProcessInstance} corresponding with the + * {@code processInstanceId}. + * + * @param processInstanceId + * the id of the {@code ProcessInstance} to be deleted. + * @throws EAAFStorageException + * is thrown if a problem occurs while accessing the database. + */ + void remove(String processInstanceId) throws EAAFException; + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/Task.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/Task.java new file mode 100644 index 00000000..ff28b714 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/Task.java @@ -0,0 +1,28 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.process; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; + + +/** + * Represents a single task to be performed upon process execution. + * + * @author tknall + * + */ +public interface Task { + + /** + * Executes this task. + * @param pendingReq + * Provides the current processed protocol request + * @param executionContext + * Provides execution related information. + * @return The pending-request object, because Process-management works recursive + * @throws Exception An exception upon task execution. + */ + IRequest execute(IRequest pendingReq, ExecutionContext executionContext) throws TaskExecutionException; + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/ISLOInformationContainer.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/ISLOInformationContainer.java new file mode 100644 index 00000000..b5798f7b --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/ISLOInformationContainer.java @@ -0,0 +1,68 @@ +/******************************************************************************* + *******************************************************************************/ +/** + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egiz.eaaf.core.api.idp.slo; + +import java.util.Iterator; +import java.util.List; +import java.util.Map.Entry; +import java.util.Set; + +import at.gv.egiz.eaaf.core.api.IRequest; + +/** + * @author tlenz + * + */ +public interface ISLOInformationContainer { + + boolean hasFrontChannelOA(); + + Set> getFrontChannelOASessionDescriptions(); + + void removeFrontChannelOA(String oaID); + + Iterator getNextBackChannelOA(); + + SLOInformationInterface getBackChannelOASessionDescripten(String oaID); + + void removeBackChannelOA(String oaID); + + /** + * @return the sloRequest + */ + IRequest getSloRequest(); + + /** + * @param sloRequest the sloRequest to set + */ + void setSloRequest(IRequest sloRequest); + + /** + * @return the sloFailedOAs + */ + List getSloFailedOAs(); + + void putFailedOA(String oaID); + + public String getTransactionID(); + + public String getSessionID(); +} \ No newline at end of file diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/SLOInformationInterface.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/SLOInformationInterface.java new file mode 100644 index 00000000..bd630c0a --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/SLOInformationInterface.java @@ -0,0 +1,80 @@ +/******************************************************************************* + *******************************************************************************/ +/** + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egiz.eaaf.core.api.idp.slo; + +/** + * @author tlenz + * + */ +public interface SLOInformationInterface{ + + + /** + * get AssertionID which was used for Service Provider Single LogOut request + * + * @return + * SessionID (SessionIndex in case of SAML2) + */ + public String getSessionIndex(); + + /** + * get user identifier which was used + * + * @return + * bPK / wbPK (nameID in case of SAML2) + */ + public String getUserNameIdentifier(); + + + /** + * get protocol type which was used for authentication + * + * @return + * return authentication protocol type + */ + public String getProtocolType(); + + /** + * @return + */ + public String getUserNameIDFormat(); + + /** + * Get the unique entityID of this Service-Provider + * + * @return unique identifier, but never null + */ + public String getSpEntityID(); + + public String getAuthURL(); + + public String getServiceURL(); + + public String getBinding(); + + public void setUserNameIdentifier(String subjectNameId); + + public void setNameIDFormat(String format); + + public void setSessionIndex(String sessionIndex); + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/logging/IRevisionLogger.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/logging/IRevisionLogger.java new file mode 100644 index 00000000..ab269694 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/logging/IRevisionLogger.java @@ -0,0 +1,38 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.logging; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; + +public interface IRevisionLogger { + + + //TODO: + public static final int AUTHPROTOCOL_TYPE = 3000; + + void logEvent(ISPConfiguration oaConfig, int eventCode, String message); + + void logEvent(IRequest pendingRequest, int eventCode); + + void logEvent(IRequest pendingRequest, int eventCode, String message); + + /** + * @param sessionCreated + * @param uniqueSessionIdentifier + */ + void logEvent(int eventCode, String message); + + /** + * @param sessionCreated + * @param uniqueSessionIdentifier + */ + void logEvent(String sessionID, String transactionID, int eventCode, String message); + + /** + * @param sessionCreated + * @param uniqueSessionIdentifier + */ + void logEvent(String sessionID, String transactionID, int eventCode); + +} \ No newline at end of file diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/logging/IStatisticLogger.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/logging/IStatisticLogger.java new file mode 100644 index 00000000..7774fb22 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/logging/IStatisticLogger.java @@ -0,0 +1,20 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.logging; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; + + + +public interface IStatisticLogger { + + public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession); + + public void logErrorOperation(Throwable throwable); + + public void logErrorOperation(Throwable throwable, IRequest errorRequest); + + public void internalTesting() throws Exception; + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java new file mode 100644 index 00000000..41c55148 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java @@ -0,0 +1,114 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.storage; + +import java.util.Date; +import java.util.List; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; + +/** + * @author tlenz + * + */ +public interface ITransactionStorage { + + /** + * Check if transaction storage contains a data object with a specific key + * + * @param key Key, which identifies a data object + * @return true if key is found, otherwise false + */ + public boolean containsKey(String key); + + /** + * Store a data object with a key to transaction storage + * + * @param key Id which identifiers the data object + * @param value Data object which should be stored. + * This data must implement the java.io.Serializable interface + * @param timeout_ms Defines the period of time a data object is kept within the storage + * @throws EAAFStorageException In case of store operation failed + */ + public void put(String key, Object value, int timeout_ms) throws EAAFException; + + /** + * Get a data object from transaction storage + * + * @param key key Id which identifiers the data object + * @return The transaction-data object, or null + * @throws EAAFStorageException In case of load operation failed + */ + public Object get(String key) throws EAAFException; + + /** + * Get a data object from transaction storage + * + * @param key Id which identifiers the data object + * @param clazz The class type which is stored with this key + * @return The transaction-data object from type class, or null + * @throws EAAFStorageException In case of load operation failed + */ + public T get(String key, final Class clazz) throws EAAFException; + + /** + * Get a data object from transaction storage + * + * @param key Id which identifiers the data object + * @param clazz The class type which is stored with this key + * @param Data-object timeout in [ms] + * @return The transaction-data object from type class, or null + * @throws EAAFStorageException In case of load operation failed + */ + public T get(String key, final Class clazz, long dataTimeOut) throws EAAFException; + + + /** + * Change the key of a data object and store it under the new key + * + * @param oldKey Old key of the data object + * @param newKey New key, which should be used to store the data object + * @param value Data object which should be stored + * @throws EAAFStorageException In case of store operation failed + */ + public void changeKey(String oldKey, String newKey, Object value) throws EAAFException; + + /** + * Remove a data object from transaction storage + * + * @param key Id which identifiers the data object + */ + public void remove(String key); + + /** + * Get all entries for Clean-up the transaction storage + * + * @param now Current time + * @param dataTimeOut Data-object timeout in [ms] + * @return List of entry-keys which as a timeout + */ + public List clean(Date now, long dataTimeOut); + + + /** + * Get a raw object from storage by using this key + * + * @param key + * @return + * @throws EAAFException + */ + public Object getRaw(String key) throws EAAFException; + + + /** + * Set a raw object to storage + * + * @param key + * @param element + * @throws EAAFException + */ + public void putRaw(String key, Object element) throws EAAFException; + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java new file mode 100644 index 00000000..7e5373be --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java @@ -0,0 +1,13 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +public class AttributeBuilderException extends EAAFIDPException { + + private static final long serialVersionUID = 1L; + + public AttributeBuilderException(String msg) { + super(msg); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributePolicyException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributePolicyException.java new file mode 100644 index 00000000..7f484feb --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributePolicyException.java @@ -0,0 +1,20 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +public class AttributePolicyException extends AttributeBuilderException { + + private static final long serialVersionUID = 1L; + + private String attributeName; + + public AttributePolicyException(String attributeName) { + super("Attribute " + attributeName + " is restricted by IDP policy."); + this.attributeName = attributeName; + } + + public String getAttributeName() { + return attributeName; + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AuthnRequestValidatorException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AuthnRequestValidatorException.java new file mode 100644 index 00000000..c416b8e0 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AuthnRequestValidatorException.java @@ -0,0 +1,49 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +import at.gv.egiz.eaaf.core.api.IRequest; + +/** + * @author tlenz + * + */ +public class AuthnRequestValidatorException extends EAAFProtocolException { + + private IRequest errorRequest = null; + protected String statusCodeValue; + + /** + * + */ + private static final long serialVersionUID = 4939651000658508576L; + + /** + * @param messageId + * @param parameters + */ + public AuthnRequestValidatorException(String internalMsgId, Object[] params, String msg) { + super(internalMsgId, params, msg); + + } + + public AuthnRequestValidatorException(String internalMsgId, Object[] params, String msg, IRequest errorRequest) { + super(internalMsgId, params, msg); + this.errorRequest = errorRequest; + + } + + /** + * @return the errorRequest + */ + public IRequest getErrorRequest() { + return errorRequest; + } + + public String getStatusCodeValue() { + return statusCodeValue; + } + + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFAuthenticationException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFAuthenticationException.java new file mode 100644 index 00000000..87176194 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFAuthenticationException.java @@ -0,0 +1,21 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +public class EAAFAuthenticationException extends EAAFException { + + + + private static final long serialVersionUID = -4793625336456467005L; + + public EAAFAuthenticationException(String internalMsgId, Object[] params, String msg) { + super(internalMsgId, params, msg); + + } + + public EAAFAuthenticationException(String internalMsgId, Object[] params, String msg, Throwable e) { + super(internalMsgId, params, msg, e); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java new file mode 100644 index 00000000..b58d8b7f --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java @@ -0,0 +1,20 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +public class EAAFBuilderException extends EAAFException { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public EAAFBuilderException(String errorId, Object[] params, String msg) { + super(errorId, params, msg); + } + + public EAAFBuilderException(String errorId, Object[] objects, String message, Exception ex) { + super(errorId, objects, message, ex); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFConfigurationException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFConfigurationException.java new file mode 100644 index 00000000..9615d8fd --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFConfigurationException.java @@ -0,0 +1,20 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +public class EAAFConfigurationException extends EAAFException { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public EAAFConfigurationException(String msg) { + super(msg); + } + + public EAAFConfigurationException(String msg, Throwable e) { + super(msg, e); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFException.java new file mode 100644 index 00000000..c72bc130 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFException.java @@ -0,0 +1,45 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +public class EAAFException extends Exception { + + private static final long serialVersionUID = 1L; + + private String errorId = null; + private Object[] params = null; + + public EAAFException(String msg) { + super(msg); + + } + + public EAAFException(String msg, Throwable e) { + super(msg, e); + + } + + public EAAFException(String errorId, Object[] params, String msg) { + super(msg); + this.errorId = errorId; + this.params = params; + + } + + public EAAFException(String errorId, Object[] params, String msg, Throwable e) { + super(msg, e); + this.errorId = errorId; + this.params = params; + + } + + public String getErrorId() { + return this.errorId; + + } + + public Object[] getParams() { + return this.params; + + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java new file mode 100644 index 00000000..e9cdccb8 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java @@ -0,0 +1,17 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +public class EAAFIDPException extends EAAFException { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public EAAFIDPException(String msg) { + super(msg); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIllegalStateException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIllegalStateException.java new file mode 100644 index 00000000..65934015 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIllegalStateException.java @@ -0,0 +1,15 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +import at.gv.egiz.eaaf.core.api.IStatusMessager; + +public class EAAFIllegalStateException extends EAAFException { + private static final long serialVersionUID = 261484121729891927L; + + public EAAFIllegalStateException(Object[] params, String msg) { + super(IStatusMessager.CODES_INTERNAL_ILLEGAL_STATE, params, msg); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFParserException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFParserException.java new file mode 100644 index 00000000..de6e91ae --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFParserException.java @@ -0,0 +1,20 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +public class EAAFParserException extends EAAFException { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public EAAFParserException(String errorId, Object[] params, String msg) { + super(errorId, params, msg); + } + + public EAAFParserException(String errorId, Object[] objects, String message, Throwable ex) { + super(errorId, objects, message, ex); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFProtocolException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFProtocolException.java new file mode 100644 index 00000000..f3ed4bb7 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFProtocolException.java @@ -0,0 +1,26 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +public class EAAFProtocolException extends EAAFException { + + private static final long serialVersionUID = 7982298114399440473L; + + public EAAFProtocolException(String msg) { + super(msg); + + } + + public EAAFProtocolException(String msg, Throwable e) { + super(msg, e); + } + + public EAAFProtocolException(String errorId, Object[] params, String msg) { + super(errorId, params, msg); + + } + + public EAAFProtocolException(String errorId, Object[] params, String msg, Throwable e) { + super(errorId, params, msg, e); + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFSSOException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFSSOException.java new file mode 100644 index 00000000..396fee05 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFSSOException.java @@ -0,0 +1,17 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +public class EAAFSSOException extends EAAFException { + + /** + * + */ + private static final long serialVersionUID = -5942886204347860148L; + + public EAAFSSOException(String errorId, Object[] params, String msg, Throwable e) { + super(errorId, params, msg, e); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFStorageException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFStorageException.java new file mode 100644 index 00000000..7d0acef8 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFStorageException.java @@ -0,0 +1,18 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +public class EAAFStorageException extends EAAFException { + + private static final long serialVersionUID = 1L; + + public EAAFStorageException(String msg) { + super(msg); + } + + public EAAFStorageException(String msg, Throwable e) { + super(msg, e); + } + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/GUIBuildException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/GUIBuildException.java new file mode 100644 index 00000000..6043d559 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/GUIBuildException.java @@ -0,0 +1,26 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +/** + * @author tlenz + * + */ +public class GUIBuildException extends Exception { + + private static final long serialVersionUID = -278663750102498205L; + + /** + * @param string + */ + public GUIBuildException(String msg) { + super(msg); + + } + + public GUIBuildException(String msg, Throwable e) { + super(msg, e); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/InvalidDateFormatAttributeException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/InvalidDateFormatAttributeException.java new file mode 100644 index 00000000..2afc0720 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/InvalidDateFormatAttributeException.java @@ -0,0 +1,15 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +public class InvalidDateFormatAttributeException extends AttributeBuilderException { + + private static final long serialVersionUID = 1L; + + public InvalidDateFormatAttributeException() { + super("Date format is invalid."); + } + + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/InvalidProtocolRequestException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/InvalidProtocolRequestException.java new file mode 100644 index 00000000..d7b0933b --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/InvalidProtocolRequestException.java @@ -0,0 +1,23 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +/** + * @author tlenz + * + */ +public class InvalidProtocolRequestException extends EAAFProtocolException { + + /** + * + */ + private static final long serialVersionUID = -7866198705324084601L; + + public InvalidProtocolRequestException(String internalMsgId, Object[] params, String msg) { + super(internalMsgId, params, msg); + } + + public InvalidProtocolRequestException(String internalMsgId, Object[] params, String msg, Throwable e) { + super(internalMsgId, params, msg, e); + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/NoPassivAuthenticationException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/NoPassivAuthenticationException.java new file mode 100644 index 00000000..f4d40b6a --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/NoPassivAuthenticationException.java @@ -0,0 +1,18 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +import at.gv.egiz.eaaf.core.api.IStatusMessager; + +public class NoPassivAuthenticationException extends EAAFAuthenticationException { + + public NoPassivAuthenticationException() { + super(IStatusMessager.CODES_INTERNAL_ERROR_AUTH_REQUEST_INVALID, null, ""); + } + + /** + * + */ + private static final long serialVersionUID = 596920452166197688L; + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProcessExecutionException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProcessExecutionException.java new file mode 100644 index 00000000..db678e9b --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProcessExecutionException.java @@ -0,0 +1,38 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +/** + * Indicates a problem when executing a process. + * + * @author tknall + * + */ +public class ProcessExecutionException extends Exception { + + private static final long serialVersionUID = 1L; + + /** + * Creates a new process execution exception providing a {@code message} describing the reason and the respective + * {@code cause}. + * + * @param message + * The message. + * @param cause + * The cause. + */ + public ProcessExecutionException(String message, Throwable cause) { + super(message, cause); + } + + /** + * Creates a new process execution exception providing a {@code message} describing the reason. + * + * @param message + * The message. + */ + public ProcessExecutionException(String message) { + super(message); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProtocolNotActiveException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProtocolNotActiveException.java new file mode 100644 index 00000000..33597845 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProtocolNotActiveException.java @@ -0,0 +1,20 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +/** + * @author tlenz + * + */ +public class ProtocolNotActiveException extends EAAFProtocolException { + + /** + * + */ + private static final long serialVersionUID = 1832697083163940710L; + + public ProtocolNotActiveException(String internalMsgId, Object[] params, String msg) { + super(internalMsgId, params, msg); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/SLOException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/SLOException.java new file mode 100644 index 00000000..66c18db6 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/SLOException.java @@ -0,0 +1,21 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +/** + * @author tlenz + * + */ +public class SLOException extends EAAFException { + private static final long serialVersionUID = -5284624715788385022L; + + /** + * @param messageId + * @param parameters + */ + public SLOException(String messageId, Object[] parameters) { + super(messageId, parameters, "SLO processing error"); + // TODO Auto-generated constructor stub + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/TaskExecutionException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/TaskExecutionException.java new file mode 100644 index 00000000..b6c6bd16 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/TaskExecutionException.java @@ -0,0 +1,55 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.IRequest; + +/** + * @author tlenz + * + */ +public class TaskExecutionException extends ProcessExecutionException { + + private static final long serialVersionUID = 1L; + Throwable originalException = null; + String pendingRequestID = null; + + /** + * @param message + * @param cause + */ + public TaskExecutionException(IRequest pendingReq, String message, Throwable cause) { + super(message, cause); + this.originalException = cause; + + if (StringUtils.isNotEmpty(pendingReq.getPendingRequestId())) + this.pendingRequestID = pendingReq.getPendingRequestId(); + + } + + /** + * Get the original internal exception from task + * + * @return the originalException + */ + public Throwable getOriginalException() { + return originalException; + + } + + /** + * Get the pending-request ID of that request, which was processed when the exception occurs + * + * @return the pendingRequestID + */ + public String getPendingRequestID() { + return pendingRequestID; + } + + + + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java new file mode 100644 index 00000000..f4d5bdae --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java @@ -0,0 +1,22 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.exceptions; + +public class UnavailableAttributeException extends AttributeBuilderException { + + /** + * + */ + private static final long serialVersionUID = -1114323185905118432L; + + private String attributeName; + + public UnavailableAttributeException(String attributeName) { + super("Attribute " + attributeName + " is not available."); + this.attributeName = attributeName; + } + + public String getAttributeName() { + return attributeName; + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/XPathException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/XPathException.java new file mode 100644 index 00000000..5cccbda4 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/XPathException.java @@ -0,0 +1,68 @@ +/******************************************************************************* + *******************************************************************************/ + + +package at.gv.egiz.eaaf.core.exceptions; + +import java.io.PrintStream; +import java.io.PrintWriter; + +/** + * An exception occurred evaluating an XPath. + * + */ +public class XPathException extends RuntimeException { + /** + * + */ + private static final long serialVersionUID = 1736311265333034392L; +/** The wrapped exception. */ + private Throwable wrapped; + + /** + * Create a XPathException. + * + * @param message The exception message. + * @param wrapped The exception being the likely cause of this exception. + */ + public XPathException(String message, Throwable wrapped) { + super(message); + this.wrapped = wrapped; + } + + public XPathException(String string) { + super(string); +} + +/** + * Return the wrapped exception. + * + * @return The wrapped exception being the likely cause of this exception. + */ + public Throwable getWrapped() { + return wrapped; + } + + /** + * @see java.lang.Throwable#printStackTrace(java.io.PrintStream) + */ + public void printStackTrace(PrintStream s) { + super.printStackTrace(s); + if (getWrapped() != null) { + s.print("Caused by: "); + getWrapped().printStackTrace(s); + } + } + + /** + * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter) + */ + public void printStackTrace(PrintWriter s) { + super.printStackTrace(s); + if (getWrapped() != null) { + s.print("Caused by: "); + getWrapped().printStackTrace(s); + } + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/Pair.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/Pair.java new file mode 100644 index 00000000..3277107f --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/Pair.java @@ -0,0 +1,25 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.data; + +public class Pair { + private final P1 first; + private final P2 second; + + private Pair(final P1 newFirst, final P2 newSecond) { + this.first = newFirst; + this.second = newSecond; + } + + public P1 getFirst() { + return this.first; + } + + public P2 getSecond() { + return this.second; + } + + public static Pair newInstance(final P1 newFirst, final P2 newSecond) { + return new Pair(newFirst, newSecond); + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/SLOInformationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/SLOInformationImpl.java new file mode 100644 index 00000000..46dce216 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/SLOInformationImpl.java @@ -0,0 +1,167 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.data; + +import java.io.Serializable; + +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; + + +/** + * @author tlenz + * + */ +public class SLOInformationImpl implements SLOInformationInterface, Serializable { + + private static final long serialVersionUID = 295577931870512387L; + private String sessionIndex = null; + private String nameID = null; + private String protocolType = null; + private String nameIDFormat = null; + private String binding = null; + private String serviceURL = null; + private String authURL = null; + private String spEntityID = null; + + public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType) { + new SLOInformationImpl(authURL, spEntityID, sessionID, nameID, nameIDFormat, protocolType, null, null); + } + + public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType, String sloBinding, String sloLocationURL) { + this.sessionIndex = sessionID; + this.nameID = nameID; + this.nameIDFormat = nameIDFormat; + this.protocolType = protocolType; + this.spEntityID = spEntityID; + + if (authURL.endsWith("/")) + this.authURL = authURL.substring(0, authURL.length()-1); + else + this.authURL = authURL; + + + this.binding = sloBinding; + this.serviceURL = sloLocationURL; + + } + + + /** + * + */ + public SLOInformationImpl() { + + } + + + + /** + * @return the spEntityID + */ + public String getSpEntityID() { + return spEntityID; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getSessionIndex() + */ + @Override + public String getSessionIndex() { + return sessionIndex; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIdentifier() + */ + @Override + public String getUserNameIdentifier() { + return nameID; + + } + + + /** + * @param sessionIndex the sessionIndex to set + */ + public void setSessionIndex(String sessionIndex) { + this.sessionIndex = sessionIndex; + } + + + /** + * @param nameID the nameID to set + */ + public void setUserNameIdentifier(String nameID) { + this.nameID = nameID; + } + + + + /** + * @param protocolType the protocolType to set + */ + public void setProtocolType(String protocolType) { + this.protocolType = protocolType; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getProtocolType() + */ + @Override + public String getProtocolType() { + return protocolType; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIDFormat() + */ + @Override + public String getUserNameIDFormat() { + return this.nameIDFormat; + } + + + /** + * @param nameIDFormat the nameIDFormat to set + */ + public void setNameIDFormat(String nameIDFormat) { + this.nameIDFormat = nameIDFormat; + } + + /** + * @return the binding + */ + public String getBinding() { + return binding; + } + + /** + * @return the serviceURL + */ + public String getServiceURL() { + return serviceURL; + } + + /** + * @return the authURL from requested IDP without ending / + */ + public String getAuthURL() { + return authURL; + } + + /** + * @param spEntityID the spEntityID to set + */ + public void setSpEntityID(String spEntityID) { + this.spEntityID = spEntityID; + } + + + + + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/Trible.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/Trible.java new file mode 100644 index 00000000..b817de42 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/Trible.java @@ -0,0 +1,31 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.data; + +public class Trible { + private final P1 first; + private final P2 second; + private final P3 third; + + private Trible(final P1 newFirst, final P2 newSecond, final P3 newThird) { + this.first = newFirst; + this.second = newSecond; + this.third = newThird; + } + + public P1 getFirst() { + return this.first; + } + + public P2 getSecond() { + return this.second; + } + + public P3 getThird() { + return this.third; + } + + public static Trible newInstance(final P1 newFirst, final P2 newSecond, final P3 newThird) { + return new Trible(newFirst, newSecond, newThird); + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java new file mode 100644 index 00000000..0ab13a9b --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java @@ -0,0 +1,90 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.gui; + +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; + +/** + * @author tlenz + * + */ +public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilderConfiguration { + + public static final String PARAM_AUTHCONTEXT = "contextPath"; + public static final String PARAM_FORMSUBMITENDPOINT = "submitEndpoint"; + public static final String PARAM_PENDINGREQUESTID = "pendingReqID"; + + private String authURL = null; + private String viewName = null; + private String formSubmitEndpoint = null; + + /** + * @param authURL IDP PublicURL-Prefix which should be used, but never null + * @param viewName Name of the template (with suffix) but never null + * @param formSubmitEndpoint EndPoint on which the form should be submitted, + * or null if the form must not submitted + * + */ + public AbstractGUIFormBuilderConfiguration(String authURL, String viewName, String formSubmitEndpoint) { + if (viewName.startsWith("/")) + this.viewName = viewName.substring(1); + else + this.viewName = viewName; + + if (authURL.endsWith("/")) + this.authURL = authURL.substring(0, authURL.length() - 1); + else + this.authURL = authURL; + + if (StringUtils.isNotEmpty(formSubmitEndpoint)) { + if (formSubmitEndpoint.startsWith("/")) + this.formSubmitEndpoint = formSubmitEndpoint; + else + this.formSubmitEndpoint = "/" + formSubmitEndpoint; + } + } + + + /** + * Define the parameters, which should be evaluated in the template
+ * IMPORTANT: external HTML escapetion is required, because it is NOT done internally during the building process + * + * @return Map of parameters, which should be added to template + */ + abstract protected Map getSpecificViewParameters(); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewName() + */ + @Override + public final String getViewName() { + return this.viewName; + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters() + */ + @Override + public final Map getViewParameters() { + //get parameters from detail implementation + Map specParams = getSpecificViewParameters(); + if (specParams == null) + specParams = new HashMap(); + + //add generic parameters + specParams.put(PARAM_AUTHCONTEXT, this.authURL); + if (this.formSubmitEndpoint != null) + specParams.put(PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint); + + return specParams; + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderImpl.java new file mode 100644 index 00000000..a71fc21e --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderImpl.java @@ -0,0 +1,192 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.gui; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.StringWriter; +import java.util.Iterator; +import java.util.Map; +import java.util.Map.Entry; + +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; + +/** + * @author tlenz + * + */ +public abstract class AbstractGUIFormBuilderImpl implements IGUIFormBuilder { + private static final Logger log = LoggerFactory.getLogger(AbstractGUIFormBuilderImpl.class); + private static final String DEFAULT_CONTENT_TYPE = EAAFConstants.CONTENTTYPE_HTML_UTF8; + + private VelocityEngine engine; + + public AbstractGUIFormBuilderImpl() throws GUIBuildException { + try { + engine = VelocityProvider.getClassPathVelocityEngine(); + + } catch (Exception e) { + log.error("Initialization of Velocity-Engine to render GUI components FAILED.", e); + throw new GUIBuildException("Initialization of Velocity-Engine to render GUI components FAILED.", e); + + } + + } + + public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException { + build(httpResp, config, getInternalContentType(config), loggerName); + + } + + @Override + public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, + String contentType, String loggerName) throws GUIBuildException { + + InputStream is = null; + try { + String viewName = config.getViewName(); + is = getTemplateInputStream(config); + + //build Velocity Context from input paramters + VelocityContext context = buildContextFromViewParams(config.getViewParameters()); + + //evaluate template + StringWriter writer = new StringWriter(); + engine.evaluate(context, writer, loggerName, new BufferedReader(new InputStreamReader(is))); + + //write template to response + final byte[] content = writer.toString().getBytes("UTF-8"); + httpResp.setStatus(HttpServletResponse.SC_OK); + httpResp.setContentLength(content.length); + httpResp.setContentType(contentType); + httpResp.getOutputStream().write(content); + + if (log.isTraceEnabled()) { + log.trace("Write Content for viewName:" + viewName + + ". Contentsize:" + String.valueOf(content.length) + + " BufferSize:" + httpResp.getBufferSize() + + " ContentType:" + contentType); + for (String el : httpResp.getHeaderNames()) + log.trace(" * Headername:" + el + " Value:" + httpResp.getHeader(el)); + + } + + } catch (IOException e) { + log.error("GUI form-builder has an internal error.", e); + throw new GUIBuildException("GUI form-builder has an internal error.", e); + + } finally { + if (is != null) + try { + is.close(); + + } catch (IOException e) { + log.error("Can NOT close GUI-Template InputStream.", e); + + } + } + + } + + /** + * Generate a new {@link VelocityContext} and populate it with MOA-ID GUI parameters + * + * @param config + * @return + */ + public VelocityContext generateVelocityContextFromConfiguration(IGUIBuilderConfiguration config) { + return buildContextFromViewParams(config.getViewParameters()); + + } + + /** + * Load the template from different resources + * + * @param config + * @return An {@link InputStream} but never null. The {@link InputStream} had to be closed be the invoking method + * @throws GUIBuildException + */ + public InputStream getTemplateInputStream(IGUIBuilderConfiguration config) throws GUIBuildException { + InputStream is = config.getTemplate(config.getViewName()); + if (is == null) { + log.trace("Loading GUI template:" + config.getViewName() + " from default resources ... "); + is = getInternalTemplate(config); + + if (is == null) { + log.warn("No GUI with viewName:" + config.getViewName() + " FOUND."); + throw new GUIBuildException("No GUI with viewName:" + config.getViewName() + " FOUND."); + + } + } + return is; + + } + + /** + * Load an internal template from default resources + * + * @param config + * @return + * @throws GUIBuildException + */ + abstract protected InputStream getInternalTemplate(IGUIBuilderConfiguration config) throws GUIBuildException; + + + /** + * @return + */ + protected String getInternalClasspathTemplateDir(IGUIBuilderConfiguration config, String defaultClassPathDir) { + String dir = config.getClasspathTemplateDir(); + if (dir != null) { + if (!dir.endsWith("/")) + dir += "/"; + + return dir; + + } else + return defaultClassPathDir; + } + + /** + * @param viewParams + * @return + */ + private VelocityContext buildContextFromViewParams(Map viewParams) { + VelocityContext context = new VelocityContext(); + + if (viewParams != null) { + Iterator> interator = viewParams.entrySet().iterator(); + while (interator.hasNext()) { + Entry el = interator.next(); + context.put(el.getKey(), el.getValue()); + } + + } + + return context; + } + + private String getInternalContentType(IGUIBuilderConfiguration config) { + if (StringUtils.isEmpty(config.getDefaultContentType())) + return DEFAULT_CONTENT_TYPE; + + else + return config.getDefaultContentType(); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityLogAdapter.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityLogAdapter.java new file mode 100644 index 00000000..51a59a8e --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityLogAdapter.java @@ -0,0 +1,81 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.gui.velocity; + +import org.apache.velocity.app.Velocity; +import org.apache.velocity.runtime.RuntimeServices; +import org.apache.velocity.runtime.log.LogChute; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class VelocityLogAdapter implements LogChute { + + private static final Logger log = LoggerFactory.getLogger(VelocityLogAdapter.class); + + public VelocityLogAdapter() { + try + { + /* + * register this class as a logger with the Velocity singleton + * (NOTE: this would not work for the non-singleton method.) + */ + Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this ); + Velocity.init(); + } + catch (Exception e) + { + log.error("Failed to register Velocity logger"); + } + } + + public void init(RuntimeServices arg0) throws Exception { + } + + public boolean isLevelEnabled(int arg0) { + switch(arg0) { + case LogChute.DEBUG_ID: + return log.isDebugEnabled(); + case LogChute.TRACE_ID: + return log.isTraceEnabled(); + default: + return true; + } + } + + public void log(int arg0, String arg1) { + switch(arg0) { + case LogChute.DEBUG_ID: + log.debug(arg1); + break; + case LogChute.TRACE_ID: + log.trace(arg1); + break; + case LogChute.INFO_ID: + log.info(arg1); + break; + case LogChute.WARN_ID: + log.warn(arg1); + break; + case LogChute.ERROR_ID: + default: + log.error(arg1); + break; + } + } + + public void log(int arg0, String arg1, Throwable arg2) { + switch(arg0) { + case LogChute.DEBUG_ID: + case LogChute.TRACE_ID: + case LogChute.INFO_ID: + case LogChute.WARN_ID: + log.warn(arg1, arg2); + break; + case LogChute.ERROR_ID: + default: + log.error(arg1, arg2); + break; + } + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityProvider.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityProvider.java new file mode 100644 index 00000000..5775e203 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityProvider.java @@ -0,0 +1,121 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/** + * + */ +package at.gv.egiz.eaaf.core.impl.gui.velocity; + +import org.apache.velocity.app.Velocity; +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; + +/** + * Gets a Velocity Engine + * + * @author bzwattendorfer + * + */ +public class VelocityProvider { + + private static VelocityEngine velocityEngine = null; + + /** + * Gets velocityEngine from Classpath + * @return VelocityEngine + * @throws Exception + */ + public static VelocityEngine getClassPathVelocityEngine() throws Exception { + if (velocityEngine == null) { + velocityEngine = getBaseVelocityEngine(); + velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + velocityEngine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + velocityEngine.init(); + + } + + return velocityEngine; + } + + /** + * Gets VelocityEngine from File + * @param rootPath File Path to template file + * @return VelocityEngine + * @throws Exception + */ + public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception { + if (velocityEngine == null) { + velocityEngine = getBaseVelocityEngine(); + velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file"); + velocityEngine.setProperty("file.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.FileResourceLoader"); + velocityEngine.setProperty("file.resource.loader.path", rootPath); + + velocityEngine.init(); + + } + + return velocityEngine; + } + + /** + * Gets a basic VelocityEngine + * @return VelocityEngine + */ + private static VelocityEngine getBaseVelocityEngine() { + VelocityEngine velocityEngine = new VelocityEngine(); + velocityEngine.setProperty(RuntimeConstants.INPUT_ENCODING, "UTF-8"); + velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); +// velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, +// "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); + velocityEngine.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, new VelocityLogAdapter() ); + + return velocityEngine; + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java new file mode 100644 index 00000000..f35a54fa --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java @@ -0,0 +1,416 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp; + +import java.io.Serializable; +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Date; +import java.util.Map; +import java.util.TimeZone; + +import org.apache.commons.collections4.map.HashedMap; +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; + +/** + * @author tlenz + * + */ +public class AuthenticationData implements IAuthData, Serializable { + + private static final Logger log = LoggerFactory.getLogger(AuthenticationData.class); + + private static final long serialVersionUID = -1042697056735596866L; + public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; + + private boolean isBaseIDTransferRestrication = true; + private Map genericDataStorate = new HashedMap(); + + private String issuer; + private Date issueInstant; + + private String identificationValue; + private String identificationType; + private IIdentityLink identityLink = null; + + private String familyName; + private String givenName; + private Date dateOfBirth; + private String bPK; + private String bPKType; + + private String ccc = null; + + + private boolean foreigner =false; + private String eIDASLoA = null; + + private boolean ssoSession = false; + private Date ssoSessionValidTo = null; + + private String sessionIndex = null; + private String nameID = null; + private String nameIDFormat = null; + + public AuthenticationData() { + this.issueInstant = new Date(); + + } + + @Override + public String getAuthenticationIssuer() { + return this.issuer; + } + + /** + * Set an unique identifier for the IDP that authenticates the user + * + * @param authIssuer + */ + public void setAuthenticationIssuer(String authIssuer) { + this.issuer = authIssuer; + + } + + + @Override + public Date getAuthenticationIssueInstant() { + return this.issueInstant; + } + + + public String getAuthenticationIssueInstantString() { + SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); + f.setTimeZone(TimeZone.getTimeZone("UTC")); + return f.format(this.issueInstant); + + } + + /** + * Set the timestamp for this user authentication process + * + * @param date + */ + public void setAuthenticationIssueInstant(Date date) { + this.issueInstant = date; + } + + @Override + public String getCiticenCountryCode() { + return this.ccc; + } + + + public String getBPK() { + return bPK; + } + + /** + * Sets the bPK. + * @param bPK The bPK to set + */ + public void setBPK(String bPK) { + this.bPK = bPK; + } + + + public Date getDateOfBirth() { + return this.dateOfBirth; + } + + public String getFormatedDateOfBirth() { + DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + if (getDateOfBirth() != null) + return pvpDateFormat.format(getDateOfBirth()); + else + return "2999-12-31"; + + } + + + public String getFamilyName() { + return this.familyName; + } + + + public String getGivenName() { + return this.givenName; + } + + + public String getIdentificationValue() { + return identificationValue; + } + + + public String getIdentificationType() { + return identificationType; + } + + @Override + public IIdentityLink getIdentityLink() { + return identityLink; + } + + /** + * @param identityLink the identityLink to set + */ + public void setIdentityLink(IIdentityLink identityLink) { + this.identityLink = identityLink; + } + + /** + * Sets the dateOfBirth. + * @param dateOfBirth The dateOfBirth to set + */ + public void setDateOfBirth(Date dateOfBirth) { + this.dateOfBirth = dateOfBirth; + } + + public void setDateOfBirth(String dateOfBirth) { + try { + if (StringUtils.isNotEmpty(dateOfBirth)) { + DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); + + } + + } catch (ParseException e) { + log.warn("Parse dateOfBirht from IdentityLink FAILED", e); + + } + } + + /** + * Sets the familyName. + * @param familyName The familyName to set + */ + public void setFamilyName(String familyName) { + this.familyName = familyName; + } + + /** + * Sets the givenName. + * @param givenName The givenName to set + */ + public void setGivenName(String givenName) { + this.givenName = givenName; + } + + /** + * Sets the identificationValue. + * @param identificationValue The identificationValue to set + */ + public void setIdentificationValue(String identificationValue) { + this.identificationValue = identificationValue; + } + + /** + * Sets the identificationType. + * @param identificationType The identificationType to set + */ + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } + + + public String getBPKType() { + return bPKType; + } + + /** + * Set sector identifier of user's bPK + * + * @param bPKType + */ + public void setBPKType(String bPKType) { + this.bPKType = bPKType; + } + + public String getEIDASQAALevel() { + return this.eIDASLoA; + + } + + + public boolean isForeigner() { + return this.foreigner; + } + + + /** + * Indicate the the user is a foreigner + * + * @param true if the user is a foreigner, otherwise false + */ + public void setForeigner(boolean foreigner) { + this.foreigner = foreigner; + } + + @Override + public boolean isSsoSession() { + return ssoSession; + } + + + /** + * Indicate that the authentication was done by using an active SSO session + * + * @param true if a SSO was used, otherwise false + */ + public void setSsoSession(boolean ssoSession) { + this.ssoSession = ssoSession; + } + + + /** + * Country Code for the authenticated user + * + * @param ccc Two letter country code + */ + public void setCiticenCountryCode(String ccc) { + this.ccc = ccc; + } + + public String getSessionIndex() { + return sessionIndex; + } + + /** + * @param sessionIndex the sessionIndex to set + */ + public void setSessionIndex(String sessionIndex) { + this.sessionIndex = sessionIndex; + } + + + @Override + public String getNameID() { + return this.nameID; + } + + /** + * @param nameID the nameID to set + */ + public void setNameID(String nameID) { + this.nameID = nameID; + } + + /** + * @return the nameIDFormat + */ + public String getNameIDFormat() { + return nameIDFormat; + } + + /** + * @param nameIDFormat the nameIDFormat to set + */ + public void setNameIDFormat(String nameIDFormat) { + this.nameIDFormat = nameIDFormat; + } + + /** + * @return the ssoSessionValidTo + */ + public Date getSsoSessionValidTo() { + return ssoSessionValidTo; + } + + /** + * @param ssoSessionValidTo the ssoSessionValidTo to set + */ + public void setSsoSessionValidTo(Date ssoSessionValidTo) { + this.ssoSessionValidTo = ssoSessionValidTo; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() + */ + @Override + public boolean isBaseIDTransferRestrication() { + return isBaseIDTransferRestrication; + } + + /** + * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set + */ + public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { + this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; + } + + /** + * Returns a generic data-object with is stored with a specific identifier + * + * @param key The specific identifier of the data object + * @param clazz The class type which is stored with this key + * @return The data object or null if no data is found with this key + */ + public T getGenericData(String key, final Class clazz) { + if (StringUtils.isNotEmpty(key)) { + Object data = genericDataStorate.get(key); + + if (data == null) + return null; + + try { + @SuppressWarnings("unchecked") + T test = (T) data; + return test; + + } catch (Exception e) { + log.warn("Generic authentication-data object can not be casted to requsted type", e); + return null; + + } + + } + + log.info("Can not load generic session-data with key='null'"); + return null; + + } + + /** + * Store a generic data-object to session with a specific identifier + * + * @param key Identifier for this data-object + * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface + * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage + */ + public void setGenericData(String key, Object object) throws EAAFStorageException { + if (StringUtils.isEmpty(key)) { + log.info("Generic session-data can not be stored with a 'null' key"); + throw new EAAFStorageException("Generic data can not be stored with a 'null' key", null); + + } + + if (object != null) { + if (!Serializable.class.isInstance(object)) { + log.warn("Generic data can only store objects which implements the 'Seralizable' interface"); + throw new EAAFStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null); + + } + } + + if (genericDataStorate.containsKey(key)) + log.debug("Overwrite generic data with key:" + key); + else + log.trace("Add generic data with key:" + key + " to session."); + + genericDataStorate.put(key, object); + } + + public void seteIDASLoA(String eIDASLoA) { + this.eIDASLoA = eIDASLoA; + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EAAFCoreSpringResourceProvider.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EAAFCoreSpringResourceProvider.java new file mode 100644 index 00000000..a289f49d --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EAAFCoreSpringResourceProvider.java @@ -0,0 +1,30 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +public class EAAFCoreSpringResourceProvider implements SpringResourceProvider { + + @Override + public String getName() { + return "EAAF Core SpringResourceProvider"; + } + + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource sl20AuthConfig = new ClassPathResource("/eaaf_core.beans.xml", EAAFCoreSpringResourceProvider.class); + + return new Resource[] {sl20AuthConfig}; + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java new file mode 100644 index 00000000..e52a7884 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java @@ -0,0 +1,341 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.auth; + +import java.io.IOException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.List; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.apache.commons.text.StringEscapeUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException; +import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; + +public abstract class AbstractAuthenticationManager implements IAuthenticationManager { + private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationManager.class); + + private static List reqParameterWhiteListeForModules = new ArrayList(); + private static List reqHeaderWhiteListeForModules = new ArrayList(); + + public static final String MOA_SESSION = "MoaAuthenticationSession"; + public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; + + public static final int SLOTIMEOUT = 30 * 1000; //30 sec + + @Autowired(required=true) protected IConfiguration authConfig; + @Autowired(required=true) private ProcessEngine processEngine; + @Autowired(required=true) private IRequestStorage requestStoreage; + @Autowired(required=true) protected IRevisionLogger revisionsLogger; + @Autowired(required=false) protected ISSOManager ssoManager; + + /* (non-Javadoc) + * @see at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager#addParameterNameToWhiteList(java.lang.String) + */ + @Override + public final void addParameterNameToWhiteList(String httpReqParam) { + if (StringUtils.isNotEmpty(httpReqParam)) + reqParameterWhiteListeForModules.add(httpReqParam); + + } + + /* (non-Javadoc) + * @see at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager#addHeaderNameToWhiteList(java.lang.String) + */ + @Override + public final void addHeaderNameToWhiteList(String httpReqParam) { + if (StringUtils.isNotEmpty(httpReqParam)) + reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase()); + + } + + /* (non-Javadoc) + * @see at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager#addHeaderNameToWhiteList(java.lang.String) + */ + @Override + public final boolean doAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp, + IRequest pendingReq) throws EAAFException { + + if (!(pendingReq instanceof RequestImpl)) { + log.error("Requests that need authentication MUST be of type 'RequestImpl'"); + throw new RuntimeException("Requests that need authentication HAS TO BE of type 'RequestImpl'"); + + } + + //load OA configuration from pending request + ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); + + //set logging context and log unique OA identifier to revision log + TransactionIDUtils.setServiceProviderId(oaParam.getUniqueIdentifier()); + revisionsLogger.logEvent(pendingReq, EVENT_AUTHENTICATION_PROCESS_FOR_SP, pendingReq.getSPEntityId()); + + //generic authentication request validation + if (pendingReq.isPassiv() && pendingReq.forceAuth()) { + // conflict! + throw new NoPassivAuthenticationException(); + } + + + //check Single Sign-On functionality if SSOManager is available + boolean isValidSSOSession = false; + if (ssoManager != null) { + log.trace("SSOManager is loaded. Starting SSO session validation ... "); + //check if SSO is allowed for this service provider + ssoManager.isSSOAllowedForSP(pendingReq, httpReq); + + //check if SSO session is active and valid + isValidSSOSession = ssoManager.checkAndValidateSSOSession(pendingReq, httpReq, httpResp); + + } + + //check if session is already authenticated + //boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, isValidSSOSession); + //boolean isSessionAuthenticated = isValidSSOSession && StringUtils.isNotEmpty(pendingReq.getSSOSessionIdentifier()); + + + //force new authentication authentication process + if (pendingReq.forceAuth()) { + startAuthenticationProcess(httpReq, httpResp, (RequestImpl) pendingReq); + return false; + + //perform SSO-Consents evaluation if it it required + } else if (isValidSSOSession && pendingReq.isNeedUserConsent()) { + sendSingleSignOnConsentsEvaluation(httpReq, httpResp, (RequestImpl) pendingReq); + return false; + + + } else if (pendingReq.isPassiv()) { + if (isValidSSOSession && + StringUtils.isNotEmpty(pendingReq.getSSOSessionIdentifier()) ) { + // Passive authentication ok! --> Populate pending request from SSO session + ssoManager.populatePendingRequestWithSSOInformation(pendingReq); + revisionsLogger.logEvent(pendingReq, EVENT_AUTHENTICATION_PROCESS_FINISHED); + return true; + + } else { + throw new NoPassivAuthenticationException(); + + } + + } else { + if (isValidSSOSession && + StringUtils.isNotEmpty(pendingReq.getSSOSessionIdentifier())) { + // Is authenticated .. proceed + ssoManager.populatePendingRequestWithSSOInformation(pendingReq); + revisionsLogger.logEvent(pendingReq, EVENT_AUTHENTICATION_PROCESS_FINISHED); + return true; + + } else { + // Start authentication! + startAuthenticationProcess(httpReq, httpResp, (RequestImpl) pendingReq); + return false; + + } + } + } + + public final void performOnlyIDPLogOut(HttpServletRequest request, HttpServletResponse response, IRequest pendingReq) { + + log.debug("Close session. Remove pending request ... "); + requestStoreage.removePendingRequest(pendingReq.getPendingRequestId()); + + + if (ssoManager != null) { + try { + log.trace("'SSOManager' active. Search for active SSO sessions ... "); + if (ssoManager.destroySSOSessionOnIDPOnly(request, response, pendingReq)) + log.info("SSO session successfully closed"); + else + log.info("Closing SSO session NOT successfully"); + + } catch (EAAFSSOException e) { + log.warn("Destroying of SSO session FAILED. Reason: " + e.getMessage(), e); + + } + + } + + } + + /** + * Populate process execution context and start process engine + * + * @param httpReq + * @param httpResp + * @param pendingReq + * @throws ServletException + * @throws IOException + * @throws EAAFException + */ + private void startAuthenticationProcess(HttpServletRequest httpReq, + HttpServletResponse httpResp, RequestImpl pendingReq) + throws EAAFException { + + log.info("Starting authentication ..."); + revisionsLogger.logEvent(pendingReq, EVENT_AUTHENTICATION_PROCESS_STARTED); + + //create authentication process execution context + ExecutionContext executionContext = new ExecutionContextImpl(); + + //set oaIdentifeir + executionContext.put(EAAFConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID, + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); + + //add X509 SSL client certificate if exist + if (httpReq.getAttribute("javax.servlet.request.X509Certificate") != null) { + log.debug("Find SSL-client-certificate on request --> Add it to context"); + executionContext.put(EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE, + ((X509Certificate[])httpReq.getAttribute("javax.servlet.request.X509Certificate"))); + pendingReq.setGenericDataToSession(EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE, + ((X509Certificate[])httpReq.getAttribute("javax.servlet.request.X509Certificate"))); + + } + + //add additional http request parameter to context + if (!reqParameterWhiteListeForModules.isEmpty()) { + Enumeration reqParamNames = httpReq.getParameterNames(); + while(reqParamNames.hasMoreElements()) { + String paramName = reqParamNames.nextElement(); + if (StringUtils.isNotEmpty(paramName) && reqParameterWhiteListeForModules.contains(paramName) ) + executionContext.put(paramName, StringEscapeUtils.escapeHtml4(httpReq.getParameter(paramName))); + } + } + + //add additional http request parameter to context + if (!reqHeaderWhiteListeForModules.isEmpty()) { + Enumeration reqHeaderNames = httpReq.getHeaderNames(); + while(reqHeaderNames.hasMoreElements()) { + String paramName = reqHeaderNames.nextElement(); + if (StringUtils.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) + executionContext.put(paramName, StringEscapeUtils.escapeHtml4(httpReq.getHeader(paramName))); + + } + } + + //populate more IDP specific information to execution context + populateExecutionContext(executionContext, pendingReq, httpReq); + + //start process engine + startProcessEngine(pendingReq, executionContext); + + } + + /** + * + * + * @throws EAAFException + */ + abstract protected void populateExecutionContext(ExecutionContext executionContext, + RequestImpl pendingReq, HttpServletRequest httpReq) throws EAAFException; + + /** + * Starting a user consent evaluation + * + * @param request + * @param response + * @param pendingReq + * @throws ServletException + * @throws IOException + * @throws EAAFException + */ + private void sendSingleSignOnConsentsEvaluation(HttpServletRequest request, + HttpServletResponse response, RequestImpl pendingReq) + throws EAAFException { + + log.debug("Starting SSO user-consents evaluation ..."); + + //set authenticated flag to false, because user consents is required + pendingReq.setAuthenticated(false); + + //create execution context + ExecutionContext executionContext = new ExecutionContextImpl(); + executionContext.put(ISSOManager.PROCESS_ENGINE_SSO_CONSENTS_EVALUATION, true); + + //start process engine + startProcessEngine(pendingReq, executionContext); + + } + + + /** + * Select a specific process and starting process engine + * + * @param pendingReq + * @param executionContext + * @throws EAAFException + */ + private void startProcessEngine(RequestImpl pendingReq, ExecutionContext executionContext) throws EAAFException { + try { + //put pending-request ID on execurtionContext + executionContext.put(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID, pendingReq.getPendingRequestId()); + + // create process instance + String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext); + + if (processDefinitionId == null) { + log.warn("No suitable process found for PendingReqId " + pendingReq.getPendingRequestId() ); + throw new EAAFException( + "process.02", + new Object[] {pendingReq.getPendingRequestId()} + ,"No suitable process found for PendingReqId " + pendingReq.getPendingRequestId()); + + } + + String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext); + + // keep process instance id in protocol pending-request + pendingReq.setProcessInstanceId(processInstanceId); + + //store pending-request + requestStoreage.storePendingRequest(pendingReq); + + // start process + processEngine.start(pendingReq); + + } catch (ProcessExecutionException e) { + Throwable cause = e.getCause(); + if (cause != null && cause instanceof TaskExecutionException) { + Throwable taskCause = cause.getCause(); + if (taskCause != null && taskCause instanceof EAAFException) { + EAAFException moaTaskCause = (EAAFException) taskCause; + log.warn(taskCause.getMessage(), taskCause); + throw moaTaskCause; + + } + } + + throw new EAAFException( + "process.01", + new Object[] { pendingReq.getProcessInstanceId(), pendingReq.getPendingRequestId() }, + "Authentication process execution FAILED", + e); + } + + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java new file mode 100644 index 00000000..7e0d4cc7 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java @@ -0,0 +1,119 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.auth; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.idp.process.ProcessInstanceStoreDAO; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; + +@Service("RequestStorage") +public class RequestStorage implements IRequestStorage{ + private static final Logger log = LoggerFactory.getLogger(RequestStorage.class); + + @Autowired ITransactionStorage transactionStorage; + @Autowired ProcessInstanceStoreDAO processInstanceStore; + + @Override + public IRequest getPendingRequest(String pendingReqID) { + + try { + IRequest pendingRequest = transactionStorage.get(pendingReqID, IRequest.class); + if (pendingRequest == null) { + log.info("No PendingRequst found with pendingRequestID " + pendingReqID); + return null; + + } + + //set transactionID and sessionID to Logger + TransactionIDUtils.setAllLoggingVariables(pendingRequest); + + return pendingRequest; + + } catch (EAAFException | NullPointerException e) { + log.info("No PendingRequst found with pendingRequestID " + pendingReqID); + return null; + + } + } + + @Override + public void storePendingRequest(IRequest pendingRequest) throws EAAFException { + try { + if (pendingRequest instanceof IRequest) + transactionStorage.put(((IRequest)pendingRequest).getPendingRequestId(), pendingRequest, -1); + + else + throw new EAAFException("PendigRequest is NOT of type 'IRequest'", null); + + + } catch (EAAFException e) { + log.warn("PendingRequest with ID=" + ((IRequest)pendingRequest).getPendingRequestId() + + " can not stored.", e); + throw new EAAFStorageException("PendingRequest with Id: " + ((IRequest)pendingRequest).getPendingRequestId() + + " can not be stored", e); + + } + + } + + @Override + public void removePendingRequest(String requestID) { + + if (requestID != null) { + + //remove process-management execution instance + try { + IRequest pendingReq = getPendingRequest(requestID); + + if (pendingReq != null && + pendingReq.getProcessInstanceId() != null) + processInstanceStore.remove(pendingReq.getProcessInstanceId()); + + } catch (EAAFException e) { + log.warn("Removing process associated with pending-request:" + requestID + " FAILED.", e); + + } + + transactionStorage.remove(requestID); + + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.storage.IRequestStorage#changePendingRequestID(at.gv.egovernment.moa.id.moduls.IRequest) + */ + @Override + public String changePendingRequestID(IRequest pendingRequest) throws EAAFException { + + if (pendingRequest instanceof RequestImpl) { + String newRequestID = Random.nextHexRandom32(); + String oldRequestID = pendingRequest.getPendingRequestId(); + + log.debug("Change pendingRequestID from " + pendingRequest.getPendingRequestId() + + " to " + newRequestID); + + ((RequestImpl)pendingRequest).setPendingRequestId(newRequestID); + transactionStorage.changeKey(oldRequestID, newRequestID, pendingRequest); + + //only delete oldRequestID, no change. + + return newRequestID; + + } else { + log.error("PendingRequest object is not of type 'RequestImpl.class'"); + throw new EAAFException("PendingRequest object is not of type 'RequestImpl.class'", null); + } + + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java new file mode 100644 index 00000000..561f6f32 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java @@ -0,0 +1,467 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.auth.builder; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.Collection; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.util.Base64Utils; +import org.w3c.dom.DOMException; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; +import at.gv.egiz.eaaf.core.exceptions.XPathException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; + + +public abstract class AbstractAuthenticationDataBuilder implements IAuthenticationDataBuilder { + private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationDataBuilder.class); + protected Collection includedToGenericAuthData = null; + @Autowired protected IConfiguration basicConfig; + + protected void generateBasicAuthData(AuthenticationData authData, IRequest pendingReq, + IAuthProcessDataContainer authProcessData) throws EAAFBuilderException, EAAFConfigurationException, XPathException, DOMException, EAAFParserException { + + if (authProcessData.getGenericSessionDataStorage() != null && + !authProcessData.getGenericSessionDataStorage().isEmpty()) + includedToGenericAuthData = authProcessData.getGenericSessionDataStorage().keySet(); + else + includedToGenericAuthData = new ArrayList(); + + //#################################################### + //set general authData info's + authData.setAuthenticationIssuer(pendingReq.getAuthURL()); + authData.setSsoSession(pendingReq.needSingleSignOnFunctionality()); + authData.setBaseIDTransferRestrication(pendingReq.getServiceProviderConfiguration().hasBaseIdTransferRestriction()); + + + //#################################################### + //parse user info's from identityLink + IIdentityLink idlFromPVPAttr = null; + IIdentityLink identityLink = authProcessData.getIdentityLink(); + if (identityLink != null) { + parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData); + + } else { + // identityLink is not direct in MOASession + String pvpAttrIDL = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class); + //find PVP-Attr. which contains the IdentityLink + if (StringUtils.isNotEmpty(pvpAttrIDL)) { + log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME + + " --> Parse basic user info's from that attribute."); + InputStream idlStream = null; + try { + idlStream = new ByteArrayInputStream(Base64Utils.decodeFromString(pvpAttrIDL)); + idlFromPVPAttr = new SimpleIdentityLinkAssertionParser(idlStream).parseIdentityLink(); + parseBasicUserInfosFromIDL(authData, idlFromPVPAttr, includedToGenericAuthData); + + //set identitylink into AuthProcessData + authProcessData.setIdentityLink(idlFromPVPAttr);; + + } catch (EAAFParserException e) { + log.warn("Received IdentityLink is not valid", e); + + } catch (Exception e) { + log.warn("Received IdentityLink is not valid", e); + + } finally { + try { + includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_IDENTITY_LINK_NAME); + if (idlStream != null) + idlStream.close(); + + } catch (IOException e) { + log.warn("Close InputStream FAILED.", e); + + } + } + } + + //if no basic user info's are set yet, parse info's single PVP-Attributes + if (StringUtils.isEmpty(authData.getFamilyName())) { + log.debug("No IdentityLink found or not parseable --> Parse basic user info's from single PVP-Attributes."); + authData.setFamilyName(authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class)); + authData.setGivenName(authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.GIVEN_NAME_NAME, String.class)); + authData.setDateOfBirth(authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.BIRTHDATE_NAME, String.class)); + authData.setIdentificationValue(authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_SOURCE_PIN_NAME, String.class)); + authData.setIdentificationType(authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME, String.class)); + + //remove corresponding keys from genericSessionData if exists + includedToGenericAuthData.remove(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME); + includedToGenericAuthData.remove(PVPAttributeDefinitions.GIVEN_NAME_NAME); + includedToGenericAuthData.remove(PVPAttributeDefinitions.BIRTHDATE_NAME); + includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_SOURCE_PIN_NAME); + includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME); + } + + } + + if (authData.getIdentificationType() != null && + !authData.getIdentificationType().equals(EAAFConstants.URN_PREFIX_BASEID)) { + log.trace("IdentificationType is not a baseID --> clear it. "); + authData.setBPK(authData.getIdentificationValue()); + authData.setBPKType(authData.getIdentificationType()); + + authData.setIdentificationValue(null); + authData.setIdentificationType(null); + } + + //#################################################### + //set QAA level + includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME); + String currentLoA = null; + if (StringUtils.isNotEmpty(authProcessData.getQAALevel())) + currentLoA = authProcessData.getQAALevel(); + else { + currentLoA = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, String.class); + if (StringUtils.isNotEmpty(currentLoA)) { + log.debug("Find PVP-Attr '" + PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA + + " --> Parse QAA-Level from that attribute."); + + } + } + if (StringUtils.isNotEmpty(currentLoA)) { + if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) { + authData.seteIDASLoA(currentLoA); + + } else + log.info("Only eIDAS LoAs are supported by this implementation"); + + } else { + log.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_QAA_LOW); + authData.seteIDASLoA(EAAFConstants.EIDAS_QAA_LOW); + + } + + //#################################################### + //set isForeigner flag + //TODO: change to new eIDAS-token attribute identifier + if (authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_STORK_TOKEN_NAME) != null) { + log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_STORK_TOKEN_FRIENDLY_NAME + + " --> Set 'isForeigner' flag to TRUE"); + authData.setForeigner(true); + + } else { + authData.setForeigner(authProcessData.isForeigner()); + + } + + //#################################################### + //set citizen country-code + includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME); + String pvpCCCAttr = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); + if (StringUtils.isNotEmpty(pvpCCCAttr)) { + authData.setCiticenCountryCode(pvpCCCAttr); + log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME); + + } else { + if (authData.isForeigner()) { + //TODO!!!! + + } else { + authData.setCiticenCountryCode(basicConfig.getBasicConfiguration( + IConfiguration.CONFIG_PROPS_AUTH_DEFAULT_COUNTRYCODE, + EAAFConstants.COUNTRYCODE_AUSTRIA)); + + } + } + + + //#################################################### + // set bPK and IdentityLink + String pvpbPKValue = getbPKValueFromPVPAttribute(authProcessData); + String pvpbPKTypeAttr = getbPKTypeFromPVPAttribute(authProcessData); + Pair pvpEncbPKAttr = getEncryptedbPKFromPVPAttribute(authProcessData, authData, pendingReq.getServiceProviderConfiguration()); + + //check if a unique ID for this citizen exists + if (StringUtils.isEmpty(authData.getIdentificationValue()) && + StringUtils.isEmpty(pvpbPKValue) && StringUtils.isEmpty(authData.getBPK()) && + pvpEncbPKAttr == null) { + log.info("Can not build authData, because moaSession include no bPK, encrypted bPK or baseID"); + throw new EAAFBuilderException("builder.08", new Object[]{"No " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME + + " or " + PVPAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME + + " or " + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME}, + "No " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME + + " or " + PVPAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME + + " or " + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME); + + } + + // baseID is in MOASesson --> calculate bPK directly + if (StringUtils.isNotEmpty(authData.getIdentificationValue())) { + log.debug("Citizen baseID is in MOASession --> calculate bPK from this."); + Pair result = buildOAspecificbPK(pendingReq, authData); + authData.setBPK(result.getFirst()); + authData.setBPKType(result.getSecond()); + + //check if bPK already added to AuthData matches OA + } else if (StringUtils.isNotEmpty(authData.getBPK()) + && matchsReceivedbPKToOnlineApplication(pendingReq.getServiceProviderConfiguration(), authData.getBPKType()) ) { + log.debug("Correct bPK is already included in AuthData."); + + //check if bPK received by PVP-Attribute matches OA + } else if (StringUtils.isNotEmpty(pvpbPKValue) && + matchsReceivedbPKToOnlineApplication(pendingReq.getServiceProviderConfiguration(), pvpbPKTypeAttr)) { + log.debug("Receive correct bPK from PVP-Attribute"); + authData.setBPK(pvpbPKValue); + authData.setBPKType(pvpbPKTypeAttr); + + //check if decrypted bPK exists + } else if (pvpEncbPKAttr != null) { + log.debug("Receive bPK as encrypted bPK and decryption was possible."); + authData.setBPK(pvpEncbPKAttr.getFirst()); + authData.setBPKType(pvpEncbPKAttr.getSecond()); + + //ask SZR to get bPK + } else { + String notValidbPK = authData.getBPK(); + String notValidbPKType = authData.getBPKType(); + if (StringUtils.isEmpty(notValidbPK) && + StringUtils.isEmpty(notValidbPKType)) { + notValidbPK = pvpbPKValue; + notValidbPKType = pvpbPKTypeAttr; + + if (StringUtils.isEmpty(notValidbPK) && + StringUtils.isEmpty(notValidbPKType)) { + log.error("No bPK in MOASession. THIS error should not occur any more."); + throw new NullPointerException("No bPK in MOASession. THIS error should not occur any more."); + } + } + + Pair baseIDFromSZR = getbaseIDFromSZR(authData, notValidbPK, notValidbPKType); + if (baseIDFromSZR != null) { + log.info("Receive citizen baseID from SRZ. Authentication can be completed"); + authData.setIdentificationValue(baseIDFromSZR.getFirst()); + authData.setIdentificationType(baseIDFromSZR.getSecond()); + Pair result = buildOAspecificbPK(pendingReq, authData); + authData.setBPK(result.getFirst()); + authData.setBPKType(result.getSecond()); + + } else { + log.warn("Can not build authData, because moaSession include no valid bPK, encrypted bPK or baseID"); + throw new EAAFBuilderException("builder.08", new Object[]{"No valid " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME + + " or " + PVPAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME + + " or " + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME}, + "No valid " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME + + " or " + PVPAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME + + " or " + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME); + + } + } + + //build IdentityLink + if (authProcessData.getIdentityLink() != null) + authData.setIdentityLink(buildOAspecificIdentityLink( + pendingReq.getServiceProviderConfiguration(), + authProcessData.getIdentityLink(), + authData.getBPK(), + authData.getBPKType())); + else + log.info("Can NOT set IdentityLink. Msg: No IdentityLink found"); + + } + + //extract a encrypted bPK from PVP attrobute + protected abstract Pair getEncryptedbPKFromPVPAttribute(IAuthProcessDataContainer authProcessDataContainer, + AuthenticationData authData, ISPConfiguration spConfig) throws EAAFBuilderException; + + //request baseId from SRZ + protected abstract Pair getbaseIDFromSZR(AuthenticationData authData, String notValidbPK, + String notValidbPKType); + + + protected Pair buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) throws EAAFBuilderException { + ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); + + String baseID = authData.getIdentificationValue(); + String baseIDType = authData.getIdentificationType(); + Pair sectorSpecId = null; + + if (EAAFConstants.URN_PREFIX_BASEID.equals(baseIDType)) { + //SAML1 legacy target parameter work-around + String spTargetId = oaParam.getAreaSpecificTargetIdentifier(); + log.debug("Use OA target identifier '" + spTargetId + "' from configuration"); + + //calculate sector specific unique identifier + sectorSpecId = new BPKBuilder().generateAreaSpecificPersonIdentifier(baseID, spTargetId); + + } else { + log.error("!!!baseID-element does not include a baseID. This should not be happen any more!!!"); + sectorSpecId = Pair.newInstance(baseID, baseIDType); + + } + + log.trace("Authenticate user with bPK:" + sectorSpecId.getFirst() + " Type:" + sectorSpecId.getSecond()); + return sectorSpecId; + + } + + protected IIdentityLink buildOAspecificIdentityLink(ISPConfiguration spConfig, IIdentityLink idl, String bPK, String bPKType) throws EAAFConfigurationException, XPathException, DOMException, EAAFParserException { + if (spConfig.hasBaseIdTransferRestriction()) { + log.debug("SP: " + spConfig.getUniqueIdentifier() + " has baseId transfer restriction. Remove baseId from IDL ..."); + Element idlassertion = idl.getSamlAssertion(); + //set bpk/wpbk; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue(bPK); + //set bkp/wpbk type + Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); + prIdentificationType.getFirstChild().setNodeValue(bPKType); + + SimpleIdentityLinkAssertionParser idlparser = new SimpleIdentityLinkAssertionParser(idlassertion); + return idlparser.parseIdentityLink(); + + } else + return idl; + + } + + /** + * Check a bPK-Type against a Service-Provider configuration
+ * If bPK-Type is null the result is false. + * + * @param oaParam Service-Provider configuration, never null + * @param bPKType bPK-Type to check + * @return true, if bPK-Type matchs to Service-Provider configuration, otherwise false + */ + private boolean matchsReceivedbPKToOnlineApplication(ISPConfiguration oaParam, String bPKType) { + return oaParam.getAreaSpecificTargetIdentifier().equals(bPKType); + + } + + /** + * Parse information from an IdentityLink into AuthData object + * + * @param authData + * @param identityLink + * @param includedGenericSessionData + */ + private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection includedGenericSessionData) { + authData.setIdentificationValue(identityLink.getIdentificationValue()); + authData.setIdentificationType(identityLink.getIdentificationType()); + + authData.setGivenName(identityLink.getGivenName()); + authData.setFamilyName(identityLink.getFamilyName()); + authData.setDateOfBirth(identityLink.getDateOfBirth()); + + //remove corresponding keys from genericSessionData if exists + includedGenericSessionData.remove(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME); + includedGenericSessionData.remove(PVPAttributeDefinitions.GIVEN_NAME_NAME); + includedGenericSessionData.remove(PVPAttributeDefinitions.BIRTHDATE_NAME); + includedGenericSessionData.remove(PVPAttributeDefinitions.EID_SOURCE_PIN_NAME); + includedGenericSessionData.remove(PVPAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME); + + } + + /** + * Get bPK from PVP Attribute 'BPK_NAME', which could be exist in + * MOASession as 'GenericData' 

session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class)
+ * + * @param session MOASession, but never null + * @return bPK, which was received by PVP-Attribute, or null if no attribute exists + */ + private String getbPKValueFromPVPAttribute(IAuthProcessDataContainer session) { + String pvpbPKValueAttr = session.getGenericDataFromSession(PVPAttributeDefinitions.BPK_NAME, String.class); + if (StringUtils.isNotEmpty(pvpbPKValueAttr)) { + + //fix a wrong bPK-value prefix, which was used in some PVP Standardportal implementations + if (pvpbPKValueAttr.startsWith("bPK:")) { + log.warn("Attribute " + PVPAttributeDefinitions.BPK_NAME + + " contains a not standardize prefix! Staring attribute value correction process ..."); + pvpbPKValueAttr = pvpbPKValueAttr.substring("bPK:".length()); + + } + + String[] spitted = pvpbPKValueAttr.split(":"); + if (spitted.length != 2) { + log.warn("Attribute " + PVPAttributeDefinitions.BPK_NAME + " has a wrong encoding and can NOT be USED!" + + " Value:" + pvpbPKValueAttr); + return null; + + } + log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME); + return spitted[1]; + + } + + return null; + } + + /** + * Get bPK-Type from PVP Attribute 'EID_SECTOR_FOR_IDENTIFIER_NAME', which could be exist in + * MOASession as 'GenericData' 
session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class)
+ * + * @param session MOASession, but never null + * @return bPKType, which was received by PVP-Attribute, or null if no attribute exists + */ + private String getbPKTypeFromPVPAttribute(IAuthProcessDataContainer session) { + String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); + if (StringUtils.isNotEmpty(pvpbPKTypeAttr)) { + + //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal implementations + if (pvpbPKTypeAttr.startsWith(EAAFConstants.URN_PREFIX_CDID) && + !pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length(), + EAAFConstants.URN_PREFIX_CDID.length() + 1).equals("+")) { + log.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " Starting attribute value correction ... "); + pvpbPKTypeAttr = EAAFConstants.URN_PREFIX_CDID + "+" + pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length() + 1); + + } + log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME); + return pvpbPKTypeAttr; + } + + return null; + + + /* + * INFO: This code could be used to extract the bPKType from 'PVPConstants.BPK_NAME', + * because the prefix of BPK_NAME attribute contains the postfix of the bPKType + * + * Now, all PVP Standardportals should be able to send 'EID_SECTOR_FOR_IDENTIFIER' + * PVP attributes + */ +// String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class); +// String[] spitted = pvpbPKValueAttr.split(":"); +// if (MiscUtil.isEmpty(authData.getBPKType())) { +// Logger.debug("PVP assertion contains NO bPK/wbPK target attribute. " + +// "Starting target extraction from bPK/wbPK prefix ..."); +// //exract bPK/wbPK type from bpk attribute value prefix if type is +// //not transmitted as single attribute +// Pattern pattern = Pattern.compile("[a-zA-Z]{2}(-[a-zA-Z]+)?"); +// Matcher matcher = pattern.matcher(spitted[0]); +// if (matcher.matches()) { +// //find public service bPK +// authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + spitted[0]); +// Logger.debug("Found bPK prefix. Set target to " + authData.getBPKType()); +// +// } else { +// //find business service wbPK +// authData.setBPKType(Constants.URN_PREFIX_WBPK+ "+" + spitted[0]); +// Logger.debug("Found wbPK prefix. Set target to " + authData.getBPKType()); +// +// } +// } + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BPKBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BPKBuilder.java new file mode 100644 index 00000000..62a57dd1 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BPKBuilder.java @@ -0,0 +1,302 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egiz.eaaf.core.impl.idp.auth.builder; + +import java.security.InvalidKeyException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.text.SimpleDateFormat; +import java.util.Date; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.util.Base64Utils; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; + +/** + * Builder for the bPK, as defined in + * "Ableitung f¨r die bereichsspezifische Personenkennzeichnung" + * version 1.0.1 from "reference.e-government.gv.at". + * + */ +public class BPKBuilder { + private static final Logger log = LoggerFactory.getLogger(BPKBuilder.class); + + /** + * Calculates an area specific unique person-identifier from a baseID + * + * @param baseID baseId from user but never null + * @param targetIdentifier target identifier for area specific identifier calculation but never null + * @return Pair but never null + * @throws EAAFBuilderException if some input data are not valid + */ + public Pair generateAreaSpecificPersonIdentifier(String baseID, String targetIdentifier) throws EAAFBuilderException { + return generateAreaSpecificPersonIdentifier(baseID, EAAFConstants.URN_PREFIX_BASEID, targetIdentifier); + + } + + /** + * Calculates an area specific unique person-identifier from an unique identifier with a specific type + * + * @param baseID baseId from user but never null + * @param baseIdType Type of the baseID but never null + * @param targetIdentifier target identifier for area specific identifier calculation but never null + * @return Pair but never null + * @throws EAAFBuilderException if some input data are not valid + */ + public Pair generateAreaSpecificPersonIdentifier(String baseID, String baseIdType, String targetIdentifier) throws EAAFBuilderException{ + if (StringUtils.isEmpty(baseID)) + throw new EAAFBuilderException("builder.00", new Object[]{"baseID is empty or null"}, + "BaseId is empty or null"); + + if (StringUtils.isEmpty(baseIdType)) + throw new EAAFBuilderException("builder.00", new Object[]{"the type of baseID is empty or null"}, + "Type of baseId is empty or null"); + + if (StringUtils.isEmpty(targetIdentifier)) + throw new EAAFBuilderException("builder.00", new Object[]{"SP specific target identifier is empty or null"}, + "SP specific target identifier is empty or null"); + + if (baseIdType.equals(EAAFConstants.URN_PREFIX_BASEID)) { + log.trace("Find baseID. Starting unique identifier caluclation for this target"); + + if (targetIdentifier.startsWith(EAAFConstants.URN_PREFIX_CDID) || + targetIdentifier.startsWith(EAAFConstants.URN_PREFIX_WBPK)) { + log.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier); + return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier), targetIdentifier); + + } else if (targetIdentifier.startsWith(EAAFConstants.URN_PREFIX_EIDAS)) { + log.trace("Calculate eIDAS identifier for target: " + targetIdentifier); + String[] splittedTarget = targetIdentifier.split("\\+"); + String cititzenCountryCode = splittedTarget[1]; + String eIDASOutboundCountry = splittedTarget[2]; + + if (cititzenCountryCode.equalsIgnoreCase(eIDASOutboundCountry)) { + log.warn("Suspect configuration FOUND!!! CitizenCountry equals DestinationCountry"); + + } + return buildeIDASIdentifer(baseID, baseIdType, cititzenCountryCode, eIDASOutboundCountry); + + + } else + throw new EAAFBuilderException("builder.00", + new Object[]{"Target identifier: " + targetIdentifier + " is NOT allowed or unknown"}, + "Target identifier: " + targetIdentifier + " is NOT allowed or unknown"); + + } else { + log.trace("BaseID is not of type " + EAAFConstants.URN_PREFIX_BASEID + ". Check type against requested target ..."); + if (baseIdType.equals(targetIdentifier)) { + log.debug("Unique identifier is already area specific. Is nothing todo"); + return Pair.newInstance(baseID, targetIdentifier); + + } else { + log.warn("Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required!"); + throw new EAAFBuilderException("builder.00", + new Object[]{"Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required"}, + "Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required"); + + } + } + } + + + /** + * Builds the eIDAS from the given parameters. + * + * @param baseID baseID of the citizen + * @param baseIDType Type of the baseID + * @param sourceCountry CountryCode of that country, which build the eIDAs ID + * @param destinationCountry CountryCode of that country, which receives the eIDAs ID + * + * @return Pair in a BASE64 encoding + * @throws EAAFBuilderException if some input data are not valid + */ + private Pair buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry) + throws EAAFBuilderException { + String bPK = null; + String bPKType = null; + + // check if we have been called by public sector application + if (baseIDType.startsWith(EAAFConstants.URN_PREFIX_BASEID)) { + bPKType = EAAFConstants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry; + log.debug("Building eIDAS identification from: [identValue]+" + bPKType); + bPK = calculatebPKwbPK(baseID + "+" + bPKType); + + } else { // if not, sector identification value is already calculated by BKU + log.debug("eIDAS eIdentifier already provided by BKU"); + bPK = baseID; + } + + if ((StringUtils.isEmpty(bPK) || + StringUtils.isEmpty(sourceCountry) || + StringUtils.isEmpty(destinationCountry))) { + throw new EAAFBuilderException("builder.00", + new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" + + bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry} + ,"eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + + bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry); + } + + log.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]"); + String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK; + + return Pair.newInstance(eIdentifier, bPKType); + } + + public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws EAAFBuilderException { + SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss"); + if (target.startsWith(EAAFConstants.URN_PREFIX_CDID + "+")) + target = target.substring((EAAFConstants.URN_PREFIX_CDID + "+").length()); + + String input = "V1::urn:publicid:gv.at:cdid+" + target + "::" + + bpk + "::" + + sdf.format(new Date()); + System.out.println(input); + byte[] result; + try { + byte[] inputBytes = input.getBytes("ISO-8859-1"); + result = encrypt(inputBytes, publicKey); + return new String(Base64Utils.encode(result), "ISO-8859-1").replaceAll("\r\n", ""); + //return new String(Base64Utils.encode(result, "ISO-8859-1")).replaceAll("\r\n", ""); + + + } catch (Exception e) { + throw new EAAFBuilderException("bPK encryption FAILED", null, + e.getMessage(), e); + + } + } + + public static String decryptBPK(String encryptedBpk, String target, PrivateKey privateKey) throws EAAFBuilderException { + String decryptedString; + try { + //byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, "ISO-8859-1"); + byte[] encryptedBytes = Base64Utils.decode(encryptedBpk.getBytes("ISO-8859-1")); + byte[] decryptedBytes = decrypt(encryptedBytes, privateKey); + decryptedString = new String(decryptedBytes, "ISO-8859-1"); + + } catch (Exception e) { + throw new EAAFBuilderException("bPK decryption FAILED", null, + e.getMessage(), e); + + } + + String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1); + String sector = tmp.substring(0, tmp.indexOf("::")); + tmp = tmp.substring(tmp.indexOf("::") + 2); + String bPK = tmp.substring(0, tmp.indexOf("::")); + + if (target.startsWith(EAAFConstants.URN_PREFIX_CDID + "+")) + target = target.substring((EAAFConstants.URN_PREFIX_CDID + "+").length()); + + if (target.equals(sector)) + return bPK; + + else { + log.error("Decrypted bPK does not match to request bPK target."); + return null; + } + } + + private String calculatebPKwbPK(String basisbegriff) throws EAAFBuilderException { + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); + String hashBase64 = new String(Base64Utils.encode(hash), "ISO-8859-1").replaceAll("\r\n", ""); //Base64Utils.encode(hash); + return hashBase64; + + } catch (Exception ex) { + throw new EAAFBuilderException("builder.00", new Object[]{"bPK/wbPK", ex.toString()}, + ex.getMessage(), ex); + + } + + } + + private static byte[] encrypt(byte[] inputBytes, PublicKey publicKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { + byte[] result; + Cipher cipher = null; + try { + cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle + + } catch(NoSuchAlgorithmException e) { + cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider + } + cipher.init(Cipher.ENCRYPT_MODE, publicKey); + result = cipher.doFinal(inputBytes); + + return result; + } + + private static byte[] decrypt(byte[] encryptedBytes, PrivateKey privateKey) + throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{ + byte[] result; + Cipher cipher = null; + try { + cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle + + } catch(NoSuchAlgorithmException e) { + cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider + + } + cipher.init(Cipher.DECRYPT_MODE, privateKey); + result = cipher.doFinal(encryptedBytes); + return result; + + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java new file mode 100644 index 00000000..3fca5300 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java @@ -0,0 +1,219 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.auth.data; + +import java.util.Date; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.EAAFAuthProcessDataConstants; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; + +public class AuthProcessDataWrapper implements IAuthProcessDataContainer, EAAFAuthProcessDataConstants { + private static final Logger log = LoggerFactory.getLogger(AuthProcessDataWrapper.class); + + protected Map authProcessData; + + public AuthProcessDataWrapper(Map authProcessData) { + this.authProcessData = authProcessData; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant() + */ + @Override + public String getIssueInstant() { + return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String) + */ + @Override + public void setIssueInstant(String issueInstant) { + authProcessData.put(VALUE_ISSUEINSTANT, issueInstant); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated() + */ + @Override + public boolean isAuthenticated() { + return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class); + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean) + */ + @Override + public void setAuthenticated(boolean authenticated) { + authProcessData.put(FLAG_IS_AUTHENTICATED, authenticated); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink() + */ + @Override + public IIdentityLink getIdentityLink() { + return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class); + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink) + */ + @Override + public void setIdentityLink(IIdentityLink identityLink) { + authProcessData.put(VALUE_IDENTITYLINK, identityLink); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed() + */ + @Override + public boolean isMandateUsed() { + return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean) + */ + @Override + public void setUseMandates(boolean useMandates) { + authProcessData.put(FLAG_USE_MANDATE, useMandates); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel() + */ + @Override + public String getQAALevel() { + return wrapStringObject(VALUE_QAALEVEL, null, String.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String) + */ + @Override + public void setQAALevel(String qAALevel) { + authProcessData.put(VALUE_QAALEVEL, qAALevel); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner() + */ + @Override + public boolean isForeigner() { + return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean) + */ + @Override + public void setForeigner(boolean isForeigner) { + authProcessData.put(FLAG_IS_FOREIGNER, isForeigner); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW() + */ + @Override + public boolean isOW() { + return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean) + */ + @Override + public void setOW(boolean isOW) { + authProcessData.put(FLAG_IS_ORGANWALTER, isOW); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated() + */ + @Override + public Date getSessionCreated() { + return wrapStringObject(EAAFConstants.AUTH_DATA_CREATED, null, Date.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage() + */ + @Override + public Map getGenericSessionDataStorage() { + Map result = new HashMap(); + for (String el : authProcessData.keySet()) { + if (el.startsWith(GENERIC_PREFIX)) + result.put(el.substring(GENERIC_PREFIX.length()), authProcessData.get(el)); + + } + + return result; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String) + */ + @Override + public Object getGenericDataFromSession(String key) { + return authProcessData.get(GENERIC_PREFIX + key); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class) + */ + @Override + public T getGenericDataFromSession(String key, Class clazz) { + return wrapStringObject(GENERIC_PREFIX + key, null, clazz); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object) + */ + @Override + public void setGenericDataToSession(String key, Object object) throws EAAFStorageException { + authProcessData.put(GENERIC_PREFIX + key, object); + + } + + protected T wrapStringObject(String key, Object defaultValue, Class clazz) { + if (StringUtils.isNotEmpty(key)) { + Object obj = authProcessData.get(key); + if (obj != null && clazz.isInstance(obj)) + return (T) obj; + } + + if (defaultValue == null) + return null; + + else if (clazz.isInstance(defaultValue)) + return (T)defaultValue; + + else { + log.error("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName()); + throw new IllegalStateException("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName()); + + } + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java new file mode 100644 index 00000000..becd630e --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java @@ -0,0 +1,312 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egiz.eaaf.core.impl.idp.auth.data; + +import java.io.IOException; +import java.io.Serializable; +import java.security.PublicKey; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; + + +/** + * Data contained in an identity link issued by BMI, relevant to the MOA ID component. + *
"IdentityLink" is the translation of "Personenbindung". + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class IdentityLink implements Serializable, IIdentityLink{ + + private static final long serialVersionUID = 1L; + + /** + * "identificationValue" is the translation of "Stammzahl". + */ + private String identificationValue; + /** + * "identificationType" type of the identificationValue in the IdentityLink. + */ + private String identificationType; + /** + * first name + */ + private String givenName; + /** + * family name + */ + private String familyName; + + /** + * The name as (givenName + familyName) + */ + private String name; + /** + * date of birth + */ + private String dateOfBirth; + /** + * the original saml:Assertion-Element + */ + private Element samlAssertion; + /** + * the serializes saml:Assertion + */ + private String serializedSamlAssertion; + /** + * Element /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person + */ + private Element prPerson; + /** + * we need for each dsig:Reference Element all + * transformation elements + */ + private Element[] dsigReferenceTransforms; + + /** + * The issuing time of the identity link SAML assertion. + */ + private String issueInstant; + + /** + * we need all public keys stored in + * the identity link + */ + private PublicKey[] publicKey; + + /** + * Constructor for IdentityLink + */ + public IdentityLink() { + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDateOfBirth() + */ + @Override +public String getDateOfBirth() { + return dateOfBirth; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getFamilyName() + */ + @Override +public String getFamilyName() { + return familyName; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getGivenName() + */ + @Override +public String getGivenName() { + return givenName; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getName() + */ + @Override +public String getName() { + if (name == null) { + name = givenName + " " + familyName; + } + return name; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationValue() + */ + @Override +public String getIdentificationValue() { + return identificationValue; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationType() + */ + @Override + public String getIdentificationType() { + return identificationType; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDateOfBirth(java.lang.String) + */ + @Override +public void setDateOfBirth(String dateOfBirth) { + this.dateOfBirth = dateOfBirth; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setFamilyName(java.lang.String) + */ + @Override +public void setFamilyName(String familyName) { + this.familyName = familyName; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setGivenName(java.lang.String) + */ + @Override +public void setGivenName(String givenName) { + this.givenName = givenName; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationValue(java.lang.String) + */ + @Override +public void setIdentificationValue(String identificationValue) { + this.identificationValue = identificationValue; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationType(java.lang.String) + */ + @Override + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSamlAssertion() + */ + @Override +public Element getSamlAssertion() { + return samlAssertion; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSerializedSamlAssertion() + */ + @Override +public String getSerializedSamlAssertion() { + return serializedSamlAssertion; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setSamlAssertion(org.w3c.dom.Element) + */ + @Override +public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException { + this.samlAssertion = samlAssertion; + this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDsigReferenceTransforms() + */ + @Override +public Element[] getDsigReferenceTransforms() { + return dsigReferenceTransforms; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDsigReferenceTransforms(org.w3c.dom.Element[]) + */ + @Override +public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) { + this.dsigReferenceTransforms = dsigReferenceTransforms; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPublicKey() + */ + @Override +public PublicKey[] getPublicKey() { + return publicKey; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPublicKey(java.security.PublicKey[]) + */ + @Override +public void setPublicKey(PublicKey[] publicKey) { + this.publicKey = publicKey; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPrPerson() + */ + @Override +public Element getPrPerson() { + return prPerson; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPrPerson(org.w3c.dom.Element) + */ + @Override +public void setPrPerson(Element prPerson) { + this.prPerson = prPerson; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIssueInstant() + */ + @Override +public String getIssueInstant() { + return issueInstant; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIssueInstant(java.lang.String) + */ + @Override +public void setIssueInstant(String issueInstant) { + this.issueInstant = issueInstant; + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java new file mode 100644 index 00000000..7fb5e642 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java @@ -0,0 +1,326 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egiz.eaaf.core.impl.idp.auth.data; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.List; + +import org.springframework.util.Base64Utils; +import org.w3c.dom.Element; +import org.w3c.dom.traversal.NodeIterator; + +import at.gv.egiz.eaaf.core.api.data.XMLNamespaceConstants; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; + +/** + * Parses MDS from an identity link <saml:Assertion> + *
+ * This IDL parser extract NO key information! + + */ +public class SimpleIdentityLinkAssertionParser { + + // + // XPath namespace prefix shortcuts + // + + /** Xpath prefix for reaching PersonData Namespaces */ + private static final String PDATA = XMLNamespaceConstants.PD_PREFIX + ":"; + /** Xpath prefix for reaching SAML Namespaces */ + private static final String SAML = XMLNamespaceConstants.SAML_PREFIX + ":"; + /** Xpath prefix for reaching XML-DSIG Namespaces */ + private static final String DSIG = XMLNamespaceConstants.DSIG_PREFIX + ":"; + /** Xpath prefix for reaching ECDS Namespaces */ + private static final String ECDSA = XMLNamespaceConstants.ECDSA_PREFIX + ":"; + /** Xpath expression to the root element */ + private static final String ROOT = ""; + /** Xpath expression to the SAMLSubjectConfirmationData element */ + private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Subject/" + + SAML + + "SubjectConfirmation/" + + SAML + + "SubjectConfirmationData"; + /** Xpath expression to the PersonData element */ + private static final String PERSON_XPATH = + SAML_SUBJECT_CONFIRMATION_DATA_XPATH + + "/" + + PDATA + + "Person"; + /** Xpath expression to the PersonData GivenName element */ + public static final String PERSON_GIVEN_NAME_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Name/" + + PDATA + + "GivenName"; + /** Xpath expression to the PersonData FamilyName element */ + public static final String PERSON_FAMILY_NAME_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Name/" + + PDATA + + "FamilyName"; + /** Xpath expression to the PersonData DateOfBirth element */ + public static final String PERSON_DATE_OF_BIRTH_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "DateOfBirth"; + /** Xpath expression to the Identification element */ + private static final String PERSON_IDENT_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Identification"; + + /** Xpath expression to the Identification Value element */ + public static final String PERSON_IDENT_VALUE_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Identification/" + + PDATA + + "Value"; + + /** Xpath expression to the Identification Value element */ + public static final String PERSON_IDENT_TYPE_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Identification/" + + PDATA + + "Type"; + + /** Xpath expression to the RSAKeyValue element */ + private static final String RSA_KEY_VALUE_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Attribute/" + + SAML + + "AttributeValue/" + + DSIG + + "RSAKeyValue"; + + /** Xpath expression to the ECKeyValue element */ + private static final String ECDSA_KEY_VALUE_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Attribute/" + + SAML + + "AttributeValue/" + + ECDSA + + "ECDSAKeyValue"; + + + /** Xpath expression to the RSA Modulus element */ + private static final String RSA_KEY_MODULUS_XPATH = DSIG + "Modulus"; + /** Xpath expression to the RSA Exponent element */ + private static final String RSA_KEY_EXPONENT_XPATH = DSIG + "Exponent"; + /** Xpath expression to the DSIG X509Certificate element */ + private static final String DSIG_CERTIFICATES_XPATH = + ROOT + + DSIG + + "Signature/" + + DSIG + + "KeyInfo/" + + DSIG + + "X509Data/" + + DSIG + + "X509Certificate"; + /** Xpath expression to the DSIG Transforms element */ + private static final String DSIG_REFERENCE_TRANSFORMATION_XPATH = + ROOT + + DSIG + + "Signature/" + + DSIG + + "SignedInfo/" + + DSIG + + "Reference/" + + DSIG + + "Transforms"; + + /** The IssueInstant attribute of the SAML assertion */ + private static final String ISSUE_INSTANT_ATTR = "IssueInstant"; + + /**This is the root element of the XML-Document provided by the Security Layer Card*/ + private Element assertionElem; + + /** + * Constructor for IdentityLinkAssertionParser. + * A DOM-representation of the incoming String will be created + * @param xmlAssertion <saml:Assertion> as String + * @throws EAAFParserException on any parsing error + */ + public SimpleIdentityLinkAssertionParser(String xmlAssertion) throws EAAFParserException { + try { + InputStream s = new ByteArrayInputStream(xmlAssertion.getBytes("UTF-8")); + assertionElem = DOMUtils.parseXmlValidating(s); + + } + catch (Throwable t) { + throw new EAAFParserException("parser.01", new Object[] { t.toString()}, + t.getMessage(), t); + + } + } + + /** + * Sets the <@link assertionElem>. + * @param xmlAssertion the assertion element + * @throws EAAFParserException on any parsing error + */ + public SimpleIdentityLinkAssertionParser(Element xmlAssertion) throws EAAFParserException { + assertionElem = xmlAssertion; + } + + /** + * Constructor for IdentityLinkAssertionParser. + * A DOM-representation of the incoming Inputstream will be created + * @param xmlAssertion <saml:Assertion> as InputStream + * @throws EAAFParserException on any parsing error + */ + public SimpleIdentityLinkAssertionParser(InputStream xmlAssertion) throws EAAFParserException { + try { + assertionElem = DOMUtils.parseXmlValidating(xmlAssertion); + + } + catch (Throwable t) { + throw new EAAFParserException("parser.01", new Object[] { t.toString() }, t.getMessage(), t); + + } + } + + /** + * Parses the identity link from the <saml:Assertion> + * @return Identity link + * @throws EAAFParserException on any parsing error + */ + + public IIdentityLink parseIdentityLink() throws EAAFParserException { + IIdentityLink identityLink; + try { + identityLink = new IdentityLink(); + identityLink.setSamlAssertion(assertionElem); + identityLink.setIssueInstant(assertionElem.getAttribute(ISSUE_INSTANT_ATTR)); + identityLink.setPrPerson((Element) + XPathUtils.selectSingleNode(assertionElem, PERSON_XPATH)); + identityLink.setIdentificationValue( + XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, "")); + identityLink.setIdentificationType( + XPathUtils.getElementValue(assertionElem, PERSON_IDENT_TYPE_XPATH, "")); + + String givenname = XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, ""); + String familyname = XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, ""); + + // replace ' in name with ' + givenname = givenname.replaceAll("'", "'"); + familyname = familyname.replaceAll("'", "'"); + + identityLink.setGivenName(givenname); + identityLink.setFamilyName(familyname); + identityLink.setDateOfBirth( + XPathUtils.getElementValue(assertionElem, PERSON_DATE_OF_BIRTH_XPATH, "")); + NodeIterator dsigRefTransforms = + XPathUtils.selectNodeIterator(assertionElem, DSIG_REFERENCE_TRANSFORMATION_XPATH); + List transElems = new ArrayList(); + Element transformsElem; + while ((transformsElem = (Element) dsigRefTransforms.nextNode()) != null) { + transElems.add(transformsElem); + } + Element[] result = new Element[transElems.size()]; + transElems.toArray(result); + identityLink.setDsigReferenceTransforms(result); + + //identityLink.setPublicKey(getPublicKeys()); + + } + catch (Throwable t) { + throw new EAAFParserException("parser.01", new Object[] { t.toString() }, + t.getMessage(), t); + } + + return identityLink; + } + + /** + * Parses a string array of decoded base64 certificates from + * the <InfoboxReadResponse> found in the dsig-signature + * @return String[] with raw-certificates from the dsig-signature keyinfo + * @throws Exception + */ + public String[] getCertificates() throws Exception { + List certs = new ArrayList(); + NodeIterator rsaIter = + XPathUtils.selectNodeIterator(assertionElem, DSIG_CERTIFICATES_XPATH); + Element certElem; + while ((certElem = (Element) rsaIter.nextNode()) != null) { + String content = DOMUtils.getText(certElem); + certs.add(new String(Base64Utils.decodeFromString(content))); + + } + String[] result = new String[certs.size()]; + certs.toArray(result); + return result; + + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/AbstractAuthServletTask.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/AbstractAuthServletTask.java new file mode 100644 index 00000000..a421ff67 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/AbstractAuthServletTask.java @@ -0,0 +1,220 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.auth.modules; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.fileupload.FileItem; +import org.apache.commons.fileupload.FileItemFactory; +import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.fileupload.disk.DiskFileItemFactory; +import org.apache.commons.fileupload.servlet.ServletFileUpload; +import org.apache.commons.lang3.ArrayUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.idp.process.springweb.AbstractTask; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; + +/** + * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing + * etc.).

The code has been taken from {@link AuthServlet}. + */ +public abstract class AbstractAuthServletTask extends AbstractTask { + private static final Logger log = LoggerFactory.getLogger(AbstractAuthServletTask.class); + + @Autowired(required=true) protected IRequestStorage requestStoreage; + @Autowired(required=true) protected IConfiguration authConfig; + + @Autowired protected IRevisionLogger revisionsLogger; + + protected static final String ERROR_CODE_PARAM = "errorid"; + + protected IRequest pendingReq = null; + + public abstract void execute(ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) throws TaskExecutionException; + + + protected final IRequest internalExecute(IRequest pendingReq, ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) throws TaskExecutionException { + //set pending-request object + this.pendingReq = pendingReq; + + //execute task specific action + execute(executionContext, request, response); + + //return pending-request object + return this.pendingReq; + } + + /** + * Redirect the authentication process to protocol specific finalization endpoint. + * + * @param pendingReq Actually processed protocol specific authentication request + * @param httpResp + */ + protected void performRedirectToProtocolFinialization(IRequest pendingReq, HttpServletResponse httpResp) { + performRedirectToItself(pendingReq, httpResp, AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL); + + } + + /** + * Redirect the authentication process to IDP itself + * + * @param pendingReq Actually processed protocol specific authentication request + * @param httpResp + * @param idpEndPoint Servlet EndPoint that should receive the redirect + */ + protected void performRedirectToItself(IRequest pendingReq, HttpServletResponse httpResp, String idpEndPoint) { + String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), + idpEndPoint, pendingReq.getPendingRequestId()); + + httpResp.setContentType("text/html"); + httpResp.setStatus(302); + httpResp.addHeader("Location", redirectURL); + log.debug("REDIRECT TO: " + redirectURL); + + } + + + /** + * Parses the request input stream for parameters, assuming parameters are + * encoded UTF-8 (no standard exists how browsers should encode them). + * + * @param req + * servlet request + * + * @return mapping parameter name -> value + * + * @throws IOException + * if parsing request parameters fails. + * + * @throws FileUploadException + * if parsing request parameters fails. + */ + protected Map getParameters(HttpServletRequest req) throws IOException, + FileUploadException { + + Map parameters = new HashMap(); + + if (ServletFileUpload.isMultipartContent(req)) { + // request is encoded as mulitpart/form-data + FileItemFactory factory = new DiskFileItemFactory(); + ServletFileUpload upload = null; + upload = new ServletFileUpload(factory); + List items = null; + items = upload.parseRequest(req); + for (int i = 0; i < items.size(); i++) { + FileItem item = (FileItem) items.get(i); + if (item.isFormField()) { + // Process only form fields - no file upload items + parameters.put(item.getFieldName(), item.getString("UTF-8")); + + //log requests on trace + if (log.isTraceEnabled()) { + String logString = item.getString("UTF-8"); + + // TODO use RegExp + String startS = ""; + String endS = "urn:publicid:gv.at:baseid"; + String logWithMaskedBaseid = logString; + int start = logString.indexOf(startS); + if (start > -1) { + int end = logString.indexOf(endS); + if (end > -1) { + logWithMaskedBaseid = logString.substring(0, start); + logWithMaskedBaseid += startS; + logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx"; + logWithMaskedBaseid += logString.substring(end, + logString.length()); + } + } + + log.debug("Processed multipart/form-data request parameter: \nName: " + + item.getFieldName() + + "\nValue: " + + logWithMaskedBaseid); + } + + } + } + } + + else { + Iterator> requestParamIt = req.getParameterMap().entrySet().iterator(); + while (requestParamIt.hasNext()) { + Entry entry = requestParamIt.next(); + String key = entry.getKey(); + String[] values = entry.getValue(); + // take the last value from the value array since the legacy code above also does it this way + parameters.put(key, ArrayUtils.isEmpty(values) ? null : values[values.length-1]); + } + + } + + return parameters; + } + + /** + * Reads bytes up to a delimiter, consuming the delimiter. + * + * @param in + * input stream + * @param delimiter + * delimiter character + * @return String constructed from the read bytes + * @throws IOException + */ + protected String readBytesUpTo(InputStream in, char delimiter) + throws IOException { + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + boolean done = false; + int b; + while (!done && (b = in.read()) >= 0) { + if (b == delimiter) + done = true; + else + bout.write(b); + } + return bout.toString(); + } + + /** + * Adds a parameter to a URL. + * + * @param url + * the URL + * @param paramname + * parameter name + * @param paramvalue + * parameter value + * @return the URL with parameter added + */ + protected static String addURLParameter(String url, String paramname, + String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/ModuleRegistration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/ModuleRegistration.java new file mode 100644 index 00000000..cb4a055a --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/ModuleRegistration.java @@ -0,0 +1,151 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.auth.modules; + +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Comparator; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.ServiceLoader; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.core.io.Resource; + +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessDefinitionParserException; + +/** + * This class handles registering modules. The modules are detected either with + * the ServiceLoader mechanism or via Spring. All detected modules are ranked + * according to their priority. + */ +public class ModuleRegistration { + + private static ModuleRegistration instance = new ModuleRegistration(); + + private List priorizedModules = new ArrayList<>(); + + @Autowired + private ApplicationContext ctx; + + @Autowired + private ProcessEngine processEngine; + + private Logger log = LoggerFactory.getLogger(getClass()); + + public static ModuleRegistration getInstance() { + return instance; + } + + private ModuleRegistration() { + } + + @PostConstruct + private void init() { + // load modules via the ServiceLoader + initServiceLoaderModules(); + + // load modules via Spring + initSpringModules(); + + // order modules according to their priority + sortModules(); + } + + /** + * Discovers modules which use the ServiceLoader mechanism. + */ + private void initServiceLoaderModules() { + log.info("Looking for auth modules."); + ServiceLoader loader = ServiceLoader.load(AuthModule.class); + Iterator modules = loader.iterator(); + while (modules.hasNext()) { + AuthModule module = modules.next(); + log.info("Detected module {}", module.getClass().getName()); + registerModuleProcessDefinitions(module); + priorizedModules.add(module); + } + } + + /** + * Discovers modules which use Spring. + */ + private void initSpringModules() { + log.debug("Discovering Spring modules."); + Map modules = ctx.getBeansOfType(AuthModule.class); + for (AuthModule module : modules.values()) { + registerModuleProcessDefinitions(module); + priorizedModules.add(module); + } + } + + /** + * Registers the resource uris for the module. + * + * @param module + * the module. + */ + private void registerModuleProcessDefinitions(AuthModule module) { + for (String uri : module.getProcessDefinitions()) { + Resource resource = ctx.getResource(uri); + if (resource.isReadable()) { + log.info("Registering process definition '{}'.", uri); + try (InputStream processDefinitionInputStream = resource.getInputStream()) { + processEngine.registerProcessDefinition(processDefinitionInputStream); + } catch (IOException e) { + log.error("Process definition '{}' could NOT be read.", uri, e); + } catch (ProcessDefinitionParserException e) { + log.error("Error while parsing process definition '{}'", uri, e); + } + } else { + log.error("Process definition '{}' cannot be read.", uri); + } + } + } + + /** + * Order the modules in descending order according to their priority. + */ + private void sortModules() { + Collections.sort(priorizedModules, new Comparator() { + @Override + public int compare(AuthModule thisAuthModule, AuthModule otherAuthModule) { + int thisOrder = thisAuthModule.getPriority(); + int otherOrder = otherAuthModule.getPriority(); + return (thisOrder < otherOrder ? 1 : (thisOrder == otherOrder ? 0 : -1)); + } + }); + } + + /** + * Returns the process description id of the first process, in the highest ranked + * module, which is able to work with the given execution context. + * + * @param context + * the {@link ExecutionContext}. + * @return the process id or {@code null} + */ + public String selectProcess(ExecutionContext context) { + for (AuthModule module : priorizedModules) { + String id = module.selectProcess(context); + if (StringUtils.isNotEmpty(id)) { + log.debug("Process with id '{}' selected, for context '{}'.", id, context); + return id; + } + } + log.info("No process is able to handle context '{}'.", context); + return null; + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BPKAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BPKAttributeBuilder.java new file mode 100644 index 00000000..575f2beb --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BPKAttributeBuilder.java @@ -0,0 +1,55 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + +public class BPKAttributeBuilder implements IPVPAttributeBuilder { + + private static final Logger log = LoggerFactory.getLogger(BPKAttributeBuilder.class); + + public String getName() { + return BPK_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + String bpk = authData.getBPK(); + String type = authData.getBPKType(); + + if (StringUtils.isEmpty(bpk)) + throw new UnavailableAttributeException(BPK_NAME); + + if (type.startsWith(EAAFConstants.URN_PREFIX_WBPK)) + type = type.substring((EAAFConstants.URN_PREFIX_WBPK).length()); + + else if (type.startsWith(EAAFConstants.URN_PREFIX_CDID)) + type = type.substring((EAAFConstants.URN_PREFIX_CDID).length()); + + else if (type.startsWith(EAAFConstants.URN_PREFIX_EIDAS)) + type = type.substring((EAAFConstants.URN_PREFIX_EIDAS).length()); + + if (bpk.length() > BPK_MAX_LENGTH) { + bpk = bpk.substring(0, BPK_MAX_LENGTH); + } + + log.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); + + return g.buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk); + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BirthdateAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BirthdateAttributeBuilder.java new file mode 100644 index 00000000..cac7e3bf --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BirthdateAttributeBuilder.java @@ -0,0 +1,40 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import java.text.DateFormat; +import java.text.SimpleDateFormat; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; + +public class BirthdateAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return BIRTHDATE_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + + if (authData.getDateOfBirth() != null) { + DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN); + String dateString = pvpDateFormat.format(authData.getDateOfBirth()); + + return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); + + } else { + //build empty attribute if no Birthday date is found (STORK2) + return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME); + + } + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDIdentityLinkBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDIdentityLinkBuilder.java new file mode 100644 index 00000000..f55353d2 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDIdentityLinkBuilder.java @@ -0,0 +1,54 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import java.io.IOException; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.util.Base64Utils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + + + +public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder { + private static final Logger log = LoggerFactory.getLogger(EIDIdentityLinkBuilder.class); + + + public String getName() { + return EID_IDENTITY_LINK_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + try { + String ilAssertion = null; + if (authData.getIdentityLink() == null) + throw new UnavailableAttributeException(EID_IDENTITY_LINK_NAME); + + ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); + + return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, + EID_IDENTITY_LINK_NAME, Base64Utils.encodeToString(ilAssertion.getBytes("UTF-8"))); + + + } catch (IOException e) { + log.warn("IdentityLink serialization error.", e); + return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, + EID_IDENTITY_LINK_NAME); + } + + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, + EID_IDENTITY_LINK_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDIssuingNationAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDIssuingNationAttributeBuilder.java new file mode 100644 index 00000000..9a038aa2 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDIssuingNationAttributeBuilder.java @@ -0,0 +1,35 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; + +public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return EID_ISSUING_NATION_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + String countryCode = authData.getCiticenCountryCode(); + if (StringUtils.isNotEmpty(countryCode)) + return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, + EID_ISSUING_NATION_NAME, countryCode); + + else + return null; + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, + EID_ISSUING_NATION_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSectorForIDAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSectorForIDAttributeBuilder.java new file mode 100644 index 00000000..c170a124 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSectorForIDAttributeBuilder.java @@ -0,0 +1,36 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + +public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return EID_SECTOR_FOR_IDENTIFIER_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + String bpktype = authData.getBPKType(); + + if (StringUtils.isEmpty(authData.getBPKType())) + throw new UnavailableAttributeException(EID_SECTOR_FOR_IDENTIFIER_NAME); + + return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, + EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype); + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, + EID_SECTOR_FOR_IDENTIFIER_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePIN.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePIN.java new file mode 100644 index 00000000..52654f86 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePIN.java @@ -0,0 +1,39 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.AttributePolicyException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + +public class EIDSourcePIN implements IPVPAttributeBuilder { + + public String getName() { + return EID_SOURCE_PIN_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + + if (authData.isBaseIDTransferRestrication()) + throw new AttributePolicyException(EID_SOURCE_PIN_NAME); + + else { + if (StringUtils.isNoneEmpty(authData.getIdentificationValue())) + throw new UnavailableAttributeException(EID_SOURCE_PIN_NAME); + + return g.buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue()); + } + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePINType.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePINType.java new file mode 100644 index 00000000..ef2d8e82 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePINType.java @@ -0,0 +1,33 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + +public class EIDSourcePINType implements IPVPAttributeBuilder { + + public String getName() { + return EID_SOURCE_PIN_TYPE_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + + if (authData.isBaseIDTransferRestrication()) + throw new UnavailableAttributeException(EID_SOURCE_PIN_TYPE_NAME); + + else { + return g.buildStringAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME, authData.getIdentificationType()); + } + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDeIDASQAALevelAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDeIDASQAALevelAttributeBuilder.java new file mode 100644 index 00000000..213faeb8 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDeIDASQAALevelAttributeBuilder.java @@ -0,0 +1,31 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; + +public class EIDeIDASQAALevelAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return EID_CITIZEN_EIDAS_QAA_LEVEL_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + + return g.buildStringAttribute(EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, + EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, authData.getEIDASQAALevel()); + } + + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, + EID_CITIZEN_EIDAS_QAA_LEVEL_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/GivenNameAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/GivenNameAttributeBuilder.java new file mode 100644 index 00000000..083adb36 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/GivenNameAttributeBuilder.java @@ -0,0 +1,26 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; + +public class GivenNameAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return GIVEN_NAME_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + return g.buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authData.getGivenName()); + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PVPVersionAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PVPVersionAttributeBuilder.java new file mode 100644 index 00000000..006f9854 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PVPVersionAttributeBuilder.java @@ -0,0 +1,26 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; + +public class PVPVersionAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return PVP_VERSION_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + return g.buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1); + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PrincipalNameAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PrincipalNameAttributeBuilder.java new file mode 100644 index 00000000..8828a022 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PrincipalNameAttributeBuilder.java @@ -0,0 +1,26 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; + +public class PrincipalNameAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return PRINCIPAL_NAME_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + return g.buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authData.getFamilyName()); + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java new file mode 100644 index 00000000..2b868b16 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java @@ -0,0 +1,185 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.conf; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.Map; +import java.util.Properties; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + +public abstract class AbstractConfigurationImpl implements IConfiguration { + private static final Logger log = LoggerFactory.getLogger(AbstractConfigurationImpl.class); + + private static final String URI_SCHEME_CLASSPATH = "classpath"; + private static final String URI_SCHEME_FILESYSTEM = "file"; + + private final URI internalConfigPath; + private final URI configRootDirectory; + private final Properties properties; + + public AbstractConfigurationImpl(final String configPath) throws EAAFConfigurationException { + InputStream is = null; + try { + log.debug("Starting EAAFCore initialization process .... "); + + if (StringUtils.isEmpty(configPath)) { + log.debug("Primary configuration is empty. Search for backup configuration .... "); + internalConfigPath = new URI(getBackupConfigPath()); + + } else + internalConfigPath = new URI(configPath); + + log.info("Load EAAFCore configuration from " + internalConfigPath); + + + //extract configuration root directory + //TODO: check if it works with classpath + File propertiesFile = new File(internalConfigPath); + String configDir = propertiesFile.getParent(); + configRootDirectory = new File(configDir).toURI(); + log.debug("Set EAAFCore configuration root directory to " + configRootDirectory.toString()); + + + //get input stream from configuration path + if (internalConfigPath.getScheme().equals(URI_SCHEME_FILESYSTEM)) { + log.trace("Load config from filesystem"); + is = new FileInputStream(propertiesFile); + + } else if (internalConfigPath.getScheme().equals(URI_SCHEME_CLASSPATH)) { + log.trace("Load config from classpath"); + is = this.getClass().getResourceAsStream(internalConfigPath.toString()); + + } else { + log.error("Can not load EAAFCore configuration. Unsupported prefix! (Only 'file:' and 'classpath:') "); + throw new EAAFConfigurationException("Can not load EAAFCore configuration. Unsupported prefix"); + + } + + if (is == null) { + log.error("Can NOT load EAAFCore configuration from file " + internalConfigPath.toString()); + throw new EAAFConfigurationException("Can NOT load EAAFCore configuration from file " + internalConfigPath.toString()); + + } + + + //load EAAF core configuration into properties object + properties = new Properties(); + properties.load(is); + + log.info("EAAFCore configuration loaded"); + + + } catch (URISyntaxException | IOException e) { + log.error("Can not parse configuration path " + configPath + " or " + getBackupConfigPath()); + throw new EAAFConfigurationException("Can not parse configuration path", e); + + } finally { + if (is != null) { + try { + is.close(); + + } catch (IOException e) { + log.warn("Can not close inputstream from configuration loader!"); + + } + } + } + + } + + @Override + public String getBasicConfiguration(String key) { + if (StringUtils.isNotEmpty(key)) { + String value = properties.getProperty(addPrefixToKey(key)); + if (value != null) + return value.trim(); + } + + return null; + } + + @Override + public String getBasicConfiguration(String key, String defaultValue) { + if (StringUtils.isNotEmpty(key)) { + String value = properties.getProperty(addPrefixToKey(key), defaultValue); + if (value != null) + return value.trim(); + } + + return defaultValue; + } + + @Override + public Map getBasicMOAIDConfigurationWithPrefix(String prefix) { + return KeyValueUtils.getSubSetWithPrefix(KeyValueUtils.convertPropertiesToMap(properties), addPrefixToKey(prefix)); + + } + + @Override + public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { + String value = getBasicConfiguration(key); + if (StringUtils.isNotEmpty(value)) + return Boolean.valueOf(value.trim()); + + return defaultValue; + + } + + @Override + public Properties getFullConfigurationProperties() { + return properties; + + } + + @Override + public URI getConfigurationRootDirectory() { + return configRootDirectory; + + } + + @Override + public URI getConfigurationFilePath() { + return internalConfigPath; + + } + + /** + * Get the path to backup configuration + * + * @return A filepath file: or a classpath classpath: + */ + abstract protected String getBackupConfigPath(); + + /** + * Get a specific configuration-key prefix for this software implementation + * + * @return + */ + abstract public String getApplicationSpecificKeyPrefix(); + + + private String addPrefixToKey(String key) { + if (StringUtils.isNotEmpty(getApplicationSpecificKeyPrefix())) { + if (getApplicationSpecificKeyPrefix().endsWith(KeyValueUtils.KEY_DELIMITER)) + return getApplicationSpecificKeyPrefix() + key; + else + return getApplicationSpecificKeyPrefix() + KeyValueUtils.KEY_DELIMITER + key; + + } + + return key; + + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SPConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SPConfigurationImpl.java new file mode 100644 index 00000000..e402983d --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SPConfigurationImpl.java @@ -0,0 +1,163 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.conf; + +import java.util.Collections; +import java.util.List; +import java.util.Map; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + +public class SPConfigurationImpl implements ISPConfiguration { + private static final long serialVersionUID = 688541755446463453L; + + private static final Logger log = LoggerFactory.getLogger(SPConfigurationImpl.class); + + private final Map spConfiguration; + private final List targetAreasWithNoInteralBaseIdRestriction; + private final List targetAreasWithNoBaseIdTransmissionRestriction; + + + public SPConfigurationImpl(final Map spConfig, IConfiguration authConfig) { + this.spConfiguration = spConfig; + + //set oa specific restrictions + targetAreasWithNoInteralBaseIdRestriction = Collections.unmodifiableList( + KeyValueUtils.getListOfCSVValues( + authConfig.getBasicConfiguration( + CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL, + EAAFConstants.URN_PREFIX_CDID))); + + targetAreasWithNoBaseIdTransmissionRestriction = Collections.unmodifiableList( + KeyValueUtils.getListOfCSVValues( + authConfig.getBasicConfiguration( + CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION, + EAAFConstants.URN_PREFIX_CDID))); + + if (log.isTraceEnabled()) { + log.trace("Internal policy for OA: " + getUniqueIdentifier()); + for (String el : targetAreasWithNoInteralBaseIdRestriction) + log.trace(" Allow baseID processing for prefix " + el); + for (String el : targetAreasWithNoBaseIdTransmissionRestriction) + log.trace(" Allow baseID transfer for prefix " + el); + + } + } + + + @Override + public final Map getFullConfiguration() { + return this.spConfiguration; + + } + + @Override + public final String getConfigurationValue(String key) { + if (key == null) + return null; + else + return this.spConfiguration.get(key); + + } + + @Override + public final String getConfigurationValue(String key, String defaultValue) { + String value = getConfigurationValue(key); + if (value == null) + return defaultValue; + else + return value; + } + + + @Override + public final Boolean isConfigurationValue(String key) { + String value = getConfigurationValue(key); + if (value != null) { + return Boolean.parseBoolean(value); + + } + + return null; + } + + + @Override + public final boolean isConfigurationValue(String key, boolean defaultValue) { + String value = getConfigurationValue(key); + if (value != null) { + return Boolean.parseBoolean(value); + + } + + return defaultValue; + } + + @Override + public final boolean containsConfigurationKey(String key) { + if (key == null) + return false; + else + return this.spConfiguration.containsKey(key); + + } + + @Override + public String getUniqueIdentifier() { + return getConfigurationValue(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER); + + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() { + return false; + + } + + @Override + public boolean hasBaseIdTransferRestriction() { + return true; + + } + + + @Override + public final List getTargetsWithNoBaseIdInternalProcessingRestriction() { + return this.targetAreasWithNoInteralBaseIdRestriction; + } + + + @Override + public final List getTargetsWithNoBaseIdTransferRestriction() { + return this.targetAreasWithNoBaseIdTransmissionRestriction; + } + + + @Override + public String getMinimumLevelOfAssurence() { + log.warn("Method not implemented: " + SPConfigurationImpl.class.getName() + " 'getMinimumLevelOfAssurence()'"); + return null; + } + + + @Override + public String getAreaSpecificTargetIdentifier() { + log.warn("Method not implemented: " + SPConfigurationImpl.class.getName() + " 'getAreaSpecificTargetIdentifier()'"); + return null; + } + + + @Override + public String getFriendlyName() { + log.warn("Method not implemented: " + SPConfigurationImpl.class.getName() + " 'getFriendlyName()'"); + return null; + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractAuthProtocolModulController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractAuthProtocolModulController.java new file mode 100644 index 00000000..d72ee404 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractAuthProtocolModulController.java @@ -0,0 +1,225 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.controller; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.components.eventlog.api.EventConstants; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IStatusMessager; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException; + +/** + * @author tlenz + * + */ + +public abstract class AbstractAuthProtocolModulController extends AbstractController { + private static final Logger log = LoggerFactory.getLogger(AbstractAuthProtocolModulController.class); + + public static final String ENDPOINT_FINALIZEPROTOCOL = "finalizeAuthProtocol"; + public static final String ENDPOINT_ERRORHANDLING = "errorHandling"; + + + @Autowired(required=true) private IAuthenticationManager authmanager; + @Autowired(required=true) private IAuthenticationDataBuilder authDataBuilder; + @Autowired(required=false) private ISSOManager ssoManager; + + /** + * Initialize an authentication process for this protocol request + * + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse + * @param protocolRequest Authentication request which is actually in process + * @throws IOException + */ + protected void performAuthentication(HttpServletRequest req, HttpServletResponse resp, + IRequest pendingReq) throws IOException { + try { + if (pendingReq.isNeedAuthentication()) { + //request needs authentication --> start authentication process ... + + //load Parameters from OnlineApplicationConfiguration + ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); + + if (oaParam == null) + throw new EAAFAuthenticationException( + IStatusMessager.CODES_INTERNAL_ERROR_AUTH_NOSPCONFIG, + new Object[] { pendingReq.getSPEntityId() }, + "No Service Provider configuration found."); + + if (authmanager.doAuthentication(req, resp, pendingReq)) { + //pending request is already authenticated --> protocol-specific postProcessing can start directly + finalizeAuthenticationProcess(req, resp, pendingReq); + + //transaction is finished, log transaction finished event + revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); + + } + + } else { + executeProtocolSpecificAction(req, resp, pendingReq, null); + + } + + } catch (Exception e) { + buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); + authmanager.performOnlyIDPLogOut(req, resp, pendingReq); + + } + } + + + /** + * Finalize the requested protocol operation + * + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse + * @param protocolRequest Authentication request which is actually in process + * @param moaSession MOASession object, which is used to generate the protocol specific authentication information + * @throws Exception + */ + protected void finalizeAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp, + IRequest pendingReq) throws Exception { + + String newSSOSessionId = null; + + //if Single Sign-On functionality is enabled for this request + if (pendingReq.needSingleSignOnFunctionality()) { + if (ssoManager != null) + newSSOSessionId = ssoManager.createNewSSOSessionCookie(req, resp, pendingReq); + else + log.warn("SSO is requested but there is not SSO Session-Manager available"); + + } + + //build authenticationdata from session information and OA configuration + IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq); + + //execute the protocol-specific action + SLOInformationInterface sloInformation = executeProtocolSpecificAction(req, resp, pendingReq, authData); + + //Store OA specific SSO session information if an SSO cookie is set + if (StringUtils.isNotEmpty(newSSOSessionId)) { + try { + //create new SSO session, if actually no SSO session exists + if (StringUtils.isEmpty(pendingReq.getSSOSessionIdentifier())) { + ssoManager.createNewSSOSession(pendingReq, newSSOSessionId, sloInformation); + + //MOA SSO-session already exists only update is required + } else { + ssoManager.updateSSOSession(pendingReq, newSSOSessionId, sloInformation); + + + } + + } catch (EAAFSSOException e) { + log.warn("SSO Session information can not be stored -> SSO is not enabled!"); + authmanager.performOnlyIDPLogOut(req, resp, pendingReq); + + } + + } else { + //remove MOASession from database + authmanager.performOnlyIDPLogOut(req, resp, pendingReq); + + } + + //Advanced statistic logging + statisticLogger.logSuccessOperation(pendingReq, authData, StringUtils.isNotEmpty(newSSOSessionId)); + + } + + /** + * Executes the requested protocol action + * + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse + * @param protocolRequest Authentication request which is actually in process + * @param authData Service-provider specific authentication data + * + * @return Return Single LogOut information or null if protocol supports no SSO + * + * @throws Exception + */ + private SLOInformationInterface executeProtocolSpecificAction(HttpServletRequest httpReq, HttpServletResponse httpResp, + IRequest pendingReq, IAuthData authData) throws Exception { + try { + // request needs no authentication --> start request processing + Class clazz = Class.forName(pendingReq.requestedAction()); + if (clazz == null || + !IAction.class.isAssignableFrom(clazz)) { + log.error("Requested protocol-action processing Class is NULL or does not implement the IAction interface."); + throw new Exception("Requested protocol-action processing Class is NULL or does not implement the IAction interface."); + + } + + IAction protocolAction = (IAction) applicationContext.getBean(clazz); + return protocolAction.processRequest(pendingReq, httpReq, httpResp, authData); + + } catch (ClassNotFoundException e) { + log.error("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); + throw new Exception("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); + } + + } + + protected void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req, + HttpServletResponse resp, IRequest protocolRequest) throws IOException { + try { + + Class clazz = Class.forName(protocolRequest.requestedModule()); + + if (clazz == null || + !IModulInfo.class.isAssignableFrom(clazz)) { + log.error("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); + throw new Exception("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); + + } + + IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz); + + if (handlingModule.generateErrorMessage( + throwable, req, resp, protocolRequest)) { + + //log Error to technical log + logExceptionToTechnicalLog(throwable); + + //log Error Message + statisticLogger.logErrorOperation(throwable, protocolRequest); + + //write revision log entries + revisionsLogger.logEvent(protocolRequest, EventConstants.TRANSACTION_ERROR, protocolRequest.getUniqueTransactionIdentifier()); + + return; + + } else { + handleErrorNoRedirect(throwable, req, resp, true); + + } + + } catch (Throwable e) { + handleErrorNoRedirect(throwable, req, resp, true); + + } + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java new file mode 100644 index 00000000..980d77ba --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java @@ -0,0 +1,354 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.controller; + +import java.io.IOException; +import java.io.PrintWriter; +import java.io.StringWriter; + +import javax.naming.ConfigurationException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.apache.commons.text.StringEscapeUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.web.bind.annotation.ExceptionHandler; + +import at.gv.egiz.components.eventlog.api.EventConstants; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.IStatusMessager; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; +import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; +import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.core.impl.utils.ServletUtils; + + +/** + * @author tlenz + * + */ +public abstract class AbstractController { + + private static final Logger log = LoggerFactory.getLogger(AbstractController.class); + + @Autowired(required=true) protected ApplicationContext applicationContext; + @Autowired(required=true) protected IConfiguration authConfig; + @Autowired(required=true) protected ITransactionStorage transactionStorage; + @Autowired(required=true) protected IRequestStorage requestStorage; + @Autowired(required=true) protected IGUIFormBuilder guiBuilder; + @Autowired(required=true) protected IGUIBuilderConfigurationFactory guiConfigFactory; + @Autowired(required=true) protected IStatusMessager statusMessager; + + @Autowired protected IStatisticLogger statisticLogger; + @Autowired protected IRevisionLogger revisionsLogger; + + + + + + @ExceptionHandler({EAAFException.class}) + public void MOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e) throws IOException { + log.error(e.getMessage() , e); + internalMOAIDExceptionHandler(req, resp, e, true); + + } + + @ExceptionHandler({Exception.class}) + public void GenericExceptionHandler(HttpServletResponse resp, Exception exception) throws IOException { + log.error("Internel Server Error." , exception); + resp.setContentType(EAAFConstants.CONTENTTYPE_HTML_UTF8); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" + + "(Errorcode=9199" + +" | Description=" + + StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(exception.getMessage())) + + ")"); + return; + + } + + @ExceptionHandler({IOException.class}) + public void IOExceptionHandler(HttpServletResponse resp, Throwable exception) { + log.error("Internel Server Error." , exception); + resp.setContentType(EAAFConstants.CONTENTTYPE_HTML_UTF8); + resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + return; + + } + + protected void handleError(String errorMessage, Throwable exceptionThrown, + HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) throws IOException { + + String pendingRequestID = null; + if (pendingReq != null) + pendingRequestID = pendingReq.getPendingRequestId(); + + Throwable loggedException = null; + Throwable extractedException = extractOriginalExceptionFromProcessException(exceptionThrown); + + //extract pendingRequestID and originalException if it was a TaskExecutionException + if (extractedException instanceof TaskExecutionException) { + //set original exception + loggedException = ((TaskExecutionException) extractedException).getOriginalException(); + + //use TaskExecutionException directly, if no Original Exeception is included + if (loggedException == null) + loggedException = exceptionThrown; + + //set pending-request ID if it is set + String reqID = ((TaskExecutionException) extractedException).getPendingRequestID(); + if (StringUtils.isNotEmpty(reqID)) + pendingRequestID = reqID; + + } else + loggedException = exceptionThrown; + + try { + //switch to protocol-finalize method to generate a protocol-specific error message + + //log error directly in debug mode + if (log.isDebugEnabled()) + log.warn(loggedException.getMessage(), loggedException); + + + //put exception into transaction store for redirect + String key = Random.nextLongRandom(); + if (pendingReq != null) { + revisionsLogger.logEvent(pendingReq, EventConstants.TRANSACTION_ERROR); + transactionStorage.put(key, + new ExceptionContainer(pendingReq, loggedException), -1); + + } else { + transactionStorage.put(key, + new ExceptionContainer(null, loggedException), -1); + + } + + //build up redirect URL + String redirectURL = null; + redirectURL = ServletUtils.getBaseUrl(req); + redirectURL += "/"+AbstractAuthProtocolModulController.ENDPOINT_ERRORHANDLING + + "?" + EAAFConstants.PARAM_HTTP_ERROR_CODE + "=" + key; + +// //only add pending-request Id if it exists +// if (StringUtils.isNotEmpty(pendingRequestID)) +// redirectURL += "&" + EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; + + resp.setContentType("text/html"); + resp.setStatus(302); + + resp.addHeader("Location", redirectURL); + log.debug("REDIRECT TO: " + redirectURL); + + return; + + } catch (Exception e) { + log.warn("Default error-handling FAILED. Exception can not be stored ....", e); + log.info("Switch to generic generic backup error-handling ... "); + handleErrorNoRedirect(loggedException, req, resp, true); + + } + + } + + /** + * Handles all exceptions with no pending request. + * Therefore, the error is written to the users browser + * + * @param throwable + * @param req + * @param resp + * @throws IOException + */ + protected void handleErrorNoRedirect(Throwable throwable, HttpServletRequest req, + HttpServletResponse resp, boolean writeExceptionToStatisticLog) throws IOException { + + //log Exception into statistic database + if (writeExceptionToStatisticLog) + statisticLogger.logErrorOperation(throwable); + + //write errror to console + logExceptionToTechnicalLog(throwable); + + //return error to Web browser + if (throwable instanceof EAAFException || throwable instanceof ProcessExecutionException) + internalMOAIDExceptionHandler(req, resp, (Exception)throwable, false); + + else { + //write generic message for general exceptions + String msg = statusMessager.getMessage(IStatusMessager.CODES_INTERNAL_ERROR_GENERIC, null); + writeHTMLErrorResponse(req, resp, msg, "9199", (Exception) throwable); + + } + + } + + /** + * Write a Exception to the MOA-ID-Auth internal technical log + * + * @param loggedException Exception to log + */ + protected void logExceptionToTechnicalLog(Throwable loggedException) { + if (!( loggedException instanceof EAAFException + || loggedException instanceof ProcessExecutionException )) { + log.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException); + + } else { + if (log.isDebugEnabled() || log.isTraceEnabled()) { + log.warn(loggedException.getMessage(), loggedException); + + } else { + log.warn(loggedException.getMessage()); + + } + } + } + + private void writeBadRequestErrorResponse(HttpServletRequest req, HttpServletResponse resp, EAAFException e) throws IOException { + String code = statusMessager.mapInternalErrorToExternalError(((InvalidProtocolRequestException)e).getErrorId()); + String descr = StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(e.getMessage())); + resp.setContentType(EAAFConstants.CONTENTTYPE_HTML_UTF8); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" + + "(Errorcode=" + code + + " | Description=" + descr + ")"); + + } + + private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, String msg, String errorCode, Exception error) throws IOException { + + try { + IGUIBuilderConfiguration config + = guiConfigFactory.getDefaultErrorGUI(HTTPUtils.extractAuthURLFromRequest(req)); + +// HTTPUtils.extractAuthURLFromRequest(req), +// DefaultGUIFormBuilderConfiguration.VIEW_ERRORMESSAGE, +// null); + + //add errorcode and errormessage + if (config instanceof ModifyableGuiBuilderConfiguration) { + ((ModifyableGuiBuilderConfiguration)config).putCustomParameter("errorMsg", msg); + ((ModifyableGuiBuilderConfiguration)config).putCustomParameter("errorCode", errorCode); + + //add stacktrace if debug is enabled + if (log.isTraceEnabled()) { + ((ModifyableGuiBuilderConfiguration)config).putCustomParameter("stacktrace", getStacktraceFromException(error)); + + } + + } else + log.info("Can not ADD error message, because 'GUIBuilderConfiguration' is not modifieable "); + + + + guiBuilder.build(httpResp, config, "Error-Message"); + + } catch (GUIBuildException e) { + log.warn("Can not build error-message GUI.", e); + GenericExceptionHandler(httpResp, e); + + } + + } + + private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, Exception error) throws IOException { + writeHTMLErrorResponse(req, httpResp, + error.getMessage(), + statusMessager.getResponseErrorCode(error), + error); + } + + + private String getStacktraceFromException(Exception ex) { + StringWriter errors = new StringWriter(); + ex.printStackTrace(new PrintWriter(errors)); + return errors.toString(); + + } + + /** + * Extracts a TaskExecutionException of a ProcessExecutionExeception Stacktrace. + * + * @param exception + * @return Return the latest TaskExecutionExecption if exists, otherwise the latest ProcessExecutionException + */ + private Throwable extractOriginalExceptionFromProcessException(Throwable exception) { + Throwable exholder = exception; + TaskExecutionException taskExc = null; + + while(exholder != null + && exholder instanceof ProcessExecutionException) { + ProcessExecutionException procExc = (ProcessExecutionException) exholder; + if (procExc.getCause() != null && + procExc.getCause() instanceof TaskExecutionException) { + taskExc = (TaskExecutionException) procExc.getCause(); + exholder = taskExc.getOriginalException(); + + } else + break; + + } + + if (taskExc == null) + return exholder; + + else + return taskExc; + } + + private void internalMOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e, boolean writeExceptionToStatisicLog) throws IOException { + if (e instanceof ProtocolNotActiveException) { + resp.getWriter().write(e.getMessage()); + resp.setContentType(EAAFConstants.CONTENTTYPE_HTML_UTF8); + resp.sendError(HttpServletResponse.SC_FORBIDDEN, + StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(e.getMessage()))); + + } else if (e instanceof AuthnRequestValidatorException) { + AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e; + //log Error Message + if (writeExceptionToStatisicLog) + statisticLogger.logErrorOperation(ex, ex.getErrorRequest()); + + //write error message + writeBadRequestErrorResponse(req, resp, (EAAFException) e); + + } else if (e instanceof InvalidProtocolRequestException) { + //send error response + writeBadRequestErrorResponse(req, resp, (EAAFException) e); + + } else if (e instanceof ConfigurationException) { + //send HTML formated error message + writeHTMLErrorResponse(req, resp, (EAAFException) e); + + } else if (e instanceof EAAFException) { + //send HTML formated error message + writeHTMLErrorResponse(req, resp, e); + + } else if (e instanceof ProcessExecutionException) { + //send HTML formated error message + writeHTMLErrorResponse(req, resp, e); + + } + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java new file mode 100644 index 00000000..a4a86ca2 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java @@ -0,0 +1,97 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.controller; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.text.StringEscapeUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IStatusMessager; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFIllegalStateException; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; + +/** + * Servlet that resumes a suspended process (in case of asynchronous tasks). + * + * @author tknall + * + */ +public abstract class AbstractProcessEngineSignalController extends AbstractController { + private static final Logger log = LoggerFactory.getLogger(AbstractProcessEngineSignalController.class); + + @Autowired protected ProcessEngine processEngine; + + protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException { + String pendingRequestID = StringEscapeUtils.escapeHtml4(getPendingRequestId(req)); + IRequest pendingReq = null; + try { + if (pendingRequestID == null) { + new EAAFException( + IStatusMessager.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, + null, + "NO PendingRequestId found" + ); + + } + + pendingReq = requestStorage.getPendingRequest(pendingRequestID); + if (pendingReq == null) { + log.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new EAAFException(IStatusMessager.CODES_INTERNAL_ERROR_AUTH_TIMEOUT, new Object[]{pendingRequestID}, + "No PendingRequest with Id: \" + pendingRequestID + \" Maybe, a transaction timeout occure.\""); + + } + + //change pending-request ID + requestStorage.changePendingRequestID(pendingReq); + pendingRequestID = pendingReq.getPendingRequestId(); + + // process instance is mandatory + if (pendingReq.getProcessInstanceId() == null) { + throw new EAAFIllegalStateException(new Object[]{"MOA session does not provide process instance id."}, + "No execution environemnt found for this pending request"); + + } + + // wake up next task + processEngine.signal(pendingReq); + + } catch (Exception ex) { + handleError(null, ex, req, resp, pendingReq); + + } finally { + //MOASessionDBUtils.closeSession(); + TransactionIDUtils.removeAllLoggingVariables(); + + } + + + } + + /** + * Retrieves the current pending-request id from the HttpServletRequest parameter + * + *

+ * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the + * respective pending-request id. + * + * @param request + * The unterlying HttpServletRequest. + * @return The current pending-request id. + */ + public String getPendingRequestId(HttpServletRequest request) { + return StringEscapeUtils.escapeHtml4(request.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID)); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java new file mode 100644 index 00000000..3659ff4f --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -0,0 +1,178 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.controller; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.text.StringEscapeUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egiz.components.eventlog.api.EventConstants; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IStatusMessager; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + +/** + * @author tlenz + * + */ +@Controller +public class ProtocolFinalizationController extends AbstractAuthProtocolModulController { + private static final Logger log = LoggerFactory.getLogger(ProtocolFinalizationController.class); + + @RequestMapping(value = ENDPOINT_ERRORHANDLING, method = {RequestMethod.GET}) + public void errorHandling(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException { + //receive an authentication error + String errorid = StringEscapeUtils.escapeHtml4(req.getParameter(EAAFConstants.PARAM_HTTP_ERROR_CODE)); + if (errorid != null) { + IRequest pendingReq = null; + try { + //load stored exception from database + ExceptionContainer container = transactionStorage.get(errorid, ExceptionContainer.class); + if (container != null) { + //remove exception if it was found + transactionStorage.remove(errorid); + + Throwable throwable = container.getExceptionThrown(); + pendingReq = container.getPendingRequest(); + + if (pendingReq != null) { + //build protocol-specific error message if possible + buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); + + //remove active user-session + transactionStorage.remove(pendingReq.getPendingRequestId()); + + return; + + } else { + handleErrorNoRedirect(throwable, req, resp, true); + + } + } else { + handleErrorNoRedirect( + new EAAFException( + IStatusMessager.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, + null, + "NO Error with this Id found" + ), req, resp, false); + + } + + } catch (Throwable e) { + log.error(e.getMessage(), e); + handleErrorNoRedirect(e, req, resp, false); + + } finally { + //remove pending-request + if (pendingReq != null) { + requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); + revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); + + } + + } + + } else { + log.debug("Request contains NO ErrorId"); + handleErrorNoRedirect( + new EAAFException( + IStatusMessager.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, + null, + "Request containts NO error id." + ), req, resp, false); + + } + + } + + + @RequestMapping(value = ENDPOINT_FINALIZEPROTOCOL, method = {RequestMethod.GET}) + public void finalizeAuthProtocol(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException { + + //read pendingRequest from http request + Object idObject = StringEscapeUtils.escapeHtml4(req.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID)); + IRequest pendingReq = null; + String pendingRequestID = null; + if (idObject != null && (idObject instanceof String)) { + pendingRequestID = (String) idObject; + pendingReq = requestStorage.getPendingRequest(pendingRequestID); + + } + + if (pendingReq == null) { + log.error("No PendingRequest with ID " + pendingRequestID + " found.!"); + handleErrorNoRedirect( + new EAAFException( + IStatusMessager.CODES_INTERNAL_ERROR_AUTH_TIMEOUT, + new Object[]{pendingRequestID, + }, + "No pendigReq with Id: " + pendingRequestID), req, resp, false); + + } else { + try { + log.debug("Finalize PendingRequest with ID " + pendingRequestID); + + //check if pending-request has 'abortedByUser' flag set + if (pendingReq.isAbortedByUser()) { + //send authentication aborted error to Service Provider + buildProtocolSpecificErrorResponse( + new EAAFAuthenticationException( + IStatusMessager.CODES_INTERNAL_ERROR_AUTH_USERSTOP, + new Object[] {}, + "User stops authentication process"), + req, resp, pendingReq); + + //do not remove the full active SSO-Session + // in case of only one Service-Provider authentication request is aborted + if ( !pendingReq.needSingleSignOnFunctionality()) { + transactionStorage.remove(pendingReq.getPendingRequestId()); + + } + + //check if pending-request are authenticated + } else if (pendingReq.isAuthenticated()) { + finalizeAuthenticationProcess(req, resp, pendingReq); + + } else { + //suspect state: pending-request is not aborted but also are not authenticated + log.error("PendingRequest is NOT authenticated --> Abort authentication process!"); + handleErrorNoRedirect( + new EAAFException( + "auth.20", + null, + "PendingRequest is NOT authenticated --> Abort authentication process!" + ), req, resp, true); + + } + + } catch (Exception e) { + log.error("Finalize authentication protocol FAILED." , e); + buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); + + if (pendingReq != null) + transactionStorage.remove(pendingReq.getPendingRequestId()); + + } + } + + //remove pending-request + if (pendingReq != null) { + requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); + revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); + + } + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java new file mode 100644 index 00000000..6a7f4440 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java @@ -0,0 +1,386 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.controller.protocols; + +import java.io.Serializable; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.Date; +import java.util.HashMap; +import java.util.Map; +import java.util.Map.Entry; + +import javax.naming.ConfigurationException; +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; + +public abstract class RequestImpl implements IRequest, Serializable{ + + private static final Logger log = LoggerFactory.getLogger(RequestImpl.class); + + public static final String DATAID_REQUESTER_IP_ADDRESS = "reqestImpl_requesterIPAddr"; + + private static final long serialVersionUID = 1L; + + private String module = null; + private String action = null; + + private String pendingRequestId; + private String processInstanceId; + private String ssoSessionId; + + private String uniqueTransactionIdentifer; + private String uniqueSessionIdentifer; + + private String requestedServiceProviderIdentifer; + private String idpAuthURL = null; + + private ISPConfiguration spConfiguration = null; + + private boolean passiv = false; + private boolean force = false; + private boolean isAbortedByUser = false; + + //every request needs authentication by default + private boolean needAuthentication = true; + + //every request is not authenticated by default + private boolean isAuthenticated = false; + + //every request needs no SSO by default + private boolean needSSO = false; + + private boolean needUserConsent = false; + + private Map genericDataStorage = new HashMap(); + + + + /** + * @throws ConfigurationException + * + */ + public final void initialize(HttpServletRequest req, IConfiguration authConfig) throws EAAFException { + //set pendingRequestId + pendingRequestId = Random.nextLongRandom(); + + //set unique transaction identifier for logging + uniqueTransactionIdentifer = Random.nextLongRandom(); + TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer); + + //initialize session object + genericDataStorage.put(EAAFConstants.AUTH_DATA_CREATED, new Date()); + //genericDataStorage.put(EAAFConstants.VALUE_SESSIONID, Random.nextLongRandom()); + + //check if End-Point is valid + String authURLString = HTTPUtils.extractAuthURLFromRequest(req); + URL authReqURL; + try { + authReqURL = new URL(authURLString); + + } catch (MalformedURLException e) { + log.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authURLString, e); + throw new EAAFAuthenticationException("errorId", new Object[]{authURLString}, + "IDP AuthenticationServiceURL Prefix is not a valid URL.", e); + + } + this.idpAuthURL = authConfig.validateIDPURL(authReqURL); + if (this.idpAuthURL == null) { + log.warn("Extract AuthenticationServiceURL: " + authReqURL + " is NOT found in configuration."); + throw new EAAFAuthenticationException("errorId", new Object[]{authURLString}, + "Extract AuthenticationServiceURL: " + authReqURL + " is NOT found in configuration."); + + } + + //set unique session identifier + String uniqueID = (String) req.getAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER); + if (StringUtils.isNotEmpty(uniqueID)) + this.uniqueSessionIdentifer = uniqueID; + + else { + log.debug("Create new sessionIdentifier for this pendingRequest ... "); + this.uniqueSessionIdentifer = Random.nextLongRandom(); + + } + + //set requester's IP address + try { + setGenericDataToSession(DATAID_REQUESTER_IP_ADDRESS, req.getRemoteAddr()); + + } catch (EAAFStorageException e) { + log.info("Can NOT store remote IP address into 'pendingRequest'." , e); + + } + + } + +// /** +// * This method map the protocol specific requested attributes to PVP 2.1 attributes. +// * +// * @return List of PVP 2.1 attribute names with maps all protocol specific attributes +// */ +// public abstract Collection getRequestedAttributes(MetadataProvider metadataProvider); + + public final void setSPEntityId(String spIdentifier) { + this.requestedServiceProviderIdentifer = spIdentifier; + } + + public final String getSPEntityId() { + return this.requestedServiceProviderIdentifer; + } + + public final boolean isPassiv() { + return passiv; + } + + public final boolean forceAuth() { + return force; + } + + public final void setPassiv(boolean passiv) { + this.passiv = passiv; + } + + public final void setForce(boolean force) { + this.force = force; + } + + public final String requestedAction() { + return action; + } + + public final void setAction(String action) { + this.action = action; + } + + public final String requestedModule() { + return module; + } + + public final void setModule(String module) { + this.module = module; + } + + public final void setPendingRequestId(String pendingReqId) { + this.pendingRequestId = pendingReqId; + + } + + public final String getPendingRequestId() { + return pendingRequestId; + } + + public final String getSSOSessionIdentifier() { + return this.ssoSessionId; + } + + public final void setSSOSessionIdentifier(String internalSSOSessionId) { + this.ssoSessionId = internalSSOSessionId; + + } + + public final Map genericFullDataStorage() { + return this.genericDataStorage; + + } + + public final ISPConfiguration getServiceProviderConfiguration() { + return this.spConfiguration; + + + } + + public T getServiceProviderConfiguration(final Class decorator) { + if (this.spConfiguration != null) { + if (decorator.isAssignableFrom(this.spConfiguration.getClass())) { + return (T) this.spConfiguration; + + } else + log.error("Can not decorate SP configuration by '" + decorator.getName() + "'."); + throw new RuntimeException("Can not decorate SP configuration by '" + decorator.getName() + "'."); + + } + + return null; + + } + + public void setOnlineApplicationConfiguration(ISPConfiguration spConfig) { + this.spConfiguration = spConfig; + + } + + public final String getUniqueTransactionIdentifier() { + return this.uniqueTransactionIdentifer; + + } + + public final String getUniqueSessionIdentifier() { + return this.uniqueSessionIdentifer; + + } + + public final String getProcessInstanceId() { + return this.processInstanceId; + + } + + public final void setUniqueTransactionIdentifier(String id) { + this.uniqueTransactionIdentifer = id; + + } + + public final void setUniqueSessionIdentifier(String id) { + this.uniqueSessionIdentifer = id; + + } + + public void setProcessInstanceId(String id) { + this.processInstanceId = id; + + } + + public final String getAuthURL() { + return this.idpAuthURL; + } + + public final String getAuthURLWithOutSlash() { + if (this.idpAuthURL.endsWith("/")) + return this.idpAuthURL.substring(0, this.idpAuthURL.length()-1); + else + return this.idpAuthURL; + + } + + public final boolean isNeedAuthentication() { + return needAuthentication; + } + + public final void setNeedAuthentication(boolean needAuthentication) { + this.needAuthentication = needAuthentication; + } + + public final boolean isAuthenticated() { + return isAuthenticated; + } + + public final void setAuthenticated(boolean isAuthenticated) { + this.isAuthenticated = isAuthenticated; + } + + public final boolean needSingleSignOnFunctionality() { + return needSSO; + } + public final void setNeedSingleSignOnFunctionality(boolean needSSO) { + this.needSSO = needSSO; + + } + + public final boolean isNeedUserConsent() { + return this.needUserConsent; + + } + + public final void setNeedUserConsent(boolean needConsent) { + this.needUserConsent = needConsent; + + } + + public final boolean isAbortedByUser() { + return this.isAbortedByUser; + } + + public final void setAbortedByUser(boolean isAborted) { + this.isAbortedByUser = isAborted; + + } + + public final Object getGenericData(String key) { + if (StringUtils.isNotEmpty(key)) { + return genericDataStorage.get(key); + + } + + log.info("Can not load generic request-data with key='null'"); + return null; + } + + public final T getGenericData(String key, final Class clazz) { + if (StringUtils.isNotEmpty(key)) { + Object data = genericDataStorage.get(key); + + if (data == null) + return null; + + try { + @SuppressWarnings("unchecked") + T test = (T) data; + return test; + + } catch (Exception e) { + log.warn("Generic request-data object can not be casted to requested type", e); + return null; + + } + + } + + log.info("Can not load generic request-data with key='null'"); + return null; + + } + + @Override + public final void setGenericDataToSession(String key, Object object) throws EAAFStorageException { + if (StringUtils.isEmpty(key)) { + log.info("Generic request-data can not be stored with a 'null' key"); + throw new EAAFStorageException("Generic request-data can not be stored with a 'null' key", null); + + } + + if (object != null) { + if (!Serializable.class.isInstance(object)) { + log.warn("Generic request-data can only store objects which implements the 'Seralizable' interface"); + throw new EAAFStorageException("Generic request-data can only store objects which implements the 'Seralizable' interface", null); + + } + } + + if (genericDataStorage.containsKey(key)) + log.trace("Overwrite generic request-data with key:" + key); + else + log.trace("Add generic request-data with key:" + key + " to session."); + + genericDataStorage.put(key, object); + + } + + @Override + public final void setGenericDataToSession(Map map) throws EAAFStorageException { + if (map == null) { + log.info("Generic request-data can not be stored with a 'null' map"); + throw new EAAFStorageException("Generic request-data can not be stored with a 'null' map", null); + + } + + //validate and store values + for (Entry el : map.entrySet()) + setGenericDataToSession(el.getKey(), el.getValue()); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/FinalizeAuthenticationTask.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/FinalizeAuthenticationTask.java new file mode 100644 index 00000000..4ab63503 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/FinalizeAuthenticationTask.java @@ -0,0 +1,57 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.controller.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; + +/** + * @author tlenz + * + */ +@Component("FinalizeAuthenticationTask") +public class FinalizeAuthenticationTask extends AbstractAuthServletTask { + + private static final Logger log = LoggerFactory.getLogger(FinalizeAuthenticationTask.class); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + try { + //set pending request to authenticated + pendingReq.setAuthenticated(true); + requestStoreage.storePendingRequest(pendingReq); + + log.info("AuthProcess finished. Redirect to Protocol Dispatcher."); + performRedirectToProtocolFinialization(pendingReq, response); + + } catch (EAAFException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (Exception e) { + log.warn("FinalizeAuthenticationTask has an internal error", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } finally { + executionContext.remove(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID); + + } + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/RestartAuthProzessManagement.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/RestartAuthProzessManagement.java new file mode 100644 index 00000000..2e5f49ed --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/RestartAuthProzessManagement.java @@ -0,0 +1,92 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.controller.tasks; + +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; + +/** + * @author tlenz + * + */ +@Component("RestartAuthProzessManagement") +public class RestartAuthProzessManagement extends AbstractAuthServletTask { + private static final Logger log = LoggerFactory.getLogger(RestartAuthProzessManagement.class); + + @Autowired ProcessEngine processEngine; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + //create a new execution context and copy all elements to new context + ExecutionContext newec = new ExecutionContextImpl(); + Set entries = executionContext.keySet(); + for (String key : entries) { + newec.put(key, executionContext.get(key)); + + } + + log.debug("Select new auth.-process and restart restart process-engine ... "); + + // select and create new process instance + String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec); + if (processDefinitionId == null) { + log.warn("No suitable authentication process found for SessionID " + pendingReq.getPendingRequestId()); + throw new EAAFException("process.02", new Object[] { pendingReq.getPendingRequestId()}, + "No suitable authentication process found for SessionID \" + pendingReq.getPendingRequestId()"); + } + + String processInstanceId = processEngine.createProcessInstance(processDefinitionId, newec); + + // keep process instance id in moa session + ((RequestImpl)pendingReq).setProcessInstanceId(processInstanceId); + + // make sure pending request has been persisted before running the process + try { + requestStoreage.storePendingRequest(pendingReq); + + } catch (EAAFException e) { + log.error("Database Error! MOASession is not stored!"); + throw new EAAFException("init.04", new Object[] { pendingReq.getPendingRequestId() }, + "Database Error! MOASession is not stored!"); + + } + + log.info("Restart process-engine with auth.process:" + processDefinitionId); + + // start process + processEngine.start(pendingReq); + + + } catch (EAAFException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (Exception e) { + log.warn("RestartAuthProzessManagement has an internal error", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java new file mode 100644 index 00000000..05fe030d --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java @@ -0,0 +1,81 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process; + +import java.io.Serializable; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; + +/** + * ExecutionContext implementation, related to a certain process instance. + * + * @author tknall + * + */ +public class ExecutionContextImpl implements ExecutionContext { + + private static final long serialVersionUID = 1L; + + private Map ctxData = Collections.synchronizedMap(new HashMap()); + + private String processInstanceId; + + /** + * Creates a new instance. + */ + public ExecutionContextImpl() { + } + + /** + * Creates a new instance and associated it with a certain process instance. + */ + public ExecutionContextImpl(String processInstanceId) { + this.processInstanceId = processInstanceId; + } + + @Override + public void setProcessInstanceId(String processInstanceId) { + this.processInstanceId = processInstanceId; + } + + @Override + public String getProcessInstanceId() { + return processInstanceId; + } + + @Override + public Serializable get(String key) { + return ctxData.get(key); + } + + @Override + public Serializable remove(String key) { + return ctxData.remove(key); + } + + @Override + public void put(String key, Serializable object) { + ctxData.put(key, object); + } + + @Override + public Set keySet() { + return Collections.unmodifiableSet(ctxData.keySet()); + } + + @Override + public String toString() { + StringBuilder builder = new StringBuilder(); + builder.append("ExecutionContextImpl ["); + builder.append("id=").append(processInstanceId); + builder.append(", variables="); + builder.append(ctxData.keySet()); + builder.append("]"); + return builder.toString(); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExpressionEvaluationContextImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExpressionEvaluationContextImpl.java new file mode 100644 index 00000000..5a85487f --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExpressionEvaluationContextImpl.java @@ -0,0 +1,46 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process; + +import java.io.Serializable; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.ExpressionEvaluationContext; + +/** + * Context implementation used for expression evaluation only. + * + * @author tknall + * + */ +public class ExpressionEvaluationContextImpl implements ExpressionEvaluationContext { + + private static final long serialVersionUID = 1L; + + private Map ctxData; + + /** + * Creates a new instance and initializes it with data from a given process instance. + * + * @param processInstance + * The process instance. + */ + ExpressionEvaluationContextImpl(ProcessInstance processInstance) { + ExecutionContext executionContext = processInstance.getExecutionContext(); + Set keys = executionContext.keySet(); + ctxData = Collections.synchronizedMap(new HashMap(keys.size())); + for (String key : keys) { + ctxData.put(key, executionContext.get(key)); + } + } + + @Override + public Map getCtx() { + return Collections.unmodifiableMap(ctxData); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessDefinitionParser.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessDefinitionParser.java new file mode 100644 index 00000000..2c715b94 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessDefinitionParser.java @@ -0,0 +1,226 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process; + +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.Objects; + +import javax.xml.XMLConstants; +import javax.xml.namespace.QName; +import javax.xml.stream.XMLEventReader; +import javax.xml.stream.XMLInputFactory; +import javax.xml.stream.XMLStreamConstants; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.events.Attribute; +import javax.xml.stream.events.StartElement; +import javax.xml.stream.events.XMLEvent; +import javax.xml.stream.util.EventReaderDelegate; +import javax.xml.transform.stax.StAXSource; +import javax.xml.transform.stream.StreamSource; +import javax.xml.validation.Schema; +import javax.xml.validation.SchemaFactory; +import javax.xml.validation.Validator; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.xml.sax.SAXException; + +import at.gv.egiz.eaaf.core.impl.idp.process.model.EndEvent; +import at.gv.egiz.eaaf.core.impl.idp.process.model.ProcessDefinition; +import at.gv.egiz.eaaf.core.impl.idp.process.model.ProcessNode; +import at.gv.egiz.eaaf.core.impl.idp.process.model.StartEvent; +import at.gv.egiz.eaaf.core.impl.idp.process.model.TaskInfo; +import at.gv.egiz.eaaf.core.impl.idp.process.model.Transition; + +/** + * Parses an XML representation of a process definition as defined by the respective XML schema. + *

transitionElements = new ArrayList<>(); + final List startEvents = new ArrayList<>(); + + reader = new EventReaderDelegate(reader) { + + @Override + public XMLEvent nextEvent() throws XMLStreamException { + XMLEvent event = super.nextEvent(); + + switch (event.getEventType()) { + case XMLStreamConstants.START_ELEMENT: + StartElement element = event.asStartElement(); + QName qname = element.getName(); + + if (NS.equals(qname.getNamespaceURI())) { + log.trace("Found process description element '{}'.", qname.getLocalPart()); + Attribute id = element.getAttributeByName(new QName("id")); + + switch (qname.getLocalPart()) { + case "ProcessDefinition": + if (id != null) { + pd.setId(id.getValue()); + } + break; + case "StartEvent": + StartEvent startEvent = new StartEvent(); + if (id != null) { + startEvent.setId(id.getValue()); + } + startEvents.add(startEvent); + break; + case "EndEvent": + EndEvent endEvent = new EndEvent(); + if (id != null) { + endEvent.setId(id.getValue()); + pd.getEndEvents().put(id.getValue(), endEvent); + } + break; + case "Transition": + transitionElements.add(element); + break; + case "Task": + TaskInfo taskInfo = new TaskInfo(); + if (id != null) { + taskInfo.setId(id.getValue()); + pd.getTaskInfos().put(id.getValue(), taskInfo); + } + Attribute async = element.getAttributeByName(new QName("async")); + if (async != null) { + taskInfo.setAsync(Boolean.valueOf(async.getValue())); + } + Attribute implementingClass = element.getAttributeByName(new QName("class")); + if (implementingClass != null) { + taskInfo.setTaskImplementingClass(implementingClass.getValue()); + } + break; + } + + } + + break; + } + + return event; + } + + }; + + // validator is not thread-safe + Validator validator = LazyProcessDefinitionSchemaHolder.PD_SCHEMA_INSTANCE.newValidator(); + validator.validate(new StAXSource(reader)); + log.trace("Process definition successfully schema validated."); + + // perform some basic checks + log.trace("Building model and performing some plausibility checks."); + if (startEvents.size() != 1) { + throw new ProcessDefinitionParserException("A ProcessDefinition must contain exactly one single StartEvent."); + } + pd.setStartEvent(startEvents.get(0)); + + // link transitions + Iterator transitions = transitionElements.iterator(); + while (transitions.hasNext()) { + StartElement element = transitions.next(); + Transition transition = new Transition(); + Attribute id = element.getAttributeByName(new QName("id")); + if (id != null) { + transition.setId(id.getValue()); + } + Attribute conditionExpression = element.getAttributeByName(new QName("conditionExpression")); + if (conditionExpression != null) { + transition.setConditionExpression(conditionExpression.getValue()); + } + Attribute from = element.getAttributeByName(new QName("from")); + if (from != null) { + ProcessNode fromNode = pd.getProcessNode(from.getValue()); + if (fromNode == null) { + throw new ProcessDefinitionParserException("Transition's 'from'-attribute refers to a non-existing event or task '" + from.getValue() + '.'); + } + if (fromNode instanceof EndEvent) { + throw new ProcessDefinitionParserException("Transition cannot start from end event."); + } + transition.setFrom(fromNode); + fromNode.getOutgoingTransitions().add(transition); + } + Attribute to = element.getAttributeByName(new QName("to")); + if (to != null) { + ProcessNode toNode = pd.getProcessNode(to.getValue()); + if (toNode == null) { + throw new ProcessDefinitionParserException("Transition's 'to'-attribute refers to a non-existing event or task '" + to.getValue() + '.'); + } + transition.setTo(toNode); + toNode.getIncomingTransitions().add(transition); + } + if (transition.getConditionExpression() == null && Objects.equals(transition.getFrom(), transition.getTo())) { + throw new ProcessDefinitionParserException("Transition's 'from' equals its 'to'. Since no 'conditionExpression' has been set this will cause a loop."); + } + } + log.debug("Process definition '{}' successfully parsed.", pd.getId()); + return pd; + + } catch (ProcessDefinitionParserException e) { + throw e; + } catch (XMLStreamException|IOException e) { + throw new ProcessDefinitionParserException("Unable to read process definition from inputstream.", e); + } catch (SAXException e) { + throw new ProcessDefinitionParserException("Schema validation of process description failed.", e); + } catch (Exception e) { + throw new ProcessDefinitionParserException("Internal error creating process definition from inputstream.", e); + } finally { + if (reader != null) { + try { + reader.close(); + } catch (XMLStreamException e) { + // error freeing resources + } + } + } + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessDefinitionParserException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessDefinitionParserException.java new file mode 100644 index 00000000..1ea811c6 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessDefinitionParserException.java @@ -0,0 +1,37 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process; + +/** + * Exception thrown in case of error parsing a process definition. + * + * @author tknall + * + */ +public class ProcessDefinitionParserException extends Exception { + + private static final long serialVersionUID = 1L; + + /** + * Creates a new parser exception providing a {@code message} describing the reason and the {@code cause}. + * + * @param message + * The message. + * @param cause + * The cause. + */ + public ProcessDefinitionParserException(String message, Throwable cause) { + super(message, cause); + } + + /** + * Creates a new parser exception providing a {@code message} describing the reason. + * + * @param message + * The message. + */ + public ProcessDefinitionParserException(String message) { + super(message); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessEngineImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessEngineImpl.java new file mode 100644 index 00000000..b5028542 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessEngineImpl.java @@ -0,0 +1,424 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process; + +import java.io.InputStream; +import java.io.Serializable; +import java.util.HashMap; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.collections4.Predicate; +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.slf4j.MDC; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.ExpressionEvaluationContext; +import at.gv.egiz.eaaf.core.api.idp.process.ExpressionEvaluator; +import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine; +import at.gv.egiz.eaaf.core.api.idp.process.ProcessInstanceStoreDAO; +import at.gv.egiz.eaaf.core.api.idp.process.Task; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.process.dao.ProcessInstanceStore; +import at.gv.egiz.eaaf.core.impl.idp.process.model.EndEvent; +import at.gv.egiz.eaaf.core.impl.idp.process.model.ProcessDefinition; +import at.gv.egiz.eaaf.core.impl.idp.process.model.ProcessNode; +import at.gv.egiz.eaaf.core.impl.idp.process.model.StartEvent; +import at.gv.egiz.eaaf.core.impl.idp.process.model.TaskInfo; +import at.gv.egiz.eaaf.core.impl.idp.process.model.Transition; + +/** + * Process engine implementation allowing starting and continuing processes as well as providing means for cleanup actions. + */ +public class ProcessEngineImpl implements ProcessEngine { + + private Logger log = LoggerFactory.getLogger(getClass()); + + @Autowired ProcessInstanceStoreDAO piStoreDao; + @Autowired ApplicationContext context; + + private ProcessDefinitionParser pdp = new ProcessDefinitionParser(); + + private Map processDefinitions = new ConcurrentHashMap(); + + private final static String MDC_CTX_PI_NAME = "processInstanceId"; + private final static String MDC_CTX_TASK_NAME = "taskId"; + + private ExpressionEvaluator transitionConditionExpressionEvaluator; + + @Override + public void registerProcessDefinition(ProcessDefinition processDefinition) { + log.info("Registering process definition '{}'.", processDefinition.getId()); + processDefinitions.put(processDefinition.getId(), processDefinition); + } + + @Override + public String registerProcessDefinition(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException{ + ProcessDefinition pd = pdp.parse(processDefinitionInputStream); + registerProcessDefinition(pd); + return pd.getId(); + } + + /** + * Sets the process definitions. + * + * @param processDefinitions + * The process definitions. + * @throws IllegalArgumentException + * In case the process definitions contain definitions with the same identifier. + */ + public void setProcessDefinitions(Iterable processDefinitions) { + this.processDefinitions.clear(); + for (ProcessDefinition pd : processDefinitions) { + if (this.processDefinitions.containsKey(pd.getId())) { + throw new IllegalArgumentException("Duplicate process definition identifier '" + pd.getId() + "'."); + } + registerProcessDefinition(pd); + } + } + + /** + * Sets an expression evaluator that should be used to process transition condition expressions. + * @param transitionConditionExpressionEvaluator The expression evaluator. + */ + public void setTransitionConditionExpressionEvaluator( + ExpressionEvaluator transitionConditionExpressionEvaluator) { + this.transitionConditionExpressionEvaluator = transitionConditionExpressionEvaluator; + } + + + @Override + public String createProcessInstance(String processDefinitionId, ExecutionContext executionContext) throws ProcessExecutionException { + // look for respective process definition + ProcessDefinition pd = processDefinitions.get(processDefinitionId); + if (pd == null) { + throw new ProcessExecutionException("Unable to find process definition for process '" + processDefinitionId + "'."); + } + // create and keep process instance + ProcessInstance pi = new ProcessInstance(pd, executionContext); + log.info("Creating process instance from process definition '{}': {}", processDefinitionId, pi.getId()); + + try { + saveOrUpdateProcessInstance(pi); + + } catch (EAAFException e) { + throw new ProcessExecutionException("Unable to persist process instance.", e); + } + + return pi.getId(); + } + + @Override + public String createProcessInstance(String processDefinitionId) throws ProcessExecutionException { + return createProcessInstance(processDefinitionId, null); + } + + @Override + public void start(IRequest pendingReq) throws ProcessExecutionException { + try { + if (StringUtils.isEmpty(pendingReq.getProcessInstanceId())) { + log.error("Pending-request with id:" + pendingReq.getPendingRequestId() + + " includes NO 'ProcessInstanceId'"); + throw new ProcessExecutionException("Pending-request with id:" + pendingReq.getPendingRequestId() + + " includes NO 'ProcessInstanceId'"); + } + + ProcessInstance pi = loadProcessInstance(pendingReq.getProcessInstanceId()); + + if (pi == null ) { + throw new ProcessExecutionException("Process instance '" + pendingReq.getProcessInstanceId() + "' does not exist."); + + } + + MDC.put(MDC_CTX_PI_NAME, pi.getId()); + + if (!ProcessInstanceState.NOT_STARTED.equals(pi.getState())) { + throw new ProcessExecutionException("Process instance '" + pi.getId() + "' has already been started (current state is " + pi.getState() + ")."); + } + log.info("Starting process instance '{}'.", pi.getId()); + // execute process + pi.setState(ProcessInstanceState.STARTED); + execute(pi, pendingReq); + + //store ProcessInstance if it is not already ended + if (!ProcessInstanceState.ENDED.equals(pi.getState())) + saveOrUpdateProcessInstance(pi); + + } catch (EAAFException e) { + throw new ProcessExecutionException("Unable to load/save process instance.", e); + + } finally { + MDC.remove(MDC_CTX_PI_NAME); + } + } + + @Override + public void signal(IRequest pendingReq) throws ProcessExecutionException { + + try { + if (StringUtils.isEmpty(pendingReq.getProcessInstanceId())) { + log.error("Pending-request with id:" + pendingReq.getPendingRequestId() + + " includes NO 'ProcessInstanceId'"); + throw new ProcessExecutionException("Pending-request with id:" + pendingReq.getPendingRequestId() + + " includes NO 'ProcessInstanceId'"); + } + + ProcessInstance pi = loadProcessInstance(pendingReq.getProcessInstanceId()); + + if (pi == null ) { + throw new ProcessExecutionException("Process instance '" + pendingReq.getProcessInstanceId() + "' does not exist."); + + } + + MDC.put(MDC_CTX_PI_NAME, pi.getId()); + + if (!ProcessInstanceState.SUSPENDED.equals(pi.getState())) { + throw new ProcessExecutionException("Process instance '" + pi.getId() + "' has not been suspended (current state is " + pi.getState() + ")."); + } + + log.info("Waking up process instance '{}'.", pi.getId()); + pi.setState(ProcessInstanceState.STARTED); + + //put pending-request ID on execution-context because it could be changed + pi.getExecutionContext().put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId()); + + execute(pi, pendingReq); + + //store ProcessInstance if it is not already ended + if (!ProcessInstanceState.ENDED.equals(pi.getState())) + saveOrUpdateProcessInstance(pi); + + } catch (EAAFException e) { + throw new ProcessExecutionException("Unable to load/save process instance.", e); + + } finally { + MDC.remove(MDC_CTX_PI_NAME); + } + } + + + /** + * Instantiates a task implementation given by a {@link TaskInfo}. + * @param ti The task info. + * @return A Task implementation or {@code null} if the task info does not reference any task implementing classes. + * @throws ProcessExecutionException Thrown in case of error (when the referenced class does not implement {@link Task} for instance). + */ + private Task createTaskInstance(TaskInfo ti) throws ProcessExecutionException { + String clazz = StringUtils.trimToNull(ti.getTaskImplementingClass()); + Task task = null; + + if (clazz != null) { + log.debug("Instantiating task implementing class '{}'.", clazz); + Object instanceClass = null; + try { + instanceClass = context.getBean(clazz); + + } catch (Exception e) { + throw new ProcessExecutionException("Unable to get class '" + clazz + "' associated with task '" + ti.getId() + "' .", e); + + } + if (instanceClass == null || !(instanceClass instanceof Task)) { + throw new ProcessExecutionException("Class '" + clazz + "' associated with task '" + ti.getId() + "' is not assignable to " + Task.class.getName() + "."); + + } + try { + task = (Task) instanceClass; + + } catch (Exception e) { + throw new ProcessExecutionException("Unable to instantiate class '" + clazz + "' associated with task '" + ti.getId() + "' .", e); + } + } + + return task; + } + + /** + * Starts/executes a given process instance. + * @param pi The process instance. + * @param pendingReq + * @throws ProcessExecutionException Thrown in case of error. + */ + private void execute(final ProcessInstance pi, IRequest pendingReq) throws ProcessExecutionException { + if (ProcessInstanceState.ENDED.equals(pi.getState())) { + throw new ProcessExecutionException("Process for instance '" + pi.getId() + "' has already been ended."); + } + ProcessDefinition pd = pi.getProcessDefinition(); + ProcessNode processNode = pd.getProcessNode(pi.getNextId()); + log.debug("Processing node '{}'.", processNode.getId()); + + // distinguish process node types StartEvent, TaskInfo and EndEvent + + if (processNode instanceof TaskInfo) { + // TaskInfo types need to be executed + TaskInfo ti = (TaskInfo) processNode; + MDC.put(MDC_CTX_TASK_NAME, ti.getId()); + try { + log.info("Processing task '{}'.", ti.getId()); + Task task = createTaskInstance(ti); + if (task != null) { + try { + log.info("Executing task implementation for task '{}'.", ti.getId()); + log.debug("Execution context before task execution: {}", pi.getExecutionContext().keySet()); + pendingReq = task.execute(pendingReq, pi.getExecutionContext()); + log.info("Returned from execution of task '{}'.", ti.getId()); + log.debug("Execution context after task execution: {}", pi.getExecutionContext().keySet()); + } catch (Throwable t) { + throw new ProcessExecutionException("Error executing task '" + ti.getId() + "'.", t); + } + } else { + log.debug("No task implementing class set."); + } + } finally { + MDC.remove(MDC_CTX_TASK_NAME); + } + + } else if (processNode instanceof EndEvent) { + log.info("Finishing process instance '{}'.", pi.getId()); + + try { + piStoreDao.remove(pi.getId()); + + } catch (EAAFException e) { + throw new ProcessExecutionException("Unable to remove process instance.", e); + + } + pi.setState(ProcessInstanceState.ENDED); + log.debug("Final process context: {}", pi.getExecutionContext().keySet()); + return; + } + + final ExpressionEvaluationContext expressionContext = new ExpressionEvaluationContextImpl(pi); + + // traverse pointer + Transition t = CollectionUtils.find(processNode.getOutgoingTransitions(), new Predicate() { + @Override + public boolean evaluate(Transition transition) { + if (transitionConditionExpressionEvaluator != null && transition.getConditionExpression() != null) { + log.trace("Evaluating transition expression '{}'.", transition.getConditionExpression()); + return transitionConditionExpressionEvaluator.evaluate(expressionContext, transition.getConditionExpression()); + } + return true; + } + }); + if (t == null) { + throw new ProcessExecutionException("No valid transition starting from process node '" + processNode.getId()+ "'."); + } + log.trace("Found suitable transition: {}", t); + // update pointer + log.trace("Shifting process token from '{}' to '{}'.", pi.getNextId(), t.getTo().getId()); + pi.setNextId(t.getTo().getId()); + + // inspect current task + if (t.getTo() instanceof TaskInfo && (((TaskInfo) t.getTo()).isAsync())) { + // immediately return in case of asynchonous task + log.info("Suspending process instance '{}' for asynchronous task '{}'.", pi.getId(), t.getTo().getId()); + pi.setState(ProcessInstanceState.SUSPENDED); + return; + } + + // continue execution in case of StartEvent or Task + if (processNode instanceof StartEvent || processNode instanceof TaskInfo) { + execute(pi, pendingReq); + } + } + + @Override + public ProcessInstance getProcessInstance(String processInstanceId) { + + ProcessInstance processInstance; + try { + processInstance = loadProcessInstance(processInstanceId); + + } catch (EAAFException e) { + throw new RuntimeException("The process instance '" + processInstanceId + "' could not be retrieved.", e); + } + + if (processInstance == null) { + throw new IllegalArgumentException("The process instance '" + processInstanceId + "' does not/no longer exist."); + } + + return processInstance; + } + + /** + * Persists a {@link ProcessInstance} to the database. + * @param processInstance The object to persist. + * @throws MOADatabaseException Thrown if an error occurs while accessing the database. + */ + private void saveOrUpdateProcessInstance(ProcessInstance processInstance) throws EAAFException { + ProcessInstanceStore store = new ProcessInstanceStore(); + + ExecutionContext ctx = processInstance.getExecutionContext(); + + Map ctxData = new HashMap(); + for (String key : ctx.keySet()) { + ctxData.put(key, ctx.get(key)); + } + store.setExecutionContextData(ctxData); + + store.setNextTaskId(processInstance.getNextId()); + store.setProcessDefinitionId(processInstance.getProcessDefinition().getId()); + + store.setProcessInstanceId(processInstance.getId()); + store.setProcessState(processInstance.getState()); + + piStoreDao.saveOrUpdate(store); + } + + /** + * Load a {@link ProcessInstance} with a certain id from the database. + * @param processInstanceId The process instance id + * @return The process instance corresponding to the id or {@code null} if no such object is found. + * @throws MOADatabaseException Thrown if an error occurs while accessing the database. + */ + private ProcessInstance loadProcessInstance(String processInstanceId) throws EAAFException { + + ProcessInstanceStore piStore = piStoreDao.load(processInstanceId); + + if (piStore == null) { + return null; + } + + ExecutionContext executionContext = new ExecutionContextImpl(piStore.getProcessInstanceId()); + + Map executionContextData = piStore.getExecutionContextData(); + for (String key : executionContextData.keySet()) { + executionContext.put(key, executionContextData.get(key)); + } + + ProcessInstance pi = new ProcessInstance(processDefinitions.get(piStore.getProcessDefinitionId()), executionContext); + pi.setNextId(piStore.getNextTaskId()); + pi.setState(piStore.getProcessState()); + + return pi; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.ProcessEngine#deleteProcessInstance(java.lang.String) + */ + @Override + public void deleteProcessInstance(String processInstanceId) throws ProcessExecutionException { + if (StringUtils.isEmpty(processInstanceId)) { + throw new ProcessExecutionException("Unable to remove process instance: ProcessInstanceId is empty"); + + } + + try { + piStoreDao.remove(processInstanceId); + + } catch (EAAFException e) { + throw new ProcessExecutionException("Unable to remove process instance.", e); + + } + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessInstance.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessInstance.java new file mode 100644 index 00000000..ab6f7916 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessInstance.java @@ -0,0 +1,166 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process; + +import java.io.Serializable; +import java.util.Date; + +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.time.DurationFormatUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.impl.idp.process.model.ProcessDefinition; +import at.gv.egiz.eaaf.core.impl.idp.process.support.SecureRandomHolder; + +/** + * Represents a process being executed. The process instance provides information about the process and its state. + * + * @author tknall + * + */ +public class ProcessInstance implements Serializable { + + private static final long serialVersionUID = 1L; + private static final int RND_ID_LENGTH = 22; + + private ProcessDefinition processDefinition; + private String nextId; + private Date lru; + private ExecutionContext executionContext; + private ProcessInstanceState state = ProcessInstanceState.NOT_STARTED; + + private Logger log = LoggerFactory.getLogger(getClass()); + + /** + * Creates a new process instance, based on a given process definition and a + * given execution context. If the given execution context is {@code null} a new execution context will be created.

+ * The process instance id of the execution context will be newly generated if it is {@code null} in the execution context. + * + * @param processDefinition + * The process definition. + * @param executionContext + * The execution context (may be {@code null}). If {@code null} a new execution context will be created internally. + */ + ProcessInstance(ProcessDefinition processDefinition, ExecutionContext executionContext) { + this.processDefinition = processDefinition; + nextId = processDefinition.getStartEvent().getId(); + if (executionContext == null) { + executionContext = new ExecutionContextImpl(); + } + if (executionContext.getProcessInstanceId() == null) { + String pdIdLocalPart = RandomStringUtils.random(RND_ID_LENGTH, 0, 0, true, true, null, + SecureRandomHolder.getInstance()); + executionContext.setProcessInstanceId(this.processDefinition.getId() + "-" + pdIdLocalPart); + } else { + log.debug("Using process instance id from execution context."); + } + log.debug("Creating process instance with id '{}'.", executionContext.getProcessInstanceId()); + this.executionContext = executionContext; + touch(); + } + + /** + * Returns the underlying process definition. + * + * @return The underlying process definition. + */ + ProcessDefinition getProcessDefinition() { + touch(); + return processDefinition; + } + + /** + * Returns the id of the process node to be executed next. + * + * @return The process node pointer indicating the process node to be executed next. + */ + public String getNextId() { + touch(); + return nextId; + } + + /** + * Sets the internal pointer to the process node to be executed next. + * + * @param nextId + * The process node id to be executed next. + */ + void setNextId(String nextId) { + touch(); + this.nextId = nextId; + } + + /** + * Returns the current state of the process instance. + * + * @return The current state. + */ + public ProcessInstanceState getState() { + touch(); + return state; + } + + /** + * Sets the current state of the process instance. + * + * @param state + * The current state. + */ + void setState(ProcessInstanceState state) { + touch(); + this.state = state; + } + + public String getId() { + touch(); + return executionContext.getProcessInstanceId(); + } + + /** + * Updates the last recently used date of the process instance. + */ + private void touch() { + lru = new Date(); + } + + /** + * Returns the date the process instance has been accessed last. + * + * @return The last recently used date. + */ + Date getLru() { + return lru; + } + + /** + * Returns the associated execution context. + * @return The execution context (never {@code null}). + */ + public ExecutionContext getExecutionContext() { + touch(); + return executionContext; + } + + @Override + public String toString() { + StringBuilder builder = new StringBuilder(); + builder.append("ProcessInstance ["); + builder.append("id=").append(executionContext.getProcessInstanceId()); + builder.append(", idle since=").append( + DurationFormatUtils.formatDurationWords(new Date().getTime() - this.lru.getTime(), true, true)); + if (processDefinition != null) { + builder.append(", processDefinition.id="); + builder.append(processDefinition.getId()); + } + if (nextId != null) { + builder.append(", nextId="); + builder.append(nextId); + } + builder.append(", executionContext=").append(executionContext); + builder.append("]"); + return builder.toString(); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessInstanceState.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessInstanceState.java new file mode 100644 index 00000000..cfb5479b --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessInstanceState.java @@ -0,0 +1,32 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process; + +/** + * Represents a certain process instance state. + * @author tknall + * + */ +public enum ProcessInstanceState { + + /** + * Indicates that the process with this process instance has not yet been started. + */ + NOT_STARTED, + + /** + * Indicates that the process is currently running. + */ + STARTED, + + /** + * Indicates that the process has been suspended until being waken up by someonce calling {@code signal}. + */ + SUSPENDED, + + /** + * Indicates that the process has been completed. + */ + ENDED + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/dao/ProcessInstanceStore.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/dao/ProcessInstanceStore.java new file mode 100644 index 00000000..1ac65e10 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/dao/ProcessInstanceStore.java @@ -0,0 +1,75 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.dao; + +import java.io.Serializable; +import java.util.Map; + +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessInstanceState; + +public class ProcessInstanceStore implements Serializable{ + + private static final long serialVersionUID = -6147519767313903808L; + + /** + * A process instance identifier qualifies as natural primary key by satisfying these requirements + * ("unique, constant, required"): + *

    + *
  • unique value
    • + *
  • never changes (immutable)
    • + *
  • never {@code null}
    • + *
+ */ + + private String processInstanceId; + + private String processDefinitionId; + + private String nextTaskId; + + private ProcessInstanceState processState; + + private Map executionContextData; + + public String getProcessInstanceId() { + return processInstanceId; + } + + public String getProcessDefinitionId() { + return processDefinitionId; + } + + public String getNextTaskId() { + return nextTaskId; + } + + public ProcessInstanceState getProcessState() { + return processState; + } + + @SuppressWarnings("unchecked") + public Map getExecutionContextData() { + return executionContextData; + } + + public void setProcessInstanceId(String processInstanceId) { + this.processInstanceId = processInstanceId; + } + + public void setProcessDefinitionId(String processDefinitionId) { + this.processDefinitionId = processDefinitionId; + } + + public void setNextTaskId(String nextTaskId) { + this.nextTaskId = nextTaskId; + } + + public void setProcessState(ProcessInstanceState processState) { + this.processState = processState; + } + + public void setExecutionContextData(Map executionContextData) { + this.executionContextData = executionContextData; + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/dao/ProcessInstanceStoreDAOImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/dao/ProcessInstanceStoreDAOImpl.java new file mode 100644 index 00000000..be80a629 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/dao/ProcessInstanceStoreDAOImpl.java @@ -0,0 +1,73 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.dao; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.idp.process.ProcessInstanceStoreDAO; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + +/** + * Database backed implementation of the {@link ProcessInstanceStoreDAO} + * interface. + */ +@Service("ProcessInstanceStoreage") +public class ProcessInstanceStoreDAOImpl implements ProcessInstanceStoreDAO { + + private Logger log = LoggerFactory.getLogger(getClass()); + + @Autowired ITransactionStorage transactionStorage; + + @Override + public void saveOrUpdate(ProcessInstanceStore pIStore) throws EAAFException { + try { + transactionStorage.put(pIStore.getProcessInstanceId(), pIStore, -1); + log.debug("Store process instance with='{}' in the database.", pIStore.getProcessInstanceId()); + + } catch (EAAFException e) { + log.warn("ProcessInstanceStore could not be persisted to the database."); + throw e; + } + } + + @Override + public ProcessInstanceStore load(String processInstanceId) throws EAAFException { + log.debug("Retrieve the ProcessInstanceStore for id='{}' from the database.", processInstanceId); + ProcessInstanceStore result = null; + try { + result = transactionStorage.get(processInstanceId, ProcessInstanceStore.class); + + } catch (Exception e) { + log.error("There are multiple persisted processes with the same process instance id '{}'", + processInstanceId); + + throw e; + } + + if (result != null) { + log.debug("Found process instance store for instance '{}'.", processInstanceId); + + } else { + log.debug("Unable to find process instance store for instance '{}'.", processInstanceId); + + } + + return result; + } + + @Override + public void remove(String processInstanceId) throws EAAFException { + + log.debug("Delete the ProcessInstanceStore for id='{}' from the database.", processInstanceId); + + if (transactionStorage.containsKey(processInstanceId)) + transactionStorage.remove(processInstanceId); + else + log.trace("ProcessInstanceStore for id='{}' was not found and could therefore not be deleted.", processInstanceId); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/EndEvent.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/EndEvent.java new file mode 100644 index 00000000..a8b757e3 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/EndEvent.java @@ -0,0 +1,44 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.model; + +import java.io.Serializable; + +import org.apache.commons.collections4.CollectionUtils; + +/** + * Represents an end event. Process execution terminates when an end event is reached. + * + * @author tknall + */ +public class EndEvent extends ProcessNode implements Serializable { + + private static final long serialVersionUID = 1L; + + @Override + public String toString() { + StringBuilder builder = new StringBuilder(); + builder.append("EndEvent ["); + if (getId() != null) { + builder.append("id="); + builder.append(getId()); + } + if (CollectionUtils.isNotEmpty(getIncomingTransitions())) { + if (builder.length() > 0) { + builder.append(", "); + } + builder.append("incomingTransitions="); + builder.append(getIncomingTransitions()); + } + if (CollectionUtils.isNotEmpty(getOutgoingTransitions())) { + if (builder.length() > 0) { + builder.append(", "); + } + builder.append("outgoingTransitions="); + builder.append(getOutgoingTransitions()); + } + builder.append("]"); + return builder.toString(); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/ProcessDefinition.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/ProcessDefinition.java new file mode 100644 index 00000000..af4c0a1f --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/ProcessDefinition.java @@ -0,0 +1,160 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.model; + +import java.util.LinkedHashMap; +import java.util.Map; +import java.util.Objects; + +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessDefinitionParser; + +/** + * Represents a single process definition containing + *
    + *
  • a {@link StartEvent},
    • + *
  • one or more {@linkplain TaskInfo Tasks},
    • + *
  • one or more {@linkplain EndEvent EndEvents} and
    • + *
  • some {@linkplain Transition Transitions} linking StartEvents, Tasks and EndEvents. + *
+ * + * @author tknall + * + */ +public class ProcessDefinition { + + private String id; + private StartEvent startEvent; + private Map taskInfos = new LinkedHashMap<>(); + private Map endEvents = new LinkedHashMap<>(); + + /** + * Returns the unique identifier of the process definition. + * + * @return The unique identifier (never {@code null} if process definition comes from + * {@link ProcessDefinitionParser}). + */ + public String getId() { + return id; + } + + /** + * Sets the unique identifier of the process definition. + * + * @param id + * The unique identifier. + */ + public void setId(String id) { + this.id = id; + } + + /** + * Returns the start event of the process definition. + * + * @return The start event (never {@code null} if process definition comes from {@link ProcessDefinitionParser}). + */ + public StartEvent getStartEvent() { + return startEvent; + } + + /** + * Sets the start event of the process definition. + * + * @param startEvent + * The start event. + */ + public void setStartEvent(StartEvent startEvent) { + this.startEvent = startEvent; + } + + /** + * Returns a map containing the tasks of the process definition. + * + * @return The tasks (map is never {@code null} if process definition comes from {@link ProcessDefinitionParser}). + */ + public Map getTaskInfos() { + return taskInfos; + } + + /** + * Sets the map containing the tasks. + * + * @param taskInfos + * The map containing the tasks. + */ + public void setTaskInfos(Map taskInfos) { + this.taskInfos = taskInfos; + } + + /** + * Returns a map containing the end events of the process description. + * + * @return The map containing the end events (map is never {@code null} if process definition comes from + * {@link ProcessDefinitionParser}). + */ + public Map getEndEvents() { + return endEvents; + } + + /** + * Sets a map containing the end events of the process description. + * + * @param endEvents + * The map containing the end events. + */ + public void setEndEvents(Map endEvents) { + this.endEvents = endEvents; + } + + /** + * Returns the process node associated with the given {@code id}. + * + * @param id + * The identifier of the process node. + * @return The process node (may be {code null} when no process node with the given {@code id} exists). + */ + public ProcessNode getProcessNode(String id) { + Objects.requireNonNull(id, "Identifier must not be null."); + if (startEvent != null && id.equals(startEvent.getId())) { + return startEvent; + } + TaskInfo task = taskInfos.get(id); + if (task != null) { + return task; + } + return endEvents.get(id); + } + + @Override + public String toString() { + StringBuilder builder = new StringBuilder(); + if (id != null) { + builder.append("id="); + builder.append(id); + } + if (startEvent != null) { + if (builder.length() > 0) { + builder.append(", "); + } + builder.append("startEvent="); + builder.append(startEvent); + } + if (taskInfos != null && !taskInfos.isEmpty()) { + if (builder.length() > 0) { + builder.append(", "); + } + builder.append("tasksInfos="); + builder.append(taskInfos.values()); + } + if (endEvents != null && !endEvents.isEmpty()) { + if (builder.length() > 0) { + builder.append(", "); + } + builder.append("endEvents="); + builder.append(endEvents.values()); + } + builder.insert(0, "ProcessDefinition ["); + builder.append("]"); + return builder.toString(); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/ProcessNode.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/ProcessNode.java new file mode 100644 index 00000000..e1109336 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/ProcessNode.java @@ -0,0 +1,71 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.model; + +import java.util.ArrayList; +import java.util.List; + +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessDefinitionParser; + +/** + * Represents a {@link StartEvent}, an {@link EndEvent} or a {@linkplain TaskInfo Task}. + * @author tknall + * + */ +public abstract class ProcessNode { + + private String id; + private List outgoingTransitions = new ArrayList<>(); + private List incomingTransitions = new ArrayList<>(); + + /** + * Returns the unique identifier of the process node. + * + * @return The unique identifier (never {@code null} if process node comes from a process definition from + * {@link ProcessDefinitionParser}). + */ + public String getId() { + return id; + } + + /** + * Sets the unique identifier of the process node. + * @param id The unique identifier. + */ + public void setId(String id) { + this.id = id; + } + + /** + * Returns a list of transitions pointing from this process node to another one. + * @return A list of transitions (never {@code null} if process node comes from a process definition from {@link ProcessDefinitionParser}). + */ + public List getOutgoingTransitions() { + return outgoingTransitions; + } + + /** + * Sets the list of transitions pointing from this process node to another one. + * @param outgoingTransitions The list of transitions originating from this process node. + */ + public void setOutgoingTransitions(List outgoingTransitions) { + this.outgoingTransitions = outgoingTransitions; + } + + /** + * Returns a list of transitions pointing from another process node to this one. + * @return A list of transitions (never {@code null} if process node comes from a process definition from {@link ProcessDefinitionParser}). + */ + public List getIncomingTransitions() { + return incomingTransitions; + } + + /** + * Sets the list of transitions pointing from another process node to this one. + * @param incomingTransitions A list of transitions pointing to this process node. + */ + public void setIncomingTransitions(List incomingTransitions) { + this.incomingTransitions = incomingTransitions; + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/StartEvent.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/StartEvent.java new file mode 100644 index 00000000..3d3111c2 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/StartEvent.java @@ -0,0 +1,47 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.model; + +import java.io.Serializable; + +import org.apache.commons.collections4.CollectionUtils; + +/** + * Represents a start event. Each process description contains a single start event. Process execution starts with a + * start event. + * + * @author tknall + * + */ +public class StartEvent extends ProcessNode implements Serializable { + + private static final long serialVersionUID = 1L; + + @Override + public String toString() { + StringBuilder builder = new StringBuilder(); + builder.append("StartEvent ["); + if (getId() != null) { + builder.append("id="); + builder.append(getId()); + } + if (CollectionUtils.isNotEmpty(getIncomingTransitions())) { + if (builder.length() > 0) { + builder.append(", "); + } + builder.append("incomingTransitions="); + builder.append(getIncomingTransitions()); + } + if (CollectionUtils.isNotEmpty(getOutgoingTransitions())) { + if (builder.length() > 0) { + builder.append(", "); + } + builder.append("outgoingTransitions="); + + builder.append(getOutgoingTransitions()); + } + builder.append("]"); + return builder.toString(); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/TaskInfo.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/TaskInfo.java new file mode 100644 index 00000000..b7171236 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/TaskInfo.java @@ -0,0 +1,96 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.model; + +import java.io.Serializable; + +import org.apache.commons.collections4.CollectionUtils; + +import at.gv.egiz.eaaf.core.api.idp.process.Task; + +/** + * Represents information about a single task to be performed upon process execution. + * @author tknall + * + */ +public class TaskInfo extends ProcessNode implements Serializable { + + private static final long serialVersionUID = 1L; + private static final boolean DEFAULT_ASYNC = false; + + private String taskImplementingClass; + private boolean async = DEFAULT_ASYNC; + + /** + * Determines if the task is marked asynchronous ({@code true}) or synchronous ({@code false}). + * @return A flag indicating if the task should be executed asynchronously or synchronously. (Default: {@code false}) + */ + public boolean isAsync() { + return async; + } + + /** + * Marks a task to executed asynchronously ({@code true}) or synchronously ({@code false}). + * @param async The flag. + */ + public void setAsync(boolean async) { + this.async = async; + } + + /** + * Returns the class that implements the actual task (must implement {@link Task}). + * @return The task implementing class. + */ + public String getTaskImplementingClass() { + return taskImplementingClass; + } + + /** + * Sets the class that implements the actual task (must implement {@link Task}). + * @param taskImplementingClass The task implementing class. + */ + public void setTaskImplementingClass(String taskImplementingClass) { + this.taskImplementingClass = taskImplementingClass; + } + + @Override + public String toString() { + StringBuilder builder = new StringBuilder(); + if (getId() != null) { + builder.append("id="); + builder.append(getId()); + } + if (async != DEFAULT_ASYNC) { + if (builder.length() > 0) { + builder.append(", "); + } + builder.append("async="); + builder.append(async); + } + if (taskImplementingClass != null) { + if (builder.length() > 0) { + builder.append(", "); + } + builder.append("taskImplementingClass="); + builder.append(taskImplementingClass); + } + if (CollectionUtils.isNotEmpty(getIncomingTransitions())) { + if (builder.length() > 0) { + builder.append(", "); + } + builder.append("incomingTransitions="); + builder.append(getIncomingTransitions()); + } + if (CollectionUtils.isNotEmpty(getOutgoingTransitions())) { + if (builder.length() > 0) { + builder.append(", "); + } + builder.append("outgoingTransitions="); + builder.append(getOutgoingTransitions()); + } + builder.insert(0, "TaskInfo ["); + builder.append("]"); + return builder.toString(); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/Transition.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/Transition.java new file mode 100644 index 00000000..7ac26c20 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/Transition.java @@ -0,0 +1,138 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.model; + +import java.io.Serializable; + +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessDefinitionParser; + +/** + * Represents a single transition from a {@link StartEvent} or {@linkplain TaskInfo Task} to another + * {@linkplain TaskInfo Task} or {@link EndEvent}. + * + * @author tknall + * + */ +public class Transition implements Serializable { + + private static final long serialVersionUID = 1L; + + private String id; + private String conditionExpression; + private ProcessNode from; + private ProcessNode to; + + /** + * Returns the process node (effectively a {@link StartEvent} or {@linkplain TaskInfo Task}) the transition is + * pointing from. + * + * @return The transition's source process node (never {@code null} if transition comes from a process definition + * from {@link ProcessDefinitionParser}). + */ + public ProcessNode getFrom() { + return from; + } + + /** + * Sets the process node the transition is pointing from. + * + * @param from + * The transition's source process node. + */ + public void setFrom(ProcessNode from) { + this.from = from; + } + + /** + * Returns the process node (effectively a {@linkplain TaskInfo Task} or {@link EndEvent}) the transition is + * pointing to. + * + * @return The transition's destination process node (never {@code null} if transition comes from a process + * definition from {@link ProcessDefinitionParser}). + */ + public ProcessNode getTo() { + return to; + } + + /** + * Sets the process node the transition is pointing to. + * + * @param to + * The transition's destination process node. + */ + public void setTo(ProcessNode to) { + this.to = to; + } + + /** + * Returns the unique identifier of the transition. + * + * @return The unique identifier (may be {@code null}). + */ + public String getId() { + return id; + } + + /** + * Sets the unique identifier of the transition. + * + * @param id + * The unique identifier. + */ + public void setId(String id) { + this.id = id; + } + + /** + * Returns the condition expression for this transition. + * + * @return The condition expression (may be {@code null}). + */ + public String getConditionExpression() { + return conditionExpression; + } + + /** + * Sets the condition expression for this transition. + * + * @param conditionExpression + * The condition expression. + */ + public void setConditionExpression(String conditionExpression) { + this.conditionExpression = conditionExpression; + } + + @Override + public String toString() { + StringBuilder builder = new StringBuilder(); + if (id != null) { + builder.append("id="); + builder.append(id); + } + if (from != null) { + if (builder.length() > 0) { + builder.append(", "); + } + builder.append("from.id="); + builder.append(from.getId()); + } + if (to != null) { + if (builder.length() > 0) { + builder.append(", "); + } + builder.append("to.id="); + builder.append(to.getId()); + } + if (conditionExpression != null) { + if (builder.length() > 0) { + builder.append(", "); + } + builder.append("conditionExpression="); + builder.append(conditionExpression); + } + builder.insert(0, "Transition ["); + builder.append("]"); + return builder.toString(); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/SpringExpressionEvaluator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/SpringExpressionEvaluator.java new file mode 100644 index 00000000..d301b77e --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/SpringExpressionEvaluator.java @@ -0,0 +1,63 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.spring; + +import java.util.Objects; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.BooleanUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.context.expression.BeanFactoryResolver; +import org.springframework.expression.Expression; +import org.springframework.expression.ExpressionParser; +import org.springframework.expression.spel.standard.SpelExpressionParser; +import org.springframework.expression.spel.support.StandardEvaluationContext; + +import at.gv.egiz.eaaf.core.api.idp.process.ExpressionEvaluationContext; +import at.gv.egiz.eaaf.core.api.idp.process.ExpressionEvaluator; +import at.gv.egiz.eaaf.core.impl.idp.process.model.Transition; + +/** + * Expression evaluator for processing {@link Transition} conditions allowing to reference Spring beans from the + * application context. + * + * @author tknall + * + */ +public class SpringExpressionEvaluator implements ExpressionEvaluator { + + private Logger log = LoggerFactory.getLogger(getClass()); + private ExpressionParser parser = new SpelExpressionParser(); + private StandardEvaluationContext evaluationContext = new StandardEvaluationContext(); + + @Autowired(required = false) + private ApplicationContext ctx; + + @PostConstruct + private void init() { + if (ctx != null) { + evaluationContext.setBeanResolver(new BeanFactoryResolver(ctx)); + } + } + + @Override + public boolean evaluate(ExpressionEvaluationContext expressionContext, String expression) { + Objects.requireNonNull(expression, "Expression must not be null."); + log.trace("Evaluating '{}'.", expression); + + Expression expr = parser.parseExpression(expression); + Boolean result = expr.getValue(evaluationContext, expressionContext, Boolean.class); + if (result == null) { + log.warn("Evaluation of '{}' results in null-value.", expression); + } else { + log.debug("Expression '{}' -> {}", expression, result); + } + + return BooleanUtils.isTrue(result); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/AbstractAuthSourceServlet.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/AbstractAuthSourceServlet.java new file mode 100644 index 00000000..095c3439 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/AbstractAuthSourceServlet.java @@ -0,0 +1,118 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.springweb; + +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.BeansException; +import org.springframework.beans.factory.NoSuchBeanDefinitionException; +import org.springframework.beans.factory.NoUniqueBeanDefinitionException; +import org.springframework.web.context.WebApplicationContext; +import org.springframework.web.context.support.WebApplicationContextUtils; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessInstance; + +/** + * Abstract HttpServlet that provides means for retrieving the process engine (Spring Web required) as well as + * retrieving the underlying process instance and execution context evaluating a certain request parameter. + * + * @author tknall + * + */ +public abstract class AbstractAuthSourceServlet extends HttpServlet { + + private static final long serialVersionUID = 1L; + + private ProcessEngine processEngine; + + /** + * Returns the name of the request parameter representing the respective instance id. + *

Default is {@code processInstanceId}. + * @return The request parameter name. + */ + public String getProcessInstanceIdParameterName() { + return "processInstanceId"; + } + + /** + * Returns the underlying process engine instance. + * + * @return The process engine (never {@code null}). + * @throws NoSuchBeanDefinitionException + * if no {@link ProcessEngine} bean was found. + * @throws NoUniqueBeanDefinitionException + * if more than one {@link ProcessEngine} bean was found. + * @throws BeansException + * if a problem getting the {@link ProcessEngine} bean occurred. + * @throws IllegalStateException + * if the Spring WebApplicationContext was not found, which means that the servlet is used outside a + * Spring web environment. + */ + public synchronized ProcessEngine getProcessEngine() { + if (processEngine == null) { + WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext()); + if (ctx == null) { + throw new IllegalStateException( + "Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment."); + } + processEngine = ctx.getBean(ProcessEngine.class); + } + return processEngine; + } + + /** + * Retrieves the process instance referenced by the request parameter {@link #getProcessInstanceIdParameterName()}. + * + * @param request + * The HttpServletRequest. + * @return The process instance (never {@code null}). + * @throws NoSuchBeanDefinitionException + * if no {@link ProcessEngine} bean was found. + * @throws NoUniqueBeanDefinitionException + * if more than one {@link ProcessEngine} bean was found. + * @throws BeansException + * if a problem getting the {@link ProcessEngine} bean occurred. + * @throws IllegalStateException + * if the Spring WebApplicationContext was not found, which means that the servlet is used outside a + * Spring web environment. + * @throws IllegalArgumentException + * in case the process instance id referenced by the request parameter + * {@link #getProcessInstanceIdParameterName()} does not exist. + */ + public ProcessInstance getProcessInstance(HttpServletRequest request) { + String processInstanceId = StringUtils.trimToNull(request.getParameter(getProcessInstanceIdParameterName())); + if (processInstanceId == null) { + throw new IllegalArgumentException("Missing request parameter '" + getProcessInstanceIdParameterName() + "'."); + } + return getProcessEngine().getProcessInstance(processInstanceId); + } + + /** + * Retrieves the execution context for the respective process instance referenced by the request parameter + * {@link #getProcessInstanceIdParameterName()}. + * + * @param request + * The HttpServletRequest. + * @return The execution context (never {@code null}). + * @throws NoSuchBeanDefinitionException + * if no {@link ProcessEngine} bean was found. + * @throws NoUniqueBeanDefinitionException + * if more than one {@link ProcessEngine} bean was found. + * @throws BeansException + * if a problem getting the {@link ProcessEngine} bean occurred. + * @throws IllegalStateException + * if the Spring WebApplicationContext was not found, which means that the servlet is used outside a + * Spring web environment. + * @throws IllegalArgumentException + * in case the process instance id referenced by the request parameter + * {@link #getProcessInstanceIdParameterName()} does not exist. + */ + public ExecutionContext getExecutionContext(HttpServletRequest request) { + return getProcessInstance(request).getExecutionContext(); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/AbstractTask.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/AbstractTask.java new file mode 100644 index 00000000..446bf690 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/AbstractTask.java @@ -0,0 +1,101 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.springweb; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.web.context.request.RequestAttributes; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import org.springframework.web.filter.RequestContextFilter; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.Task; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; + +/** + * Abstract task implementation providing {@link HttpServletRequest} and {@link HttpServletResponse}. + *

+ * Note that this abstract task requires the Spring (web) framework including a {@link RequestContextFilter} to be set + * within {@code web.xml}. + * + * 

+ * ...
+ * <filter>
+ *   <filter-name>requestContextFilter</filter-name>
+ *   <filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
+ * </filter>
+ * <filter-mapping>
+ *   <filter-name>requestContextFilter</filter-name>
+ *   <url-pattern>/*</url-pattern>
+ * </filter-mapping>
+ * ...
+ *
+ * + * @author tknall + * @author tlenz + * + */ +public abstract class AbstractTask implements Task { + + /** + * Executes the task providing the underlying {@link ExecutionContext} {@code executionContext} as well as the + * respective {@link HttpServletRequest} and {@link HttpServletResponse}. + * + * @param executionContext + * The execution context (never {@code null}). + * @param request + * The HttpServletRequest (never {@code null}). + * @param response + * The HttpServletResponse (never {@code null}). + * @throws IllegalStateException + * Thrown in case the task is nur being run within the required environment. Refer to javadoc for + * further information. + * @throws Exception + * Thrown in case of error executing the task. + */ + public abstract void execute(ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) throws TaskExecutionException; + + /** + * Executes the task providing the underlying {@link ExecutionContext} {@code executionContext} + * and the {@link IRequest} {@code pendingReq }as well as the + * respective {@link HttpServletRequest} and {@link HttpServletResponse}. + * + * This method sets the pending-request object of the task implementation and starts the + * {@code execute} method of the task + * + * @param pendingReq The pending-request object (never {@code null}). + * @param executionContext The execution context (never {@code null}). + * @param request The HttpServletRequest (never {@code null}). + * @param response The HttpServletResponse (never {@code null}). + * @return The pending-request object, because Process-management works recursive + * + * @throws IllegalStateException + * Thrown in case the task is being run within the required environment. Refer to javadoc for + * further information. + * @throws Exception + * Thrown in case of error executing the task. + */ + protected abstract IRequest internalExecute(IRequest pendingReq, ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) throws TaskExecutionException; + + @Override + public IRequest execute(IRequest pendingReq, ExecutionContext executionContext) throws TaskExecutionException { + RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes(); + if (requestAttributes != null && requestAttributes instanceof ServletRequestAttributes) { + HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest(); + HttpServletResponse response = ((ServletRequestAttributes) requestAttributes).getResponse(); + if (request == null || response == null) { + throw new IllegalStateException( + "Spring's RequestContextHolder did not provide HttpServletResponse. Did you forget to set the required org.springframework.web.filter.RequestContextFilter in your web.xml."); + } + return internalExecute(pendingReq, executionContext, request, response); + } else { + throw new IllegalStateException("Task needs to be executed within a Spring web environment."); + } + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java new file mode 100644 index 00000000..229735e3 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java @@ -0,0 +1,145 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.springweb; + +import java.io.Serializable; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Objects; + +import javax.annotation.PostConstruct; +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.lang3.ArrayUtils; +import org.apache.commons.lang3.BooleanUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.context.expression.BeanFactoryResolver; +import org.springframework.expression.Expression; +import org.springframework.expression.ExpressionParser; +import org.springframework.expression.spel.standard.SpelExpressionParser; +import org.springframework.expression.spel.support.StandardEvaluationContext; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.ExpressionEvaluationContext; +import at.gv.egiz.eaaf.core.api.idp.process.ExpressionEvaluator; +import at.gv.egiz.eaaf.core.impl.idp.process.model.Transition; + +/** + * Expression evaluator for processing {@link Transition} conditions allowing to + *
    + *
  • reference Spring beans from the application context using {@code @myBeanName...},
    • + *
  • {@link ExecutionContext} properties using {@code ctx['property']},
    • + *
  • Multi valued {@link HttpServletRequest} parameters using {@code requestParameters['foo']} (keep in mind that this + * expression returns an array of String values) and
    • + *
  • Single valued {@link HttpServletRequest} parameters using {@code requestParameter['foo']}
    • + *
+ * + * @author tknall + * + */ +public class SpringWebExpressionEvaluator implements ExpressionEvaluator { + + private Logger log = LoggerFactory.getLogger(getClass()); + private ExpressionParser parser = new SpelExpressionParser(); + private StandardEvaluationContext evaluationContext = new StandardEvaluationContext(); + + @Autowired(required = false) + private ApplicationContext ctx; + + @Autowired(required = false) + private HttpServletRequest request; + + @PostConstruct + private void init() { + if (ctx != null) { + evaluationContext.setBeanResolver(new BeanFactoryResolver(ctx)); + } + } + + /** + * Evaluation context that provides access to {@link HttpServletRequest} parameters using + * {@code requestParameter['foo']} for single value parameters or {@code requestParameters['foo']} for multi value + * parameters. Basic calls to {@code ctx} will be delegated. + * + * @author tknall + * + */ + private class SpringWebExpressionEvaluationContext implements ExpressionEvaluationContext { + + private static final long serialVersionUID = 1L; + + /** + * Creates a new expression evaluation context, providing access to HttpServletRequest parameter(s). + * + * @param delegate + * The original {@link ExpressionEvaluationContext} to be delegated to for {@code ctx['foo']} + * expressions. + */ + public SpringWebExpressionEvaluationContext(ExpressionEvaluationContext delegate) { + this.delegate = delegate; + } + + private ExpressionEvaluationContext delegate; + + @Override + public Map getCtx() { + return delegate.getCtx(); + } + + @SuppressWarnings("unused") + public Map getRequestParameter() { + if (request != null) { + Map singleValueMap = new HashMap(); + Iterator> it = request.getParameterMap().entrySet().iterator(); + while (it.hasNext()) { + Entry entry = it.next(); + if (ArrayUtils.isNotEmpty(entry.getValue())) { + singleValueMap.put(entry.getKey(), entry.getValue()[0]); + } + } + return singleValueMap; + } else { + return Collections. emptyMap(); + } + } + + @SuppressWarnings("unused") + public Map getRequestParameters() { + if (request != null) { + return request.getParameterMap(); + } else { + return Collections. emptyMap(); + } + } + + } + + @Override + public boolean evaluate(ExpressionEvaluationContext expressionContext, String expression) { + Objects.requireNonNull(expression, "Expression must not be null."); + log.trace("Evaluating '{}'.", expression); + + Expression expr = parser.parseExpression(expression); + Boolean result = null; + try { + result = expr.getValue(evaluationContext, new SpringWebExpressionEvaluationContext(expressionContext), + Boolean.class); + if (result == null) { + log.warn("Evaluation of '{}' results in null-value.", expression); + } else { + log.debug("Expression '{}' -> {}", expression, result); + } + } catch (Exception e) { + log.warn("Expression '{}' could not be processed.", expression, e); + } + + return BooleanUtils.isTrue(result); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java new file mode 100644 index 00000000..0f581dae --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java @@ -0,0 +1,37 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.support; + +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; + +/** + * Holder for a secure random instance following the initialization on demand holder design pattern. The secure random + * instance is a singleton that is initialized on first usage. + * + * @author tknall + * + */ +public class SecureRandomHolder { + + private SecureRandomHolder() { + } + + private static final SecureRandom SRND_INSTANCE; + static { + try { + SRND_INSTANCE = SecureRandom.getInstance("SHA1PRNG"); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException("Unable to instantiate SHA1PRNG.", e); + } + } + + /** + * Returns a secure random generator instance. + * @return The secure random instance. + */ + public static SecureRandom getInstance() { + return SecureRandomHolder.SRND_INSTANCE; + } + +} \ No newline at end of file diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/DummyRevisionsLogger.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/DummyRevisionsLogger.java new file mode 100644 index 00000000..5b6b8146 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/DummyRevisionsLogger.java @@ -0,0 +1,52 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.logging; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; + +public class DummyRevisionsLogger implements IRevisionLogger { + private static final Logger log = LoggerFactory.getLogger(DummyStatisticLogger.class); + + + @Override + public void logEvent(ISPConfiguration oaConfig, int eventCode, String message) { + log.trace("Dummy-logEventOperation"); + + } + + @Override + public void logEvent(int eventCode, String message) { + log.trace("Dummy-logEventOperation"); + + } + + @Override + public void logEvent(String sessionID, String transactionID, int eventCode, String message) { + log.trace("Dummy-logEventOperation"); + + } + + @Override + public void logEvent(String sessionID, String transactionID, int eventCode) { + log.trace("Dummy-logEventOperation"); + + } + + @Override + public void logEvent(IRequest pendingRequest, int eventCode) { + log.trace("Dummy-logEventOperation"); + + } + + @Override + public void logEvent(IRequest pendingRequest, int eventCode, String message) { + log.trace("Dummy-logEventOperation"); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/DummyStatisticLogger.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/DummyStatisticLogger.java new file mode 100644 index 00000000..20f58b14 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/DummyStatisticLogger.java @@ -0,0 +1,43 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.logging; + + + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; + +@Service("DummyStatisticLogger") +public class DummyStatisticLogger implements IStatisticLogger{ + private static final Logger log = LoggerFactory.getLogger(DummyStatisticLogger.class); + + @Override + public void logSuccessOperation(IRequest protocolRequest, + IAuthData authData, boolean isSSOSession) { + log.trace("Dummy-logSuccessOperation"); + } + + @Override + public void logErrorOperation(Throwable throwable) { + log.trace("Dummy-logErrorOperation"); + } + + @Override + public void logErrorOperation(Throwable throwable, IRequest errorRequest) { + log.trace("Dummy-logErrorOperation"); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger#testConnection() + */ + @Override + public void internalTesting() throws Exception { + log.trace("Dummy-logErrorOperation"); + + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DOMUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DOMUtils.java new file mode 100644 index 00000000..f28700a1 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DOMUtils.java @@ -0,0 +1,1243 @@ +/******************************************************************************* + *******************************************************************************/ + + +package at.gv.egiz.eaaf.core.impl.utils; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Set; +import java.util.Vector; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Result; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang3.StringUtils; +import org.apache.xerces.parsers.DOMParser; +import org.apache.xerces.parsers.SAXParser; +import org.apache.xerces.parsers.XMLGrammarPreparser; +import org.apache.xerces.util.SymbolTable; +import org.apache.xerces.util.XMLGrammarPoolImpl; +import org.apache.xerces.xni.grammars.XMLGrammarDescription; +import org.apache.xerces.xni.grammars.XMLGrammarPool; +import org.apache.xerces.xni.parser.XMLInputSource; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.w3c.dom.Attr; +import org.w3c.dom.Document; +import org.w3c.dom.DocumentFragment; +import org.w3c.dom.Element; +import org.w3c.dom.NamedNodeMap; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.EntityResolver; +import org.xml.sax.ErrorHandler; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +import at.gv.egiz.eaaf.core.api.data.XMLNamespaceConstants; + +/** + * Various utility functions for handling XML DOM trees. + * + * The parsing methods in this class make use of some features internal to the + * Xerces DOM parser, mainly for performance reasons. As soon as JAXP + * (currently at version 1.2) is better at schema handling, it should be used as + * the parser interface. + * + */ +public class DOMUtils { + private static final Logger log = LoggerFactory.getLogger(DOMUtils.class); + + /** Feature URI for namespace aware parsing. */ + private static final String NAMESPACES_FEATURE = + "http://xml.org/sax/features/namespaces"; + /** Feature URI for validating parsing. */ + private static final String VALIDATION_FEATURE = + "http://xml.org/sax/features/validation"; + /** Feature URI for schema validating parsing. */ + private static final String SCHEMA_VALIDATION_FEATURE = + "http://apache.org/xml/features/validation/schema"; + /** Feature URI for normalization of element/attribute values. */ + private static final String NORMALIZED_VALUE_FEATURE = + "http://apache.org/xml/features/validation/schema/normalized-value"; + /** Feature URI for parsing ignorable whitespace. */ + private static final String INCLUDE_IGNORABLE_WHITESPACE_FEATURE = + "http://apache.org/xml/features/dom/include-ignorable-whitespace"; + /** Feature URI for creating EntityReference nodes in the DOM tree. */ + private static final String CREATE_ENTITY_REF_NODES_FEATURE = + "http://apache.org/xml/features/dom/create-entity-ref-nodes"; + /** Property URI for providing external schema locations. */ + private static final String EXTERNAL_SCHEMA_LOCATION_PROPERTY = + "http://apache.org/xml/properties/schema/external-schemaLocation"; + /** Property URI for providing the external schema location for elements + * without a namespace. */ + private static final String EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY = + "http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation"; + + private static final String EXTERNAL_GENERAL_ENTITIES_FEATURE = + "http://xml.org/sax/features/external-general-entities"; + + private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE = + "http://xml.org/sax/features/external-parameter-entities"; + + public static final String DISALLOW_DOCTYPE_FEATURE = + "http://apache.org/xml/features/disallow-doctype-decl"; + + + + /** Property URI for the Xerces grammar pool. */ + private static final String GRAMMAR_POOL = + org.apache.xerces.impl.Constants.XERCES_PROPERTY_PREFIX + + org.apache.xerces.impl.Constants.XMLGRAMMAR_POOL_PROPERTY; + /** A prime number for initializing the symbol table. */ + private static final int BIG_PRIME = 2039; + /** Symbol table for the grammar pool. */ + private static SymbolTable symbolTable = new SymbolTable(BIG_PRIME); + /** Xerces schema grammar pool. */ + private static XMLGrammarPool grammarPool = new XMLGrammarPoolImpl(); + /** Set holding the NamespaceURIs of the grammarPool, to prevent multiple + * entries of same grammars to the pool */ + private static Set grammarNamespaces; + + static { + grammarPool.lockPool(); + grammarNamespaces = new HashSet(); + } + + /** + * Preparse a schema and add it to the schema pool. + * The method only adds the schema to the pool if a schema having the same + * systemId (namespace URI) is not already present in the pool. + * + * @param inputStream An InputStream providing the contents of + * the schema. + * @param systemId The systemId (namespace URI) to use for the schema. + * @throws IOException An error occurred reading the schema. + */ + public static void addSchemaToPool(InputStream inputStream, String systemId) + throws IOException { + XMLGrammarPreparser preparser; + + if (!grammarNamespaces.contains(systemId)) { + + grammarNamespaces.add(systemId); + + // unlock the pool so that we can add another grammar + grammarPool.unlockPool(); + + // prepare the preparser + preparser = new XMLGrammarPreparser(symbolTable); + preparser.registerPreparser(XMLGrammarDescription.XML_SCHEMA, null); + preparser.setProperty(GRAMMAR_POOL, grammarPool); + preparser.setFeature(NAMESPACES_FEATURE, true); + preparser.setFeature(VALIDATION_FEATURE, true); + + // add the grammar to the pool + preparser.preparseGrammar( + XMLGrammarDescription.XML_SCHEMA, + new XMLInputSource(null, systemId, null, inputStream, null)); + + // lock the pool again so that schemas are not added automatically + grammarPool.lockPool(); + } + } + + /** + * Parse an XML document from an InputStream. + * + * @param inputStream The InputStream containing the XML + * document. + * @param validating If true, parse validating. + * @param externalSchemaLocations A String containing namespace + * URI to schema location pairs, the same way it is accepted by the xsi: + * schemaLocation attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * xsi:noNamespaceSchemaLocation attribute. + * @param entityResolver An EntityResolver to resolve external + * entities (schemas and DTDs). If null, it will not be set. + * @param errorHandler An ErrorHandler to decide what to do + * with parsing errors. If null, it will not be set. + * @return The parsed XML document as a DOM tree. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Document parseDocument( + InputStream inputStream, + boolean validating, + String externalSchemaLocations, + String externalNoNamespaceSchemaLocation, + EntityResolver entityResolver, + ErrorHandler errorHandler, + Map parserFeatures) + throws SAXException, IOException, ParserConfigurationException { + + DOMParser parser; + +// class MyEntityResolver implements EntityResolver { +// +// public InputSource resolveEntity(String publicId, String systemId) +// throws SAXException, IOException { +// return new InputSource(new ByteArrayInputStream(new byte[0])); +// } +// } + + + //if Debug is enabled make a copy of inputStream to enable debug output in case of SAXException + byte buffer [] = null; + ByteArrayInputStream baStream = null; + if(true == log.isDebugEnabled()) { + buffer = IOUtils.toByteArray(inputStream); + baStream = new ByteArrayInputStream(buffer); + + } + + + + // create the DOM parser + if (symbolTable != null) { + parser = new DOMParser(symbolTable, grammarPool); + } else { + parser = new DOMParser(); + } + + // set parser features and properties + try { + parser.setFeature(NAMESPACES_FEATURE, true); + parser.setFeature(VALIDATION_FEATURE, validating); + parser.setFeature(SCHEMA_VALIDATION_FEATURE, validating); + parser.setFeature(NORMALIZED_VALUE_FEATURE, false); + parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true); + parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false); + parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false); + parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false); + + //set external added parser features + if (parserFeatures != null) { + for (Entry el : parserFeatures.entrySet()) { + String key = el.getKey(); + if (StringUtils.isNotEmpty(key)) { + Object value = el.getValue(); + if (value != null && value instanceof Boolean) + parser.setFeature(key, (boolean)value); + + else + log.warn("This XML parser only allows features with 'boolean' values"); + + } else + log.warn("Can not set 'null' feature to XML parser"); + } + } + + //fix XXE problem + //parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + + + if (validating) { + if (externalSchemaLocations != null) { + parser.setProperty( + EXTERNAL_SCHEMA_LOCATION_PROPERTY, + externalSchemaLocations); + } + if (externalNoNamespaceSchemaLocation != null) { + parser.setProperty( + EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY, + externalNoNamespaceSchemaLocation); + } + } + + // set entity resolver and error handler + if (entityResolver != null) { + parser.setEntityResolver(entityResolver); + } + if (errorHandler != null) { + parser.setErrorHandler(errorHandler); + } + + // parse the document and return it + // if debug is enabled: use copy of strem (baStream) else use orig stream + if(null != baStream) + parser.parse(new InputSource(baStream)); + else + parser.parse(new InputSource(inputStream)); + } catch(SAXException e) { + if(true == log.isDebugEnabled() && null != buffer) { + String xmlContent = new String(buffer); + log.debug("SAXException in:\n" + xmlContent); + } + throw(e); + } + + return parser.getDocument(); + } + + /** + * Parse an XML document from an InputStream. + * + * @param inputStream The InputStream containing the XML + * document. + * @param validating If true, parse validating. + * @param externalSchemaLocations A String containing namespace + * URI to schema location pairs, the same way it is accepted by the xsi: + * schemaLocation attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * xsi:noNamespaceSchemaLocation attribute. + * @param entityResolver An EntityResolver to resolve external + * entities (schemas and DTDs). If null, it will not be set. + * @param errorHandler An ErrorHandler to decide what to do + * with parsing errors. If null, it will not be set. + * @return The parsed XML document as a DOM tree. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Document parseDocumentSimple(InputStream inputStream) + throws SAXException, IOException, ParserConfigurationException { + + DOMParser parser; + + parser = new DOMParser(); + // set parser features and properties + parser.setFeature(NAMESPACES_FEATURE, true); + parser.setFeature(VALIDATION_FEATURE, false); + parser.setFeature(SCHEMA_VALIDATION_FEATURE, false); + parser.setFeature(NORMALIZED_VALUE_FEATURE, false); + parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true); + parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false); + + parser.parse(new InputSource(inputStream)); + + return parser.getDocument(); + } + + + /** + * Parse an XML document from an InputStream. + * + * It uses a MOAEntityResolver as the EntityResolver + * and a MOAErrorHandler as the ErrorHandler. + * + * @param inputStream The InputStream containing the XML + * document. + * @param validating If true, parse validating. + * @param externalSchemaLocations A String containing namespace + * URI to schema location pairs, the same way it is accepted by the xsi: + * schemaLocation attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * xsi:noNamespaceSchemaLocation attribute. + * @param parserFeatures + * @return The parsed XML document as a DOM tree. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Document parseDocument( + InputStream inputStream, + boolean validating, + String externalSchemaLocations, + String externalNoNamespaceSchemaLocation, Map parserFeatures) + throws SAXException, IOException, ParserConfigurationException { + + + + return parseDocument( + inputStream, + validating, + externalSchemaLocations, + externalNoNamespaceSchemaLocation, + new EAAFDomEntityResolver(), + null, + parserFeatures); + } + + /** + * Parse an XML document from a String. + * + * It uses a MOAEntityResolver as the EntityResolver + * and a MOAErrorHandler as the ErrorHandler. + * + * @param xmlString The String containing the XML document. + * @param encoding The encoding of the XML document. + * @param validating If true, parse validating. + * @param externalSchemaLocations A String containing namespace + * URI to schema location pairs, the same way it is accepted by the xsi: + * schemaLocation attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * xsi:noNamespaceSchemaLocation attribute. + * @return The parsed XML document as a DOM tree. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Document parseDocument( + String xmlString, + String encoding, + boolean validating, + String externalSchemaLocations, + String externalNoNamespaceSchemaLocation, + Map parserFeatures) + throws SAXException, IOException, ParserConfigurationException { + + InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding)); + return parseDocument( + in, + validating, + externalSchemaLocations, + externalNoNamespaceSchemaLocation, + parserFeatures); + } + + + /** + * Parse an XML document from a String. + * + * It uses a MOAEntityResolver as the EntityResolver + * and a MOAErrorHandler as the ErrorHandler. + * + * @param xmlString The String containing the XML document. + * @param encoding The encoding of the XML document. + * @param validating If true, parse validating. + * @param externalSchemaLocations A String containing namespace + * URI to schema location pairs, the same way it is accepted by the xsi: + * schemaLocation attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * xsi:noNamespaceSchemaLocation attribute. + * @return The parsed XML document as a DOM tree. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Document parseDocument( + String xmlString, + String encoding, + boolean validating, + String externalSchemaLocations, + String externalNoNamespaceSchemaLocation) + throws SAXException, IOException, ParserConfigurationException { + + InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding)); + return parseDocument( + in, + validating, + externalSchemaLocations, + externalNoNamespaceSchemaLocation, + null); + } + + /** + * Parse an UTF-8 encoded XML document from a String. + * + * @param xmlString The String containing the XML document. + * @param validating If true, parse validating. + * @param externalSchemaLocations A String containing namespace + * URI to schema location pairs, the same way it is accepted by the xsi: + * schemaLocation attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * xsi:noNamespaceSchemaLocation attribute. + * @return The parsed XML document as a DOM tree. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Document parseDocument( + String xmlString, + boolean validating, + String externalSchemaLocations, + String externalNoNamespaceSchemaLocation) + throws SAXException, IOException, ParserConfigurationException { + + return parseDocument( + xmlString, + "UTF-8", + validating, + externalSchemaLocations, + externalNoNamespaceSchemaLocation); + } + + /** + * A convenience method to parse an XML document validating. + * + * @param inputStream The InputStream containing the XML + * document. + * @return The root element of the parsed XML document. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Element parseXmlValidating(InputStream inputStream) + throws ParserConfigurationException, SAXException, IOException { + return DOMUtils + .parseDocument(inputStream, true, XMLNamespaceConstants.ALL_SCHEMA_LOCATIONS, null, null) + .getDocumentElement(); + } + + /** + * A convenience method to parse an XML document validating. + * + * @param inputStream The InputStream containing the XML + * document. + * @param parserFeatures Set additional features to XML parser + * @return The root element of the parsed XML document. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Element parseXmlValidating(InputStream inputStream, Map parserFeatures) + throws ParserConfigurationException, SAXException, IOException { + return DOMUtils + .parseDocument(inputStream, true, XMLNamespaceConstants.ALL_SCHEMA_LOCATIONS, null, parserFeatures) + .getDocumentElement(); + } + + /** + * A convenience method to parse an XML document non validating. + * This method disallow DocType declarations + * + * @param inputStream The InputStream containing the XML + * document. + * @return The root element of the parsed XML document. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Element parseXmlNonValidating(InputStream inputStream) + throws ParserConfigurationException, SAXException, IOException { + return DOMUtils + .parseDocument(inputStream, false, XMLNamespaceConstants.ALL_SCHEMA_LOCATIONS, null, + Collections.unmodifiableMap(new HashMap() { + private static final long serialVersionUID = 1L; + { + put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true); + + } + })).getDocumentElement(); + } + + /** + * Schema validate a given DOM element. + * + * @param element The element to validate. + * @param externalSchemaLocations A String containing namespace + * URI to schema location pairs, the same way it is accepted by the xsi: + * schemaLocation attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * xsi:noNamespaceSchemaLocation attribute. + * @return true, if the element validates against + * the schemas declared in it. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document from its + * serialized representation. + * @throws ParserConfigurationException An error occurred configuring the XML + * @throws TransformerException An error occurred serializing the element. + */ + public static boolean validateElement( + Element element, + String externalSchemaLocations, + String externalNoNamespaceSchemaLocation) + throws + ParserConfigurationException, + IOException, + SAXException, + TransformerException { + + byte[] docBytes; + SAXParser parser; + + // create the SAX parser + if (symbolTable != null) { + parser = new SAXParser(symbolTable, grammarPool); + } else { + parser = new SAXParser(); + } + + // serialize the document + docBytes = serializeNode(element, "UTF-8"); + + // set up parser features and attributes + parser.setFeature(NAMESPACES_FEATURE, true); + parser.setFeature(VALIDATION_FEATURE, true); + parser.setFeature(SCHEMA_VALIDATION_FEATURE, true); + parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false); + parser.setFeature(DISALLOW_DOCTYPE_FEATURE, true); + + + if (externalSchemaLocations != null) { + parser.setProperty( + EXTERNAL_SCHEMA_LOCATION_PROPERTY, + externalSchemaLocations); + } + if (externalNoNamespaceSchemaLocation != null) { + parser.setProperty( + EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY, + "externalNoNamespaceSchemaLocation"); + } + + // set up entity resolver and error handler + parser.setEntityResolver(new EAAFDomEntityResolver()); + + // parse validating + parser.parse(new InputSource(new ByteArrayInputStream(docBytes))); + return true; + } + + + /** + * Schema validate a given DOM element. + * + * @param element The element to validate. + * @param externalSchemaLocations A String containing namespace + * URI to schema location pairs, the same way it is accepted by the xsi: + * schemaLocation attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * xsi:noNamespaceSchemaLocation attribute. + * @return true, if the element validates against + * the schemas declared in it. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document from its + * serialized representation. + * @throws ParserConfigurationException An error occurred configuring the XML + * @throws TransformerException An error occurred serializing the element. + */ + public static boolean validateElement( + Element element, + String externalSchemaLocations, + String externalNoNamespaceSchemaLocation, + EntityResolver entityResolver) + throws + ParserConfigurationException, + IOException, + SAXException, + TransformerException { + + byte[] docBytes; + SAXParser parser; + + // create the SAX parser + if (symbolTable != null) { + parser = new SAXParser(symbolTable, grammarPool); + } else { + parser = new SAXParser(); + } + + // serialize the document + docBytes = serializeNode(element, "UTF-8"); + + // set up parser features and attributes + parser.setFeature(NAMESPACES_FEATURE, true); + parser.setFeature(VALIDATION_FEATURE, true); + parser.setFeature(SCHEMA_VALIDATION_FEATURE, true); + + if (externalSchemaLocations != null) { + parser.setProperty( + EXTERNAL_SCHEMA_LOCATION_PROPERTY, + externalSchemaLocations); + } + if (externalNoNamespaceSchemaLocation != null) { + parser.setProperty( + EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY, + "externalNoNamespaceSchemaLocation"); + } + + // set up entity resolver and error handler + parser.setEntityResolver(entityResolver); + + // parse validating + parser.parse(new InputSource(new ByteArrayInputStream(docBytes))); + return true; + } + + /** + * Serialize the given DOM node. + * + * The node will be serialized using the UTF-8 encoding. + * + * @param node The node to serialize. + * @return String The String representation of the given DOM + * node. + * @throws TransformerException An error occurred transforming the + * node to a String. + * @throws IOException An IO error occurred writing the node to a byte array. + */ + public static String serializeNode(Node node) + throws TransformerException, IOException { + return new String(serializeNode(node, "UTF-8", false), "UTF-8"); + } + + + /** + * Serialize the given DOM node. + * + * The node will be serialized using the UTF-8 encoding. + * + * @param node The node to serialize. + * @param omitXmlDeclaration The boolean value for omitting the XML Declaration. + * @return String The String representation of the given DOM + * node. + * @throws TransformerException An error occurred transforming the + * node to a String. + * @throws IOException An IO error occurred writing the node to a byte array. + */ + public static String serializeNode(Node node, boolean omitXmlDeclaration) + throws TransformerException, IOException { + return new String(serializeNode(node, "UTF-8", omitXmlDeclaration), "UTF-8"); + } + + /** + * Serialize the given DOM node. + * + * The node will be serialized using the UTF-8 encoding. + * + * @param node The node to serialize. + * @param omitXmlDeclaration The boolean value for omitting the XML Declaration. + * @param lineSeperator Sets the line seperator String of the parser + * @return String The String representation of the given DOM + * node. + * @throws TransformerException An error occurred transforming the + * node to a String. + * @throws IOException An IO error occurred writing the node to a byte array. + */ + public static String serializeNode(Node node, boolean omitXmlDeclaration, String lineSeperator) + throws TransformerException, IOException { + return new String(serializeNode(node, "UTF-8", omitXmlDeclaration, lineSeperator), "UTF-8"); + } + + /** + * Serialize the given DOM node to a byte array. + * + * @param node The node to serialize. + * @param xmlEncoding The XML encoding to use. + * @return The serialized node, as a byte array. Using a compatible encoding + * this can easily be converted into a String. + * @throws TransformerException An error occurred transforming the node to a + * byte array. + * @throws IOException An IO error occurred writing the node to a byte array. + */ + public static byte[] serializeNode(Node node, String xmlEncoding) + throws TransformerException, IOException { + return serializeNode(node, xmlEncoding, false); + } + + /** + * Serialize the given DOM node to a byte array. + * + * @param node The node to serialize. + * @param xmlEncoding The XML encoding to use. + * @param omitDeclaration The boolean value for omitting the XML Declaration. + * @return The serialized node, as a byte array. Using a compatible encoding + * this can easily be converted into a String. + * @throws TransformerException An error occurred transforming the node to a + * byte array. + * @throws IOException An IO error occurred writing the node to a byte array. + */ + public static byte[] serializeNode(Node node, String xmlEncoding, boolean omitDeclaration) + throws TransformerException, IOException { + return serializeNode(node, xmlEncoding, omitDeclaration, null); + } + + + /** + * Serialize the given DOM node to a byte array. + * + * @param node The node to serialize. + * @param xmlEncoding The XML encoding to use. + * @param omitDeclaration The boolean value for omitting the XML Declaration. + * @param lineSeperator Sets the line seperator String of the parser + * @return The serialized node, as a byte array. Using a compatible encoding + * this can easily be converted into a String. + * @throws TransformerException An error occurred transforming the node to a + * byte array. + * @throws IOException An IO error occurred writing the node to a byte array. + */ + public static byte[] serializeNode(Node node, String xmlEncoding, boolean omitDeclaration, String lineSeperator) + throws TransformerException, IOException { + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + Transformer transformer = transformerFactory.newTransformer(); + ByteArrayOutputStream bos = new ByteArrayOutputStream(16384); + + transformer.setOutputProperty(OutputKeys.METHOD, "xml"); + transformer.setOutputProperty(OutputKeys.ENCODING, xmlEncoding); + String omit = omitDeclaration ? "yes" : "no"; + transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, omit); + if (null!=lineSeperator) { + transformer.setOutputProperty("{http://xml.apache.org/xalan}line-separator", lineSeperator);//does not work for xalan <= 2.5.1 + } + transformer.transform(new DOMSource(node), new StreamResult(bos)); + + bos.flush(); + bos.close(); + + return bos.toByteArray(); + } + + /** + * Return the text that a node contains. + * + * This routine: + *
    + *
  • Ignores comments and processing instructions.
    • + *
  • Concatenates TEXT nodes, CDATA nodes, and the results recursively + * processing EntityRef nodes.
    • + *
  • Ignores any element nodes in the sublist. (Other possible options are + * to recurse into element sublists or throw an exception.)
    • + *
+ * + * @param node A DOM node from which to extract text. + * @return A String representing its contents. + */ + public static String getText(Node node) { + if (!node.hasChildNodes()) { + return ""; + } + + StringBuffer result = new StringBuffer(); + NodeList list = node.getChildNodes(); + + for (int i = 0; i < list.getLength(); i++) { + Node subnode = list.item(i); + if (subnode.getNodeType() == Node.TEXT_NODE) { + result.append(subnode.getNodeValue()); + } else if (subnode.getNodeType() == Node.CDATA_SECTION_NODE) { + result.append(subnode.getNodeValue()); + } else if (subnode.getNodeType() == Node.ENTITY_REFERENCE_NODE) { + // Recurse into the subtree for text + // (and ignore comments) + result.append(getText(subnode)); + } + } + return result.toString(); + } + + /** + * Build the namespace prefix to namespace URL mapping in effect for a given + * node. + * + * @param node The context node for which build the map. + * @return The namespace prefix to namespace URL mapping ( + * a String value to String value mapping). + */ + public static Map getNamespaceDeclarations(Node node) { + Map nsDecls = new HashMap(); + int i; + + do { + if (node.hasAttributes()) { + NamedNodeMap attrs = node.getAttributes(); + + for (i = 0; i < attrs.getLength(); i++) { + Attr attr = (Attr) attrs.item(i); + + // add prefix mapping if none exists + if ("xmlns".equals(attr.getPrefix()) + || "xmlns".equals(attr.getName())) { + + String nsPrefix = + attr.getPrefix() != null ? attr.getLocalName() : ""; + + if (nsDecls.get(nsPrefix) == null) { + nsDecls.put(nsPrefix, attr.getValue()); + } + } + } + } + } while ((node = node.getParentNode()) != null); + + return nsDecls; + } + + /** + * Add all namespace declarations declared in the parent(s) of a given + * element and used in the subtree of the given element to the given element. + * + * @param context The element to which to add the namespaces. + */ + public static void localizeNamespaceDeclarations(Element context) { + Node parent = context.getParentNode(); + + if (parent != null) { + Map namespaces = getNamespaceDeclarations(context.getParentNode()); + Set nsUris = collectNamespaceURIs(context); + Iterator iter; + + for (iter = namespaces.entrySet().iterator(); iter.hasNext();) { + Map.Entry e = (Map.Entry) iter.next(); + + if (nsUris.contains(e.getValue())) { + String prefix = (String) e.getKey(); + String nsUri = (String) e.getValue(); + String nsAttrName = "".equals(prefix) ? "xmlns" : "xmlns:" + prefix; + + context.setAttributeNS(XMLNamespaceConstants.XMLNS_NS_URI, nsAttrName, nsUri); + } + } + } + } + + /** + * Collect all the namespace URIs used in the subtree of a given element. + * + * @param context The element that should be searched for namespace URIs. + * @return All namespace URIs used in the subtree of context, + * including the ones used in context itself. + */ + public static Set collectNamespaceURIs(Element context) { + Set result = new HashSet(); + + collectNamespaceURIsImpl(context, result); + return result; + } + + /** + * A recursive method to do the work of collectNamespaceURIs. + * + * @param context The context element to evaluate. + * @param result The result, passed as a parameter to avoid unnecessary + * instantiations of Set. + */ + private static void collectNamespaceURIsImpl(Element context, Set result) { + NamedNodeMap attrs = context.getAttributes(); + NodeList childNodes = context.getChildNodes(); + String nsUri; + int i; + + // add the namespace of the context element + nsUri = context.getNamespaceURI(); + if (nsUri != null && nsUri != XMLNamespaceConstants.XMLNS_NS_URI) { + result.add(nsUri); + } + + // add all namespace URIs from attributes + for (i = 0; i < attrs.getLength(); i++) { + nsUri = attrs.item(i).getNamespaceURI(); + if (nsUri != null && nsUri != XMLNamespaceConstants.XMLNS_NS_URI) { + result.add(nsUri); + } + } + + // add all namespaces from subelements + for (i = 0; i < childNodes.getLength(); i++) { + Node node = childNodes.item(i); + + if (node.getNodeType() == Node.ELEMENT_NODE) { + collectNamespaceURIsImpl((Element) node, result); + } + } + } + + /** + * Check, that each attribute node in the given NodeList has its + * parent in the NodeList as well. + * + * @param nodes The NodeList to check. + * @return true, if each attribute node in nodes + * has its parent in nodes as well. + */ + public static boolean checkAttributeParentsInNodeList(NodeList nodes) { + Set nodeSet = new HashSet(); + int i; + + // put the nodes into the nodeSet + for (i = 0; i < nodes.getLength(); i++) { + nodeSet.add(nodes.item(i)); + } + + // check that each attribute node's parent is in the node list + for (i = 0; i < nodes.getLength(); i++) { + Node n = nodes.item(i); + + if (n.getNodeType() == Node.ATTRIBUTE_NODE) { + Attr attr = (Attr) n; + Element owner = attr.getOwnerElement(); + + if (owner == null) { + if (!isNamespaceDeclaration(attr)) { + return false; + } + } + + if (!nodeSet.contains(owner) && !isNamespaceDeclaration(attr)) { + return false; + } + } + } + + return true; + } + + /** + * Convert an unstructured NodeList into a + * DocumentFragment. + * + * @param nodeList Contains the node list to be converted into a DOM + * DocumentFragment. + * @return the resulting DocumentFragment. The DocumentFragment will be + * backed by a new DOM Document, i.e. all noded of the node list will be + * cloned. + * @throws ParserConfigurationException An error occurred creating the + * DocumentFragment. + * @precondition The nodes in the node list appear in document order + * @precondition for each Attr node in the node list, the owning Element is + * in the node list as well. + * @precondition each Element or Attr node in the node list is namespace + * aware. + */ + public static DocumentFragment nodeList2DocumentFragment(NodeList nodeList) + throws ParserConfigurationException { + + DocumentBuilder builder = + DocumentBuilderFactory.newInstance().newDocumentBuilder(); + Document doc = builder.newDocument(); + DocumentFragment result = doc.createDocumentFragment(); + + if (null == nodeList || nodeList.getLength() == 0) { + return result; + } + + int currPos = 0; + currPos = + nodeList2DocumentFragment(nodeList, currPos, result, null, null) + 1; + + while (currPos < nodeList.getLength()) { + currPos = + nodeList2DocumentFragment(nodeList, currPos, result, null, null) + 1; + } + return result; + } + + /** + * Helper method for the nodeList2DocumentFragment. + * + * @param nodeList The NodeList to convert. + * @param currPos The current position in the nodeList. + * @param result The resulting DocumentFragment. + * @param currOrgElem The current original element. + * @param currClonedElem The current cloned element. + * @return The current position. + */ + private static int nodeList2DocumentFragment( + NodeList nodeList, + int currPos, + DocumentFragment result, + Element currOrgElem, + Element currClonedElem) { + + while (currPos < nodeList.getLength()) { + Node currentNode = nodeList.item(currPos); + switch (currentNode.getNodeType()) { + case Node.COMMENT_NODE : + case Node.PROCESSING_INSTRUCTION_NODE : + case Node.TEXT_NODE : + { + // Append current node either to resulting DocumentFragment or to + // current cloned Element + if (null == currClonedElem) { + result.appendChild( + result.getOwnerDocument().importNode(currentNode, false)); + } else { + // Stop processing if current Node is not a descendant of + // current Element + if (!isAncestor(currOrgElem, currentNode)) { + return --currPos; + } + + currClonedElem.appendChild( + result.getOwnerDocument().importNode(currentNode, false)); + } + break; + } + + case Node.ELEMENT_NODE : + { + Element nextCurrOrgElem = (Element) currentNode; + Element nextCurrClonedElem = + result.getOwnerDocument().createElementNS( + nextCurrOrgElem.getNamespaceURI(), + nextCurrOrgElem.getNodeName()); + + // Append current Node either to resulting DocumentFragment or to + // current cloned Element + if (null == currClonedElem) { + result.appendChild(nextCurrClonedElem); + currOrgElem = nextCurrOrgElem; + currClonedElem = nextCurrClonedElem; + } else { + // Stop processing if current Node is not a descendant of + // current Element + if (!isAncestor(currOrgElem, currentNode)) { + return --currPos; + } + + currClonedElem.appendChild(nextCurrClonedElem); + } + + // Process current Node (of type Element) recursively + currPos = + nodeList2DocumentFragment( + nodeList, + ++currPos, + result, + nextCurrOrgElem, + nextCurrClonedElem); + + break; + } + + case Node.ATTRIBUTE_NODE : + { + Attr currAttr = (Attr) currentNode; + + // GK 20030411: Hack to overcome problems with IAIK IXSIL + if (currAttr.getOwnerElement() == null) + break; + if (currClonedElem == null) + break; + + // currClonedElem must be the owner Element of currAttr if + // preconditions are met + currClonedElem.setAttributeNS( + currAttr.getNamespaceURI(), + currAttr.getNodeName(), + currAttr.getValue()); + break; + } + + default : + { + // All other nodes will be ignored + } + } + + currPos++; + } + + return currPos; + } + + /** + * Check, if the given attribute is a namespace declaration. + * + * @param attr The attribute to check. + * @return true, if the attribute is a namespace declaration, + * false otherwise. + */ + private static boolean isNamespaceDeclaration(Attr attr) { + return XMLNamespaceConstants.XMLNS_NS_URI.equals(attr.getNamespaceURI()); + } + + /** + * Check, if a given DOM element is an ancestor of a given node. + * + * @param candAnc The DOM element to check for being the ancestor. + * @param cand The node to check for being the child. + * @return true, if candAnc is an (indirect) + * ancestor of cand; false otherwise. + */ + public static boolean isAncestor(Element candAnc, Node cand) { + Node currPar = cand.getParentNode(); + + while (currPar != null) { + if (candAnc == currPar) + return true; + currPar = currPar.getParentNode(); + } + return false; + } + + /** + * Selects the (first) element from a node list and returns it. + * + * @param nl The NodeList to get the element from. + * @return The (first) element included in the node list or null + * if the node list is null or empty or no element is + * included in the list. + */ + public static Element getElementFromNodeList (NodeList nl) { + if ((nl == null) || (nl.getLength() == 0)) { + return null; + } + for (int i=0; iVerifyIdentityLink or VerifyAuthenticationBlock, + * including the MOASessionID as a parameter. + * + * @param authBaseURL base URL (context path) of the MOA ID Authentication component, + * including a trailing '/' + * @param authServletName request part of the data URL + * @param pendingReqId sessionID to be included in the dataURL + * @return String + */ + public String buildDataURL(String authBaseURL, String authServletName, String pendingReqId) { + String dataURL; + if (!authBaseURL.endsWith("/")) + authBaseURL += "/"; + + if (authServletName.startsWith("/")) + authServletName = authServletName.substring(1); + + dataURL = authBaseURL + authServletName; + + if (StringUtils.isNotEmpty(pendingReqId)) + dataURL = addParameter(dataURL, EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReqId); + + return dataURL; + } + + /** + * Method addParameter. + * @param urlString represents the url + * @param paramname is the parameter to be added + * @param value is the value of that parameter + * @return String + */ + private String addParameter(String urlString, String paramname, String value) { + String url = urlString; + if (paramname != null) { + if (url.indexOf("?") < 0) + url += "?"; + else + url += "&"; + url += paramname + "=" + value; + } + return url; + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EAAFDomEntityResolver.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EAAFDomEntityResolver.java new file mode 100644 index 00000000..5b39386c --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EAAFDomEntityResolver.java @@ -0,0 +1,104 @@ +/******************************************************************************* + *******************************************************************************/ + + +package at.gv.egiz.eaaf.core.impl.utils; + +import java.io.InputStream; + +import org.apache.xerces.util.URI; +import org.apache.xerces.util.URI.MalformedURIException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.xml.sax.EntityResolver; +import org.xml.sax.InputSource; + +import at.gv.egiz.eaaf.core.api.data.XMLNamespaceConstants; + +/** + * An EntityResolver that looks up entities stored as + * local resources. + * + *

The following DTDs are mapped to local resources: + *

    + *
  • The XMLSchema.dtd
    • + *
  • The datatypes.dtd
    • + *
+ *

+ *

For all other resources, an attempt is made to resolve them as resources, + * either absolute or relative to Constants.SCHEMA_ROOT. + * + */ +public class EAAFDomEntityResolver implements EntityResolver { + private static final Logger log = LoggerFactory.getLogger(EAAFDomEntityResolver.class); + + /** + * Resolve an entity. + * + * The systemId parameter is used to perform the lookup of the + * entity as a resource, either by interpreting the systemId as + * an absolute resource path, or by appending the last path component of + * systemId to Constants.SCHEMA_ROOT. + * + * @param publicId The public ID of the resource. + * @param systemId The system ID of the resource. + * @return An InputSource from which the entity can be read, or + * null, if the entity could not be found. + * @see org.xml.sax.EntityResolver#resolveEntity(java.lang.String, java.lang.String) + */ + public InputSource resolveEntity(String publicId, String systemId) { + InputStream stream; + int slashPos; + + if (publicId != null) { + // check if we can resolve some standard dtd's + if (publicId.equalsIgnoreCase("-//W3C//DTD XMLSchema 200102//EN")) { + return new InputSource( + getClass().getResourceAsStream( + XMLNamespaceConstants.SCHEMA_ROOT + "XMLSchema.dtd")); + } else if (publicId.equalsIgnoreCase("datatypes")) { + return new InputSource( + getClass().getResourceAsStream( + XMLNamespaceConstants.SCHEMA_ROOT + "datatypes.dtd")); + } + } else if (systemId != null) { + // get the URI path + try { + URI uri = new URI(systemId); + systemId = uri.getPath(); + + if (!"file".equals(uri.getScheme()) || "".equals(systemId.trim())) { + return null; + } + + } catch (MalformedURIException e) { + return null; + } + + // try to get the resource from the full path + stream = getClass().getResourceAsStream(systemId); + if (stream != null) { + InputSource source = new InputSource(stream); + + source.setSystemId(systemId); + return source; + } + + // try to get the resource from the last path component + slashPos = systemId.lastIndexOf('/'); + if (slashPos >= 0 && systemId.length() > slashPos) { + systemId = systemId.substring(slashPos + 1, systemId.length()); + stream = + getClass().getResourceAsStream(XMLNamespaceConstants.SCHEMA_ROOT + systemId); + if (stream != null) { + InputSource source = new InputSource(stream); + + source.setSystemId(systemId); + return source; + } + } + } + + return null; // nothing found - let the parser handle the entity + } +} \ No newline at end of file diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java new file mode 100644 index 00000000..01fb7375 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java @@ -0,0 +1,142 @@ +/******************************************************************************* + *******************************************************************************/ + + +package at.gv.egiz.eaaf.core.impl.utils; + +import java.io.BufferedInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.MalformedURLException; +import java.net.URI; +import java.net.URL; + +/** + * Utility for accessing files on the file system, and for reading from input streams. + * @author Paul Ivancsics + * @version $Id$ + */ +public class FileUtils { + + /** + * Reads a file, given by URL, into a byte array. + * @param urlString file URL + * @return file content + * @throws IOException on any exception thrown + */ + public static byte[] readURL(String urlString) throws IOException { + URL url = new URL(urlString); + InputStream in = new BufferedInputStream(url.openStream()); + byte[] content = StreamUtils.readStream(in); + in.close(); + return content; + } + + /** + * Reads a file from a resource. + * @param name resource name + * @return file content as a byte array + * @throws IOException on any exception thrown + */ + public static byte[] readResource(String name) throws IOException { + ClassLoader cl = FileUtils.class.getClassLoader(); + BufferedInputStream in = new BufferedInputStream(cl.getResourceAsStream(name)); + byte[] content = StreamUtils.readStream(in); + in.close(); + return content; + } + /** + * Reads a file from a resource. + * @param name filename + * @param encoding character encoding + * @return file content + * @throws IOException on any exception thrown + */ + public static String readResource(String name, String encoding) throws IOException { + byte[] content = readResource(name); + return new String(content, encoding); + } + + + /** + * Returns the absolute URL of a given url which is relative to the parameter root + * @param url + * @param root + * @return String + * @throws MalformedURLException + */ + public static String makeAbsoluteURL(String url, URI root) throws MalformedURLException { + return makeAbsoluteURL(url, root.toURL().toString()); + + } + + /** + * Returns the absolute URL of a given url which is relative to the parameter root + * @param url + * @param root + * @return String + */ + public static String makeAbsoluteURL(String url, String root) { + //if url is relative to rootConfigFileDirName make it absolute + + File keyFile; + String newURL = url; + + if(null == url) return null; + + if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("file:/") || url.startsWith("ftp:/")) { + return url; + + } else { + // check if absolute - if not make it absolute + keyFile = new File(url); + if (!keyFile.isAbsolute()) { + keyFile = new File(root, url); + + if (keyFile.toString().startsWith("file:")) + newURL = keyFile.toString(); + + else + newURL = keyFile.toURI().toString(); + + } + return newURL; + } + } + + + private static void copy( InputStream fis, OutputStream fos ) + { + try + { + byte[] buffer = new byte[ 0xFFFF ]; + for ( int len; (len = fis.read(buffer)) != -1; ) + fos.write( buffer, 0, len ); + } + catch( IOException e ) { + System.err.println( e ); + } + finally { + if ( fis != null ) + try { fis.close(); } catch ( IOException e ) { e.printStackTrace(); } + if ( fos != null ) + try { fos.close(); } catch ( IOException e ) { e.printStackTrace(); } + } + } + + public static void copyFile(File src, File dest) + { + try + { + copy( new FileInputStream( src ), new FileOutputStream( dest ) ); + } + catch( IOException e ) { + e.printStackTrace(); + } + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HTTPUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HTTPUtils.java new file mode 100644 index 00000000..cf1abaa7 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HTTPUtils.java @@ -0,0 +1,178 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egiz.eaaf.core.impl.utils; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.lang3.StringUtils; + + +/** + * + * @author Rudolf Schamberger + * + */ +public class HTTPUtils { + +// /** +// * Utility used to obtainin correct encoded HTTP content. +// * Reads a given Content adressed by HTTP-URL into String. +// * Content encoding is considered by using the Content-Type HTTP header charset value. +// * @param URL HTTP URL to read from. +// * @return String representation of content +// * @throws IOException on data-reading problems +// */ +// public static String readHttpURL(String URL) +// throws IOException { +// +// URL url = new URL(URL); +// HttpURLConnection conn = (HttpURLConnection)url.openConnection(); +// conn.setRequestMethod("GET"); +// String contentType = conn.getContentType(); +// RE regExp = null; +// try { +// regExp = new RE("(;.*charset=)(\"*)(.*[^\"])"); +// } catch (RESyntaxException e) { +// //RESyntaxException is not possible = expr. is costant +// } +// boolean charsetSupplied = regExp.match(contentType); +// String encoding = "ISO-8859-1"; //default HTTP encoding +// if (charsetSupplied) { +// encoding = regExp.getParen(3); +// } +// InputStream instream = new BufferedInputStream(conn.getInputStream()); +// InputStreamReader isr = new InputStreamReader(instream, encoding); +// Reader in = new BufferedReader(isr); +// int ch; +// StringBuffer buffer = new StringBuffer(); +// while ((ch = in.read()) > -1) { +// buffer.append((char)ch); +// } +// in.close(); +// conn.disconnect(); +// return buffer.toString(); +// } + + /** + * Helper method to retrieve server URL including context path + * @param request HttpServletRequest + * @return Server URL including context path (e.g. http://localhost:8443/moa-id-auth + */ + public static String getBaseURL(HttpServletRequest request) { + StringBuffer buffer = new StringBuffer(getServerURL(request)); + + // add context path if available + String contextPath = request.getContextPath(); + if (!StringUtils.isEmpty(contextPath)) { + buffer.append(contextPath); + } + + return buffer.toString(); + } + + /** + * Helper method to retrieve server URL + * @param request HttpServletRequest + * @return Server URL (e.g. http://localhost:8443) + */ + public static String getServerURL(HttpServletRequest request) { + StringBuffer buffer = new StringBuffer(); + + // get protocol + String protocol = request.getScheme(); + buffer.append(protocol).append("://"); + + // server name + buffer.append(request.getServerName()); + + // add port if necessary + int port = request.getServerPort(); + if ((protocol.equals("http") && port != 80) || (protocol.equals("https") && port != 443)) { + buffer.append(':'); + buffer.append(port); + } + + return buffer.toString(); + } + + /** + * Extract the IDP PublicURLPrefix from authrequest + * + * @param req HttpServletRequest + * @return PublicURLPrefix which ends always without / + */ + public static String extractAuthURLFromRequest(HttpServletRequest req) { + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath()); + return authURL; + + } + + /** + * Extract the IDP requested URL from authrequest + * + * @param req HttpServletRequest + * @return RequestURL which ends always without / + */ + public static String extractAuthServletPathFromRequest(HttpServletRequest req) { + return extractAuthURLFromRequest(req).concat(req.getServletPath()); + + } + + public static String addURLParameter(String url, String paramname, + String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java new file mode 100644 index 00000000..3583a294 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java @@ -0,0 +1,175 @@ +/******************************************************************************* + *******************************************************************************/ + + +package at.gv.egiz.eaaf.core.impl.utils; + +import java.io.BufferedInputStream; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.cert.Certificate; +import java.security.cert.CertificateFactory; + +/** + * Utility for creating and loading key stores. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class KeyStoreUtils { + + /** + * JAVA KeyStore + */ + private static final String KEYSTORE_TYPE_JKS = "JKS"; + + /** + * PKCS12 KeyStore + */ + private static final String KEYSTORE_TYPE_PKCS12 = "PKCS12"; + + + + /** + * Loads a key store from file. + * + * @param keystoreType key store type + * @param urlString URL of key store + * @param password password protecting the key store + * @return key store loaded + * @throws IOException thrown while reading the key store from file + * @throws GeneralSecurityException thrown while creating the key store + */ + public static KeyStore loadKeyStore( + String keystoreType, + String urlString, + String password) + throws IOException, GeneralSecurityException { + + URL keystoreURL = new URL(urlString); + InputStream in = keystoreURL.openStream(); + return loadKeyStore(keystoreType, in, password); + } + /** + * Loads a key store from an InputStream, and + * closes the InputStream. + * + * @param keystoreType key store type + * @param in input stream + * @param password password protecting the key store + * @return key store loaded + * @throws IOException thrown while reading the key store from the stream + * @throws GeneralSecurityException thrown while creating the key store + */ + public static KeyStore loadKeyStore( + String keystoreType, + InputStream in, + String password) + throws IOException, GeneralSecurityException { + + char[] chPassword = null; + if (password != null) + chPassword = password.toCharArray(); + KeyStore ks = KeyStore.getInstance(keystoreType); + ks.load(in, chPassword); + in.close(); + return ks; + } + /** + * Creates a key store from X509 certificate files, aliasing them with + * the index in the String[], starting with "0". + * + * @param keyStoreType key store type + * @param certFilenames certificate filenames + * @return key store created + * @throws IOException thrown while reading the certificates from file + * @throws GeneralSecurityException thrown while creating the key store + */ + public static KeyStore createKeyStore( + String keyStoreType, + String[] certFilenames) + throws IOException, GeneralSecurityException { + + KeyStore ks = KeyStore.getInstance(keyStoreType); + ks.load(null, null); + for (int i = 0; i < certFilenames.length; i++) { + Certificate cert = loadCertificate(certFilenames[i]); + ks.setCertificateEntry("" + i, cert); + } + return ks; + } + + /** + * Loads an X509 certificate from file. + * @param certFilename filename + * @return the certificate loaded + * @throws IOException thrown while reading the certificate from file + * @throws GeneralSecurityException thrown while creating the certificate + */ + private static Certificate loadCertificate(String certFilename) + throws IOException, GeneralSecurityException { + + FileInputStream in = new FileInputStream(certFilename); + CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); + Certificate cert = certFactory.generateCertificate(in); + in.close(); + return cert; + } + + + /** + * Loads a keyStore without knowing the keyStore type + * @param keyStorePath URL to the keyStore + * @param password Password protecting the keyStore + * @return keyStore loaded + * @throws KeyStoreException thrown if keyStore cannot be loaded + * @throws FileNotFoundException + * @throws IOException + */ + public static KeyStore loadKeyStore(String keyStorePath, String password) throws KeyStoreException, IOException{ + + //InputStream is = new FileInputStream(keyStorePath); + URL keystoreURL = new URL(keyStorePath); + InputStream in = keystoreURL.openStream(); + InputStream isBuffered = new BufferedInputStream(in); + return loadKeyStore(isBuffered, password); + + } + + /** + * Loads a keyStore without knowing the keyStore type + * @param in input stream + * @param password Password protecting the keyStore + * @return keyStore loaded + * @throws KeyStoreException thrown if keyStore cannot be loaded + * @throws FileNotFoundException + * @throws IOException + */ +public static KeyStore loadKeyStore(InputStream is, String password) throws KeyStoreException, IOException{ + is.mark(1024*1024); + KeyStore ks = null; + try { + try { + ks = loadKeyStore(KEYSTORE_TYPE_PKCS12, is, password); + } catch (IOException e2) { + is.reset(); + ks = loadKeyStore(KEYSTORE_TYPE_JKS, is, password); + } + } catch(Exception e) { + e.printStackTrace(); + + } + return ks; + + } + + + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java new file mode 100644 index 00000000..49b957cc --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java @@ -0,0 +1,319 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.utils; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Properties; +import java.util.Set; + +import org.apache.commons.lang3.StringUtils; + +/** + * @author tlenz + * + */ +public class KeyValueUtils { + + public static final String KEY_DELIMITER = "."; + public static final String CSV_DELIMITER = ","; + + /** + * Convert Java properties into a Map + *

+ * Important: The key/values from properties must be of type String! + * + * @param properties + * @return + */ + public static Map convertPropertiesToMap(Properties properties) { + return new HashMap((Map) properties); + + //INFO Java8 solution ;) +// return properties.entrySet().stream().collect( +// Collectors.toMap( +// e -> e.getKey().toString(), +// e -> e.getValue().toString() +// ) +// ); + + } + + /** + * Extract the first child of an input key after a the prefix + * + * @param key Full input key + * @param prefix Prefix + * @return Child key {String} if it exists or null + */ + public static String getFirstChildAfterPrefix(String key, String prefix) { + String idAfterPrefix = removePrefixFromKey(key, prefix); + if (idAfterPrefix != null) { + int index = idAfterPrefix.indexOf(KEY_DELIMITER); + if (index > 0) { + String adding = idAfterPrefix.substring(0, index); + if (!(adding.isEmpty())) { + return adding; + + } + } else if (!(idAfterPrefix.isEmpty())) { + return idAfterPrefix; + + } + + } + return null; + } + + /** + * Extract the prefix from an input key + * + * @param key Full input key + * @param suffix Suffix of this key + * @return Prefix {String} of the key or null if input key does not ends with postfix string + */ + public static String getPrefixFromKey(String key, String suffix) { + if (key != null && key.endsWith(suffix)) { + String idPreforeSuffix = key.substring(0, key.length()-suffix.length()); + if (idPreforeSuffix.endsWith(KEY_DELIMITER)) + return idPreforeSuffix.substring(0, idPreforeSuffix.length()-1); + else + return idPreforeSuffix; + } + return null; + + } + + /** + * Remove a prefix string from a key + * + * @param key Full input key + * @param prefix Prefix, which should be removed + * @return The suffix of the input key or null if the input does not starts with the prefix + */ + public static String removePrefixFromKey(String key, String prefix) { + if (prefix == null) + prefix = new String(); + + if (key!=null && key.startsWith(prefix)) { + String afterPrefix = key.substring(prefix.length()); + int index = afterPrefix.indexOf(KEY_DELIMITER); + + if (index == 0) { + afterPrefix = afterPrefix.substring(1); + + } + return afterPrefix; + + } + return null; + } + + /** + * Remove a prefix string from all keys in {Map} of key/value pairs + * + * @param keys Input data of key/value pairs + * @param prefix Prefix which should be removed + * @return {Map} of key/value pairs without prefix in key, but never null + */ + public static Map removePrefixFromKeys(Map keys, String prefix) { + Map result = new HashMap(); + Iterator> interator = keys.entrySet().iterator(); + while(interator.hasNext()) { + Entry el = interator.next(); + String newKey = removePrefixFromKey(el.getKey(), prefix); + if (StringUtils.isNotEmpty(newKey)) { + result.put(newKey, el.getValue()); + } + } + + return result; + } + + /** + * Get a subset of key/value pairs which starts with a prefix string + * The Prefix is removed from the key + * + * @param keys Input data of key/value pairs + * @param prefix Prefix string + * @return {Map} of key/value pairs without prefix in key, but never null + */ + public static Map getSubSetWithPrefix(Map keys, String prefix) { + return removePrefixFromKeys(keys, prefix); + } + + + /** + * Add a prefix to key/value pairs to make the key absolute according to key namespace convention + * + * @param input Input key/value pairs which should be updated + * @param prefix Key prefix, which should be added if the key is not absolute + * @param absolutIdentifier Key identifier, which indicates an absolute key + * @return {Map} of key/value pairs in which all keys are absolute but never null + */ + public static Map makeKeysAbsolut(Map input, String prefix, String absolutIdentifier) { + Map result = new HashMap(); + Iterator> interator = input.entrySet().iterator(); + while(interator.hasNext()) { + Entry el = interator.next(); + if (!el.getKey().startsWith(absolutIdentifier)) { + //key is not absolute -> add prefix + result.put(prefix + + KEY_DELIMITER + + el.getKey(), + el.getValue()); + + } else { + //key is absolute + result.put(el.getKey(), el.getValue()); + } + } + return result; + } + + /** + * Get the parent key string from an input key + * + * @param key input key + * @return parent key or the empty String if no parent exists + */ + public static String getParentKey(String key) { + if (StringUtils.isNotEmpty(key)) { + int index = key.lastIndexOf(KEY_DELIMITER); + if (index > 0) { + return key.substring(0, index); + + } + } + + return new String(); + } + + /** + * Find the highest free list counter + * + * @param input Array of list keys + * @param listPrefix {String} prefix of the list + * @return {int} highest free list counter + */ + public static int findNextFreeListCounter(String[] input, + String listPrefix) { + List counters = new ArrayList(); + if (input == null || input.length == 0) + return 0; + + else { + for (String key : input) { + String listIndex = getFirstChildAfterPrefix(key, listPrefix); + counters.add(Integer.parseInt(listIndex)); + + } + Collections.sort(counters); + return counters.get(counters.size()-1) + 1; + } + } + + /** + * Find the highest free list counter + * + * @param keySet {Set} of list keys + * @param listPrefix {String} prefix of the list + * @return {int} highest free list counter + */ + public static int findNextFreeListCounter(Set keySet, + String listPrefix) { + if (keySet.isEmpty()) + return 0; + + String[] array = new String[keySet.size()]; + keySet.toArray(array); + return findNextFreeListCounter(array, listPrefix); + } + + + /** + * Normalize a CSV encoded list of value of an key/value pair + * + * This method removes all whitespace at the begin or the + * end of CSV values and remove newLine signs at the end of value. + * The ',' is used as list delimiter + * + * @param value CSV encoded input data + * @return normalized CSV encoded data or null if {value} is null or empty + */ + public static String normalizeCSVValueString(String value) { + String normalizedCodes = null; + if (StringUtils.isNotEmpty(value)) { + String[] codes = value.split(CSV_DELIMITER); + for (String el: codes) { + if (normalizedCodes == null) + normalizedCodes = StringUtils.chomp(el.trim()); + else + normalizedCodes += "," + StringUtils.chomp(el.trim()); + + } + } + return normalizedCodes; + } + + + /** + * Check a String if it is a comma separated list of values + * + * This method uses the ',' as list delimiter. + * + * @param value CSV encoded input data + * @return true if the input data contains a ',' and has more then 1 list element, otherwise false + */ + public static boolean isCSVValueString(String value) { + if (StringUtils.isNotEmpty(value)) { + String[] codes = value.split(CSV_DELIMITER); + if (codes.length >= 2) { + if (StringUtils.isNotEmpty(codes[1].trim())) + return true; + + } + } + + return false; + } + + /** + * Convert a CSV list to a List of CSV values + *

+ * This method removes all whitespace at the begin or the + * end of CSV values and remove newLine signs at the end of value. + * The ',' is used as list delimiter + * + * @param csv CSV encoded input data + * @return List of CSV normalized values, but never null + */ + public static List getListOfCSVValues(String csv) { + List list = new ArrayList(); + if (StringUtils.isNotEmpty(csv)) { + String[] values = csv.split(CSV_DELIMITER); + for (String el: values) + list.add(el.trim()); + + } + + return list; + } + + /** + * This method remove all newline delimiter (\n or \r\n) from input data + * + * @param value Input String + * @return Input String without newline characters + */ + public static String removeAllNewlineFromString(String value) { + return value.replaceAll("(\\t|\\r?\\n)+", ""); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java new file mode 100644 index 00000000..c752c91f --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java @@ -0,0 +1,89 @@ +/******************************************************************************* + *******************************************************************************/ + + +package at.gv.egiz.eaaf.core.impl.utils; + +import java.util.ListIterator; + +import org.w3c.dom.DOMException; +import org.w3c.dom.Node; +import org.w3c.dom.traversal.NodeFilter; +import org.w3c.dom.traversal.NodeIterator; + +/** + * A NodeIterator implementation based on a + * ListIterator. + * + * @see java.util.ListIterator + * @see org.w3c.dom.traversal.NodeIterator + * + */ +public class NodeIteratorAdapter implements NodeIterator { + + /** The ListIterator to wrap. */ + private ListIterator nodeIterator; + + /** + * Create a new NodeIteratorAdapter. + * @param nodeIterator The ListIterator to iterate over. + */ + public NodeIteratorAdapter(ListIterator nodeIterator) { + this.nodeIterator = nodeIterator; + } + + /** + * @see org.w3c.dom.traversal.NodeIterator#getRoot() + */ + public Node getRoot() { + return null; + } + + /** + * @see org.w3c.dom.traversal.NodeIterator#getWhatToShow() + */ + public int getWhatToShow() { + return NodeFilter.SHOW_ALL; + } + + /** + * @see org.w3c.dom.traversal.NodeIterator#getFilter() + */ + public NodeFilter getFilter() { + return null; + } + + /** + * @see org.w3c.dom.traversal.NodeIterator#getExpandEntityReferences() + */ + public boolean getExpandEntityReferences() { + return false; + } + + /** + * @see org.w3c.dom.traversal.NodeIterator#nextNode() + */ + public Node nextNode() throws DOMException { + if (nodeIterator.hasNext()) { + return (Node) nodeIterator.next(); + } + return null; + } + + /** + * @see org.w3c.dom.traversal.NodeIterator#previousNode() + */ + public Node previousNode() throws DOMException { + if (nodeIterator.hasPrevious()) { + return (Node) nodeIterator.previous(); + } + return null; + } + + /** + * @see org.w3c.dom.traversal.NodeIterator#detach() + */ + public void detach() { + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java new file mode 100644 index 00000000..61933907 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java @@ -0,0 +1,46 @@ +/******************************************************************************* + *******************************************************************************/ + + +package at.gv.egiz.eaaf.core.impl.utils; + +import java.util.List; + +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +/** + * A NodeList implementation based on a List. + * + * @see java.util.List + * @see org.w3c.dom.NodeList + */ + +public class NodeListAdapter implements NodeList { + /** The List to wrap. */ + private List nodeList; + + /** + * Create a new NodeListAdapter. + * + * @param nodeList The List containing the nodes. + */ + public NodeListAdapter(List nodeList) { + this.nodeList = nodeList; + } + + /** + * @see org.w3c.dom.NodeList#item(int) + */ + public Node item(int index) { + return (Node) nodeList.get(index); + } + + /** + * @see org.w3c.dom.NodeList#getLength() + */ + public int getLength() { + return nodeList.size(); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java new file mode 100644 index 00000000..aad90649 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java @@ -0,0 +1,205 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egiz.eaaf.core.impl.utils; + + +import java.nio.ByteBuffer; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.text.DateFormat; +import java.text.SimpleDateFormat; +import java.util.Date; + +import org.apache.commons.codec.binary.Hex; +import org.apache.commons.lang3.ArrayUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + + +/** + * Random number generator used to generate ID's + * @author Paul Ivancsics + * @version $Id$ + */ +public class Random { + private static final Logger log = LoggerFactory.getLogger(Random.class); + + private final static char[] allowedPreFix = + {'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z', + 'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'}; + private static final DateFormat dateFormater = new SimpleDateFormat("yyyyddMM"); + + /** random number generator used */ + private static SecureRandom random; + //private static SeedGenerator seedgenerator; + + static { + try { + random = SecureRandom.getInstance("SHA256PRNG-FIPS186"); + + } catch (NoSuchAlgorithmException e) { + log.warn("Can NOT initialize SecureRandom with: 'SHA256PRNG-FIPS186'. Use 'StrongSecureRandom' as backup"); + + try { + random = SecureRandom.getInstanceStrong(); + + } catch (NoSuchAlgorithmException e1) { + log.error("Can NOT initialize SecureRandom. StartUp process FAILED!"); + throw new RuntimeException("Can NOT initialize SecureRandom. StartUp process FAILED!", e); + + } + + } + + + //random = iaik.security.random.SHA256FIPS186Random.getDefault(); + } + + /** + * Generate a unique process reference-value [160bit], which always starts with a letter + *
+ * This unique ID consists of single letter, a 64bit date String[yyyyddMM], + * and a 88bit random value. + * + * @return 160bit ID, which is hex encoded + */ + public static String nextProcessReferenceValue() { + //pre-process all three parts of a unique reference value + String now = dateFormater.format(new Date()); //8 bytes = 64bit + byte[] randValue = nextByteRandom(11); + char preFix = allowedPreFix[Math.abs(random.nextInt() % allowedPreFix.length)]; + + //generate ID + String returnValue = preFix + new String(Hex.encodeHex(ArrayUtils.addAll(now.getBytes(), randValue))); // 20 bytes = 160 bits + if (returnValue.length() > 40) + return returnValue.substring(0, 40); + else + return returnValue; + + } + + + + /** + * Creates a new random number [256bit], and encode it as hex value. + * + * @return random hex encoded value [256bit] + */ + public static String nextHexRandom32() { + return new String(Hex.encodeHex(nextByteRandom(32))); // 32 bytes = 256 bits + + } + + /** + * Creates a new random number [128bit], and encode it as hex value. + * + * @return random hex encoded value [128bit] + */ + public static String nextHexRandom16() { + return new String(Hex.encodeHex(nextByteRandom(16))); // 16 bytes = 128 bits + + } + + /** + * Creates a new random number [64bit], to be used as an ID. + * + * @return random long as a String [64bit] + */ + public static String nextLongRandom() { + return "".concat(String.valueOf(Math.abs(generateLongRandom(32)))); // 32 bytes = 256 bits + + } + + /** + * Creates a new random number, to be used as an ID. + * + * @return random long as a String [64bit] + */ + @Deprecated + public static String nextRandom() { + long l = ByteBuffer.wrap(nextByteRandom(32)).getLong(); // 32 bytes = 256 bits + return "" + Math.abs(l); + + } + +/** + * Creates a new random byte[] + * + * @param size Size of random number in byte + * @return + */ +public static byte[] nextBytes(int size) { + return nextByteRandom(size); + +} + + public static void seedRandom() { + //TODO: implement reflection on IAIK Seed generator +// seedgenerator = iaik.security.random.AutoSeedGenerator.getDefault(); +// if (seedgenerator.seedAvailable()) +// random.setSeed(seedgenerator.getSeed()); + + random.setSeed(System.nanoTime()); + } + + private static long generateLongRandom(int size) { + return ByteBuffer.wrap(nextByteRandom(size)).getLong(); + } + + /** + * Generate a new random number + * + * @param size Size of random number in byte + * @return + */ + private static synchronized byte[] nextByteRandom(int size) { + byte[] b = new byte[size]; + random.nextBytes(b); + return b; + + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ServletUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ServletUtils.java new file mode 100644 index 00000000..c19e5ab1 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ServletUtils.java @@ -0,0 +1,69 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/** + * + */ +package at.gv.egiz.eaaf.core.impl.utils; + +import javax.servlet.http.HttpServletRequest; + +public class ServletUtils { + + + public static String getBaseUrl( HttpServletRequest request ) { + if ( ( request.getServerPort() == 80 ) || + ( request.getServerPort() == 443 ) ) + return request.getScheme() + "://" + + request.getServerName() + + request.getContextPath(); + else + return request.getScheme() + "://" + + request.getServerName() + ":" + request.getServerPort() + + request.getContextPath(); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java new file mode 100644 index 00000000..3e4143d4 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java @@ -0,0 +1,177 @@ +/******************************************************************************* + *******************************************************************************/ + + +package at.gv.egiz.eaaf.core.impl.utils; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.PrintStream; + +/** + * Utility methods for streams. + * + * @author Patrick Peck + * @version $Id$ + */ +public class StreamUtils { + + /** + * Compare the contents of two InputStreams. + * + * @param is1 The 1st InputStream to compare. + * @param is2 The 2nd InputStream to compare. + * @return boolean true, if both streams contain the exactly the + * same content, false otherwise. + * @throws IOException An error occurred reading one of the streams. + */ + public static boolean compareStreams(InputStream is1, InputStream is2) + throws IOException { + + byte[] buf1 = new byte[256]; + byte[] buf2 = new byte[256]; + int length1; + int length2; + + try { + while (true) { + length1 = is1.read(buf1); + length2 = is2.read(buf2); + + if (length1 != length2) { + return false; + } + if (length1 <= 0) { + return true; + } + if (!compareBytes(buf1, buf2, length1)) { + return false; + } + } + } catch (IOException e) { + throw e; + } finally { + // close both streams + try { + is1.close(); + is2.close(); + } catch (IOException e) { + // ignore this + } + } + } + + /** + * Compare two byte arrays, up to a given maximum length. + * + * @param b1 1st byte array to compare. + * @param b2 2nd byte array to compare. + * @param length The maximum number of bytes to compare. + * @return true, if the byte arrays are equal, false + * otherwise. + */ + private static boolean compareBytes(byte[] b1, byte[] b2, int length) { + if (b1.length != b2.length) { + return false; + } + + for (int i = 0; i < b1.length && i < length; i++) { + if (b1[i] != b2[i]) { + return false; + } + } + + return true; + } + + /** + * Reads a byte array from a stream. + * @param in The InputStream to read. + * @return The bytes contained in the given InputStream. + * @throws IOException on any exception thrown + */ + public static byte[] readStream(InputStream in) throws IOException { + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + copyStream(in, out, null); + + /* + ByteArrayOutputStream out = new ByteArrayOutputStream(); + int b; + while ((b = in.read()) >= 0) + out.write(b); + + */ + in.close(); + return out.toByteArray(); + } + + /** + * Reads a String from a stream, using given encoding. + * @param in The InputStream to read. + * @param encoding The character encoding to use for converting the bytes + * of the InputStream into a String. + * @return The content of the given InputStream converted into + * a String. + * @throws IOException on any exception thrown + */ + public static String readStream(InputStream in, String encoding) throws IOException { + ByteArrayOutputStream out = new ByteArrayOutputStream(); + copyStream(in, out, null); + + /* + ByteArrayOutputStream out = new ByteArrayOutputStream(); + int b; + while ((b = in.read()) >= 0) + out.write(b); + */ + in.close(); + return out.toString(encoding); + } + + /** + * Reads all data (until EOF is reached) from the given source to the + * destination stream. If the destination stream is null, all data is dropped. + * It uses the given buffer to read data and forward it. If the buffer is + * null, this method allocates a buffer. + * + * @param source The stream providing the data. + * @param destination The stream that takes the data. If this is null, all + * data from source will be read and discarded. + * @param buffer The buffer to use for forwarding. If it is null, the method + * allocates a buffer. + * @exception IOException If reading from the source or writing to the + * destination fails. + */ + private static void copyStream(InputStream source, OutputStream destination, byte[] buffer) throws IOException { + if (source == null) { + throw new NullPointerException("Argument \"source\" must not be null."); + } + if (buffer == null) { + buffer = new byte[8192]; + } + + if (destination != null) { + int bytesRead; + while ((bytesRead = source.read(buffer)) >= 0) { + destination.write(buffer, 0, bytesRead); + } + } else { + while (source.read(buffer) >= 0); + } + } + + /** + * Gets the stack trace of the Throwable passed in as a string. + * @param t The Throwable. + * @return a String representing the stack trace of the Throwable. + */ + public static String getStackTraceAsString(Throwable t) + { + ByteArrayOutputStream stackTraceBIS = new ByteArrayOutputStream(); + t.printStackTrace(new PrintStream(stackTraceBIS)); + return new String(stackTraceBIS.toByteArray()); + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIDUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIDUtils.java new file mode 100644 index 00000000..7df211ef --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIDUtils.java @@ -0,0 +1,85 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.utils; + + +import at.gv.egiz.eaaf.core.api.IRequest; + +/** + * @author tlenz + * + */ +public class TransactionIDUtils { + + //MDC variables for logging + public static final String MDC_TRANSACTION_ID = "transactionId"; + public static final String MDC_SESSION_ID = "sessionId"; + public static final String MDC_SERVICEPROVIDER_ID = "oaId"; + + /** + * Set all MDC variables from pending request to this threat context
+ * These includes SessionID, TransactionID, and unique service-provider identifier + * + * @param pendingRequest + */ + public static void setAllLoggingVariables(IRequest pendingRequest) { + setTransactionId(pendingRequest.getUniqueTransactionIdentifier()); + setSessionId(pendingRequest.getUniqueSessionIdentifier()); + setServiceProviderId(pendingRequest.getServiceProviderConfiguration().getUniqueIdentifier()); + + } + + /** + * Remove all MDC variables from this threat context + * + */ + public static void removeAllLoggingVariables() { + removeSessionId(); + removeTransactionId(); + removeServiceProviderId(); + + } + + + public static void setServiceProviderId(String oaUniqueId) { + org.apache.log4j.MDC.put(MDC_SERVICEPROVIDER_ID, oaUniqueId); + org.slf4j.MDC.put(MDC_SERVICEPROVIDER_ID, oaUniqueId); + + } + + public static void removeServiceProviderId() { + org.apache.log4j.MDC.remove(MDC_SERVICEPROVIDER_ID); + org.slf4j.MDC.remove(MDC_SERVICEPROVIDER_ID); + + } + + public static void setTransactionId(String pendingRequestID) { + org.apache.log4j.MDC.put(MDC_TRANSACTION_ID, + "TID-" + pendingRequestID); + org.slf4j.MDC.put(MDC_TRANSACTION_ID, + "TID-" + pendingRequestID); + + } + + public static void removeTransactionId() { + org.apache.log4j.MDC.remove(MDC_TRANSACTION_ID); + org.slf4j.MDC.remove(MDC_TRANSACTION_ID); + + } + + public static void setSessionId(String uniqueSessionId) { + org.apache.log4j.MDC.put(MDC_SESSION_ID, + "SID-" + uniqueSessionId); + org.slf4j.MDC.put(MDC_SESSION_ID, + "SID-" + uniqueSessionId); + + } + + public static void removeSessionId() { + org.apache.log4j.MDC.remove(MDC_SESSION_ID); + org.slf4j.MDC.remove(MDC_SESSION_ID); + + } + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/XPathUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/XPathUtils.java new file mode 100644 index 00000000..7df242bd --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/XPathUtils.java @@ -0,0 +1,523 @@ +/******************************************************************************* + *******************************************************************************/ + + +package at.gv.egiz.eaaf.core.impl.utils; + +import java.util.List; +import java.util.Map; + +import org.jaxen.JaxenException; +import org.jaxen.NamespaceContext; +import org.jaxen.Navigator; +import org.jaxen.SimpleNamespaceContext; +import org.jaxen.dom.DOMXPath; +import org.jaxen.dom.DocumentNavigator; +import org.w3c.dom.Attr; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.w3c.dom.traversal.NodeIterator; + +import at.gv.egiz.eaaf.core.api.data.XMLNamespaceConstants; +import at.gv.egiz.eaaf.core.exceptions.XPathException; + +/** + * Utility methods to evaluate XPath expressions on DOM nodes. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XPathUtils { + + /** + * The XPath expression selecting all nodes under a given root (including the + * root node itself). + */ + public static final String ALL_NODES_XPATH = + "(.//. | .//@* | .//namespace::*)"; + + /** The DocumentNavigator to use for navigating the document. */ + private static Navigator documentNavigator = + DocumentNavigator.getInstance(); + /** The default namespace prefix to namespace URI mappings. */ + private static NamespaceContext NS_CONTEXT; + + static { + SimpleNamespaceContext ctx = new SimpleNamespaceContext(); + ctx.addNamespace(XMLNamespaceConstants.MOA_PREFIX, XMLNamespaceConstants.MOA_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.MOA_CONFIG_PREFIX, XMLNamespaceConstants.MOA_CONFIG_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.MOA_ID_CONFIG_PREFIX, XMLNamespaceConstants.MOA_ID_CONFIG_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.SL10_PREFIX, XMLNamespaceConstants.SL10_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.SL11_PREFIX, XMLNamespaceConstants.SL11_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.SL12_PREFIX, XMLNamespaceConstants.SL12_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.ECDSA_PREFIX, XMLNamespaceConstants.ECDSA_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.PD_PREFIX, XMLNamespaceConstants.PD_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.SAML_PREFIX, XMLNamespaceConstants.SAML_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.SAMLP_PREFIX, XMLNamespaceConstants.SAMLP_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.DSIG_PREFIX, XMLNamespaceConstants.DSIG_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.XSLT_PREFIX, XMLNamespaceConstants.XSLT_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.XSI_PREFIX, XMLNamespaceConstants.XSI_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.DSIG_FILTER2_PREFIX, XMLNamespaceConstants.DSIG_FILTER2_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.DSIG_EC_PREFIX, XMLNamespaceConstants.DSIG_EC_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.MD_PREFIX, XMLNamespaceConstants.MD_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.MDP_PREFIX, XMLNamespaceConstants.MDP_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.MVV_PREFIX, XMLNamespaceConstants.MVV_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.STB_PREFIX, XMLNamespaceConstants.STB_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.WRR_PREFIX, XMLNamespaceConstants.WRR_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.STORK_PREFIX, XMLNamespaceConstants.STORK_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.STORKP_PREFIX, XMLNamespaceConstants.STORKP_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.SAML2_PREFIX, XMLNamespaceConstants.SAML2_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.SAML2P_PREFIX, XMLNamespaceConstants.SAML2P_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.XENC_PREFIX, XMLNamespaceConstants.XENC_NS_URI); + ctx.addNamespace(XMLNamespaceConstants.XADES_1_1_1_NS_PREFIX, XMLNamespaceConstants.XADES_1_1_1_NS_URI); + NS_CONTEXT = ctx; + } + + /** + * Return a NodeIterator over the nodes matching the XPath + * expression. + * + * All namespace URIs and prefixes declared in the Constants + * interface are used for resolving namespaces. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param exp The XPath expression to evaluate. + * @return An iterator over the resulting nodes. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static NodeIterator selectNodeIterator(Node contextNode, String exp) + throws XPathException { + + return selectNodeIterator(contextNode, NS_CONTEXT, exp); + } + + /** + * Return a NodeIterator over the nodes matching the XPath + * expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param namespaceElement An element from which to build the + * namespace mapping for evaluating the XPath expression + * @param exp The XPath expression to evaluate. + * @return An iterator over the resulting nodes. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static NodeIterator selectNodeIterator( + Node contextNode, + Element namespaceElement, + String exp) + throws XPathException { + + try { + SimpleNamespaceContext ctx = new SimpleNamespaceContext(); + ctx.addElementNamespaces(documentNavigator, namespaceElement); + return selectNodeIterator(contextNode, ctx, exp); + + } catch (JaxenException e) { + throw new XPathException("XPath operation FAILED. Reason: " + e.getMessage(), e); + + } + } + + /** + * Return a NodeIterator over the nodes matching the XPath + * expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param namespaceMapping A namespace prefix to namespace URI mapping + * (String to String) for evaluating the XPath + * expression. + * @param exp The XPath expression to evaluate. + * @return An iterator over the resulting nodes. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static NodeIterator selectNodeIterator( + Node contextNode, + Map namespaceMapping, + String exp) + throws XPathException { + + SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping); + + return selectNodeIterator(contextNode, ctx, exp); + } + + /** + * Return a NodeIterator over the nodes matching the XPath + * expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param nsContext The NamespaceContext for resolving namespace + * prefixes to namespace URIs for evaluating the XPath expression. + * @param exp The XPath expression to evaluate. + * @return An iterator over the resulting nodes. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + private static NodeIterator selectNodeIterator( + Node contextNode, + NamespaceContext nsContext, + String exp) + throws XPathException { + + try { + DOMXPath xpath = new DOMXPath(exp); + List nodes; + + xpath.setNamespaceContext(nsContext); + nodes = xpath.selectNodes(contextNode); + return new NodeIteratorAdapter(nodes.listIterator()); + + } catch (JaxenException e) { + throw new XPathException("XPath operation FAILED. Reason: " + e.getMessage(), e); + + } + } + + /** + * Return a NodeList of all the nodes matching the XPath + * expression. + * + * All namespace URIs and prefixes declared in the Constants + * interface are used for resolving namespaces. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param exp The XPath expression to evaluate. + * @return A NodeList containing the matching nodes. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static NodeList selectNodeList(Node contextNode, String exp) + throws XPathException { + + return selectNodeList(contextNode, NS_CONTEXT, exp); + } + + /** + * Return a NodeList of all the nodes matching the XPath + * expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param namespaceElement An element from which to build the + * namespace mapping for evaluating the XPath expression + * @param exp The XPath expression to evaluate. + * @return A NodeList containing the matching nodes. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static NodeList selectNodeList( + Node contextNode, + Element namespaceElement, + String exp) + throws XPathException { + + try { + SimpleNamespaceContext ctx = new SimpleNamespaceContext(); + + ctx.addElementNamespaces(documentNavigator, namespaceElement); + return selectNodeList(contextNode, ctx, exp); + + } catch (JaxenException e) { + throw new XPathException("XPath operation FAILED. Reason: " + e.getMessage(), e); + + } + } + + /** + * Return a NodeList of all the nodes matching the XPath + * expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param namespaceMapping A namespace prefix to namespace URI mapping + * (String to String) for evaluating the XPath + * expression. + * @param exp The XPath expression to evaluate. + * @return A NodeList containing the matching nodes. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static NodeList selectNodeList( + Node contextNode, + Map namespaceMapping, + String exp) + throws XPathException { + + SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping); + + return selectNodeList(contextNode, ctx, exp); + } + + /** + * Return a NodeList of all the nodes matching the XPath + * expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param nsContext The NamespaceContext for resolving namespace + * prefixes to namespace URIs for evaluating the XPath expression. + * @param exp The XPath expression to evaluate. + * @return A NodeList containing the matching nodes. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + private static NodeList selectNodeList(Node contextNode, NamespaceContext nsContext, String exp) throws XPathException { + try { + DOMXPath xpath = new DOMXPath(exp); + List nodes; + xpath.setNamespaceContext(nsContext); + nodes = xpath.selectNodes(contextNode); + return new NodeListAdapter(nodes); + + } catch (JaxenException e) { + throw new XPathException("XPath operation FAILED. Reason: " + e.getMessage(), e); + + } + } + + /** + * Select the first node matching an XPath expression. + * + * All namespace URIs and prefixes declared in the Constants + * interface are used for resolving namespaces. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param exp The XPath expression to evaluate. + * @return Node The first node matching the XPath expression, or + * null, if no node matched. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static Node selectSingleNode(Node contextNode, String exp) + throws XPathException { + + return selectSingleNode(contextNode, NS_CONTEXT, exp); + } + + /** + * Select the first node matching an XPath expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param namespaceElement An element from which to build the + * namespace mapping for evaluating the XPath expression + * @param exp The XPath expression to evaluate. + * @return Node The first node matching the XPath expression, or + * null, if no node matched. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static Node selectSingleNode( + Node contextNode, + Element namespaceElement, + String exp) + throws XPathException { + + try { + SimpleNamespaceContext ctx = new SimpleNamespaceContext(); + ctx.addElementNamespaces(documentNavigator, namespaceElement); + return selectSingleNode(contextNode, ctx, exp); + + } catch (JaxenException e) { + throw new XPathException("XPath operation FAILED. Reason: " + e.getMessage(), e); + + } + } + + /** + * Select the first node matching an XPath expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param namespaceMapping A namespace prefix to namespace URI mapping + * (String to String) for evaluating the XPath + * expression. + * @param exp The XPath expression to evaluate. + * @return Node The first node matching the XPath expression, or + * null, if no node matched. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static Node selectSingleNode( + Node contextNode, + Map namespaceMapping, + String exp) + throws XPathException { + + SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping); + + return selectSingleNode(contextNode, ctx, exp); + } + + /** + * Select the first node matching an XPath expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param nsContext The NamespaceContext for resolving namespace + * prefixes to namespace URIs for evaluating the XPath expression. + * @param exp The XPath expression to evaluate. + * @return Node The first node matching the XPath expression, or + * null, if no node matched. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static Node selectSingleNode( + Node contextNode, + NamespaceContext nsContext, + String exp) + throws XPathException { + + try { + DOMXPath xpath = new DOMXPath(exp); + xpath.setNamespaceContext(nsContext); + return (Node) xpath.selectSingleNode(contextNode); + + } catch (JaxenException e) { + throw new XPathException("XPath operation FAILED. Reason: " + e.getMessage(), e); + + } + } + + /** + * Return the value of a DOM element whose location is given by an XPath + * expression. + * + * @param root The root element from which to evaluate the XPath. + * @param xpath The XPath expression pointing to the element whose value + * to return. + * @param def The default value to return, if no element can be found using + * the given xpath. + * @return The element value, if it can be located using the + * xpath. Otherwise, def is returned. + */ + public static String getElementValue( + Element root, + String xpath, + String def) { + + Element elem = (Element) XPathUtils.selectSingleNode(root, xpath); + return elem != null ? DOMUtils.getText(elem) : def; + } + + /** + * Return the value of a DOM attribute whose location is given by an XPath + * expression. + * + * @param root The root element from which to evaluate the XPath. + * @param xpath The XPath expression pointing to the attribute whose value to + * return. + * @param def The default value to return, if no attribute can be found using + * the given xpath. + * @return The element value, if it can be located using the + * xpath. Otherwise, def is returned. + */ + public static String getAttributeValue( + Element root, + String xpath, + String def) { + + Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath); + return attr != null ? attr.getValue() : def; + } + + /** + * Returns the namespace prefix used within XPathUtils for referring to + * the namespace of the specified (Security Layer command) element. + * + * This namespace prefix can be used in various XPath expression evaluation methods + * within XPathUtils without explicitely binding it to the particular + * namespace. + * + * @param contextElement The (Security Layer command) element. + * + * @return the namespace prefix used within XPathUtils for referring to + * the namespace of the specified (Security Layer command) element. + * + * throws XpathException If the specified element has a namespace other than the ones + * known by this implementation as valid Security Layer namespaces (cf. + * @link Constants#SL10_NS_URI, @link Constants#SL11_NS_URI, @link Constants#SL12_NS_URI). + */ + public static String getSlPrefix (Element contextElement) throws XPathException + { + String sLNamespace = contextElement.getNamespaceURI(); + String sLPrefix = null; + + if (sLNamespace.equals(XMLNamespaceConstants.SL10_NS_URI)) + sLPrefix = XMLNamespaceConstants.SL10_PREFIX; + + else if (sLNamespace.equals(XMLNamespaceConstants.SL12_NS_URI)) + sLPrefix = XMLNamespaceConstants.SL12_PREFIX; + + else if (sLNamespace.equals(XMLNamespaceConstants.SL11_NS_URI)) + sLPrefix = XMLNamespaceConstants.SL11_PREFIX; + + else + throw new XPathException("XPath operation FAILED. Reason: "); + + return sLPrefix; + } + + + /** + * Return the SecurityLayer namespace prefix of the context element. + * If the context element is not the element that lies within the + * SecurityLayer namespace. The Securitylayer namespace is derived from + * the xmlns:sl10, sl11 or sl + * attribute of the context element. + * + * The returned prefix is needed for evaluating XPATH expressions. + * + * @param contextElement The element to get a prefix for the Securitylayer namespace, + * that is used within the corresponding document. + * + * @return The string sl10, sl11 or sl, + * depending on the SecurityLayer namespace of the contextElement. + * + * throws XPathException If no (vlalid) SecurityLayer namespace prefix or namespace + * is defined. + */ + public static String getSlPrefixFromNoRoot (Element contextElement) throws XPathException { + + String slPrefix = checkSLnsDeclaration(contextElement, XMLNamespaceConstants.SL10_PREFIX, XMLNamespaceConstants.SL10_NS_URI); + if (slPrefix == null) + slPrefix = checkSLnsDeclaration(contextElement, XMLNamespaceConstants.SL11_PREFIX, XMLNamespaceConstants.SL11_NS_URI); + + if (slPrefix == null) + slPrefix = checkSLnsDeclaration(contextElement, XMLNamespaceConstants.SL12_PREFIX, XMLNamespaceConstants.SL12_NS_URI); + + return slPrefix; + + } + + /** + * Checks if the context element has an attribute xmlns:slPrefix and + * if the prefix of that attribute corresponds with a valid SecurityLayer namespace. + * + * @param contextElement The element to be checked. + * @param slPrefix The prefix which should be checked. Must be a valid SecurityLayer + * namespace prefix. + * @param slNameSpace The SecurityLayer namespace that corresponds to the specified prefix. + * + * @return The valid SecurityLayer prefix or null if this prefix is + * not used. + * @throws XPathException + */ + private static String checkSLnsDeclaration(Element contextElement, String slPrefix, String slNameSpace) + throws XPathException + { + String nsAtt = "xmlns:" + slPrefix; + String nameSpace = contextElement.getAttribute(nsAtt); + if (nameSpace == "") { + return null; + + } else { + // check if namespace is correct + if (nameSpace.equals(slNameSpace)) + return slPrefix; + else + throw new XPathException("Unknown Namespace declaration"); + + } + } + +} diff --git a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 00000000..d827c51f --- /dev/null +++ b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egiz.eaaf.core.impl.idp.EAAFCoreSpringResourceProvider \ No newline at end of file diff --git a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder new file mode 100644 index 00000000..2decf67c --- /dev/null +++ b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -0,0 +1,11 @@ +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BirthdateAttributeBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.GivenNameAttributeBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PrincipalNameAttributeBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPVersionAttributeBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDeIDASQAALevelAttributeBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder diff --git a/eaaf_core/src/main/resources/eaaf_core.beans.xml b/eaaf_core/src/main/resources/eaaf_core.beans.xml new file mode 100644 index 00000000..56ca556c --- /dev/null +++ b/eaaf_core/src/main/resources/eaaf_core.beans.xml @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eaaf_core/src/main/resources/process/ProcessDefinition.xsd b/eaaf_core/src/main/resources/process/ProcessDefinition.xsd new file mode 100644 index 00000000..d6ab7ae4 --- /dev/null +++ b/eaaf_core/src/main/resources/process/ProcessDefinition.xsd @@ -0,0 +1,53 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/Core-1.2.xsd b/eaaf_core/src/main/resources/schemas/Core-1.2.xsd new file mode 100644 index 00000000..864fee6d --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/Core-1.2.xsd @@ -0,0 +1,881 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/Core.20020225.xsd b/eaaf_core/src/main/resources/schemas/Core.20020225.xsd new file mode 100644 index 00000000..00b508dd --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/Core.20020225.xsd @@ -0,0 +1,399 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/Core.20020831.xsd b/eaaf_core/src/main/resources/schemas/Core.20020831.xsd new file mode 100644 index 00000000..a533bf22 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/Core.20020831.xsd @@ -0,0 +1,153 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.ancient.xsd b/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.ancient.xsd new file mode 100644 index 00000000..833d327f --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.ancient.xsd @@ -0,0 +1,122 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.wrong.xsd b/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.wrong.xsd new file mode 100644 index 00000000..db83c9df --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.wrong.xsd @@ -0,0 +1,122 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.xsd b/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.xsd new file mode 100644 index 00000000..7a01b23d --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.xsd @@ -0,0 +1,122 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.2.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.2.xsd new file mode 100644 index 00000000..43741d84 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.2.xsd @@ -0,0 +1,350 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der + Authentisierungs-Komponente + + + + + enthält Konfigurationsparameter der + Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. + Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der + Proxy-Komponente zur Auth-Komponente (vgl. + AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die + Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann + für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA + (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem + Security-Layer + + + + + + das Attribut filename verweist auf eine Datei mit globalem + Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo + werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks + inkludiert + + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA + SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der + AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; + wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; + wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben + werden; wird das Element nicht verwendet dann wird MOA-SP über das API + aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der + Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des + AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des + IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per + X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + + + + + + enthält Parameter über die OA, die die + Authentisierungs-Komponente betreffen + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente + betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente + betreffen + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der + TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für + die TLS-Client-Authentisierung verwendetwird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.3.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.3.xsd new file mode 100644 index 00000000..02f750e3 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.3.xsd @@ -0,0 +1,424 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der + Authentisierungs-Komponente + + + + + enthält Konfigurationsparameter der + Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. + Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der + Proxy-Komponente zur Auth-Komponente (vgl. + AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die + Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann + für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA + (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem + Security-Layer + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA + SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der + AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; + wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; + wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben + werden; wird das Element nicht verwendet dann wird MOA-SP über das API + aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der + Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des + AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des + IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per + X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + + + das Attribut filename verweist auf eine Datei mit globalem + Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo + werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks + inkludiert + + + + + + + + + + + + das Attribut URL spezifiziert die Lage des Templates + + + + + + + + + enthält Parameter über die OA, die die + Authentisierungs-Komponente betreffen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente + betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente + betreffen + + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der + TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für + die TLS-Client-Authentisierung verwendetwird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.2.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.2.xsd new file mode 100644 index 00000000..f80d6ef8 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.2.xsd @@ -0,0 +1,616 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der Authentisierungs-Komponente + + + + + enthält Konfigurationsparameter der Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem Security-Layer + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + enthält Defaultparameter für die Ãœberprüfung weiterer Infoboxen + + + + + + + das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert + + + + + + + + + + + + + das Attribut URL spezifiziert die Lage des Templates + + + + + + Verifikation zusätzlicher Infoboxen + + + + + Optionales DefaultTrustprofil für die Ãœberprüfung aller weiteren Infoboxen + + + + + + + + + + Parameter für Ãœberprüfung weiterer Infoboxen + + + + + + + Parameter zur Ãœberprüfung einzelner Infoboxen + + + + + optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet + + + + + TrustProfil, das für die Ãœberprüfung der Infobox verwendet werden soll + + + + + Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen + + + + + + Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden + + + + + + + + + + Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert. + + + + + + Legt fest ob Machtgeber und Machtnehmer in den Anmeldedaten ausgetauscht werden sollen. Lediglich die übermittelte Vollmacht gibt dann Aufschluss darüber, dass eine Vertretung vorliegt. Ziel dieses Schalters ist, dass bisherige Applikationen mit Vollmachten und beruflicher Parteienvertretung nachgerüstet werden können, ohne der Erfordernis Änderungen durchführen zu müssen. + + + + + Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant. + + + + + Eigentlicher Konfigurationsteil für berufliche Parteienvertretung + + + + + + + + + + + + + + Spezifiziert die Lage von XML Schemas + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + + + + + + + Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll + + + + + + + + + + Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation) + + + + + Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert + + + + + + + + + Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + + Optionale Verbindungsparameter zu speziellem (SZR-)Gateway + + + + + + OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren + + + + + + Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist + + + + + + + + Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss) + + + + + + + + Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.3.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.3.xsd new file mode 100644 index 00000000..03f3a24a --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.3.xsd @@ -0,0 +1,612 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der Authentisierungs-Komponente + + + + + enthält Konfigurationsparameter der Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem Security-Layer + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + enthält Defaultparameter für die Ãœberprüfung weiterer Infoboxen + + + + + + + das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert + + + + + + + + + + + + + das Attribut URL spezifiziert die Lage des Templates + + + + + + Verifikation zusätzlicher Infoboxen + + + + + Optionales DefaultTrustprofil für die Ãœberprüfung aller weiteren Infoboxen + + + + + + + + + + Parameter für Ãœberprüfung weiterer Infoboxen + + + + + + + Parameter zur Ãœberprüfung einzelner Infoboxen + + + + + optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet + + + + + TrustProfil, das für die Ãœberprüfung der Infobox verwendet werden soll + + + + + Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen + + + + + + Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden + + + + + + + + + + Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert. + + + + + + Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant. + + + + + Eigentlicher Konfigurationsteil für berufliche Parteienvertretung + + + + + + + + + + + + + + Spezifiziert die Lage von XML Schemas + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + + + + + + + Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll + + + + + + + + + + Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation) + + + + + Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert + + + + + + + + + Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + + Optionale Verbindungsparameter zu speziellem (SZR-)Gateway + + + + + + OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren + + + + + + Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist + + + + + + + + Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss) + + + + + + + + Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.7.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.7.xsd new file mode 100644 index 00000000..d2af3b93 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.7.xsd @@ -0,0 +1,625 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der Authentisierungs-Komponente + + + + + enthält Konfigurationsparameter der Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem Security-Layer + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + enthält Defaultparameter für die Ãœberprüfung weiterer Infoboxen + + + + + + + + Default Verbindungsparameter zum SZR-Gateway (GetIdentityLink) + + + + + + + + + + das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert + + + + + + + + + + + + + das Attribut URL spezifiziert die Lage des Templates + + + + + + Verifikation zusätzlicher Infoboxen + + + + + Optionales DefaultTrustprofil für die Ãœberprüfung aller weiteren Infoboxen + + + + + + + + + + Parameter für Ãœberprüfung weiterer Infoboxen + + + + + + + Parameter zur Ãœberprüfung einzelner Infoboxen + + + + + optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet + + + + + TrustProfil, das für die Ãœberprüfung der Infobox verwendet werden soll + + + + + Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen + + + + + + Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden + + + + + + + + + + Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert. + + + + + + Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant. + + + + + Eigentlicher Konfigurationsteil für berufliche Parteienvertretung + + + + + + + + + + + + + + Spezifiziert die Lage von XML Schemas + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + + + + + + + Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll + + + + + + + + + + Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation) + + + + + Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert + + + + + + + + + Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + + Optionale Verbindungsparameter zu speziellem (SZR-)Gateway + + + + + + OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren + + + + + + Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist + + + + + + + + Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss) + + + + + + + + Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.xsd new file mode 100644 index 00000000..899f237c --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.xsd @@ -0,0 +1,505 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der + Authentisierungs-Komponente + + + + + enthält Konfigurationsparameter der + Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. + Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der + Proxy-Komponente zur Auth-Komponente (vgl. + AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die + Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann + für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA + (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem + Security-Layer + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA + SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der + AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; + wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; + wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben + werden; wird das Element nicht verwendet dann wird MOA-SP über das API + aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der + Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des + AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des + IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per + X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + enthält Defaultparameter für die Ãœberprüfung weiterer Infoboxen + + + + + + + das Attribut filename verweist auf eine Datei mit globalem + Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo + werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks + inkludiert + + + + + + + + + + + + das Attribut URL spezifiziert die Lage des Templates + + + + + + Verifikation zusätzlicher Infoboxen + + + + + Optionales DefaultTrustprofil für die Ãœberprüfung aller weiteren Infoboxen + + + + + + + + + + Parameter für Ãœberprüfung weiterer Infoboxen + + + + + + optionalervName, der für Fehlermeldungen verwendet werden soll; + z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird + das Identifier-Attribut verwendet + + + + + TrustProfil, das für die Ãœberprüfung der Infobox + verwendet werden soll + + + + + Validatorklasse, die für die Prüfung der Infobox + verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname + vom Default Package- und Klassennamen abweichen + + + + + + Infobox spezifische Parameter, die der jeweiligen Prüfapplikation + übergeben werden + + + + + + + + + + + + + + + + + + + Spezifiziert die Lage von XML Schemas + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die + Authentisierungs-Komponente betreffen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente + betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente + betreffen + + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der + TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für + die TLS-Client-Authentisierung verwendetwird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.0.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.0.xsd new file mode 100644 index 00000000..f5daf09b --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.0.xsd @@ -0,0 +1,665 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der Authentisierungs-Komponente + + + + + enthält Konfigurationsparameter der Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem Security-Layer + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + enthält Defaultparameter für die Ãœberprüfung weiterer Infoboxen + + + + + + + + Verbindungsparameter zum SZR-Gateway (GetIdentityLink) + + + + + + + + + + + Verbindungsparameter zum Online-Vollmachten-Service + + + + + + + + + + das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert + + + + + + + + + + + + + + + + + + + + + + + + + + + + das Attribut URL spezifiziert die Lage des Templates + + + + + + Verifikation zusätzlicher Infoboxen + + + + + Optionales DefaultTrustprofil für die Ãœberprüfung aller weiteren Infoboxen + + + + + + + + + + Parameter für Ãœberprüfung weiterer Infoboxen + + + + + + + Parameter zur Ãœberprüfung einzelner Infoboxen + + + + + optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet + + + + + TrustProfil, das für die Ãœberprüfung der Infobox verwendet werden soll + + + + + Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen + + + + + + Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden + + + + + + + + + + Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert. + + + + + + Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant. + + + + + Eigentlicher Konfigurationsteil für berufliche Parteienvertretung + + + + + + + + + + + + + + Spezifiziert die Lage von XML Schemas + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + + + + + + + Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll + + + + + + + + + + Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation) + + + + + Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert + + + + + + + + + Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + + Optionale Verbindungsparameter zu speziellem (SZR-)Gateway + + + + + + OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren + + + + + + Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist + + + + + + + + Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss) + + + + + + + + Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.1.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.1.xsd new file mode 100644 index 00000000..fec3b6d0 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.1.xsd @@ -0,0 +1,659 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der Authentisierungs-Komponente + + + + + + + + + + + enthält Konfigurationsparameter der Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem Security-Layer + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + enthält Defaultparameter für die Ãœberprüfung weiterer Infoboxen + + + + + + + + Verbindungsparameter zum SZR-Gateway (GetIdentityLink) + + + + + + + + + + + Verbindungsparameter zum Online-Vollmachten-Service + + + + + + + + + + das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert + + + + + + + + + + + + + das Attribut URL spezifiziert die Lage des Templates + + + + + + Verifikation zusätzlicher Infoboxen + + + + + Optionales DefaultTrustprofil für die Ãœberprüfung aller weiteren Infoboxen + + + + + + + + + + Parameter für Ãœberprüfung weiterer Infoboxen + + + + + + + Parameter zur Ãœberprüfung einzelner Infoboxen + + + + + optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet + + + + + TrustProfil, das für die Ãœberprüfung der Infobox verwendet werden soll + + + + + Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen + + + + + + Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden + + + + + + + + + + Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert. + + + + + + Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant. + + + + + Eigentlicher Konfigurationsteil für berufliche Parteienvertretung + + + + + + + + + + + + + + Spezifiziert die Lage von XML Schemas + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + + + + + + + Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll + + + + + + + + + + Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation) + + + + + Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert + + + + + + + + + Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + + Optionale Verbindungsparameter zu speziellem (SZR-)Gateway + + + + + + OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren + + + + + + Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist + + + + + + + + Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss) + + + + + + + + Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.2.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.2.xsd new file mode 100644 index 00000000..93339922 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.2.xsd @@ -0,0 +1,757 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der Authentisierungs-Komponente + + + + + + + + + + enthält Konfigurationsparameter der Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem Security-Layer + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + enthält Defaultparameter für die Ãœberprüfung weiterer Infoboxen + + + + + + + + Verbindungsparameter zum SZR-Gateway (GetIdentityLink) + + + + + Verbindungsparameter zu den Country-PEPS (C-PEPS) + + + + + + + + + + + Verbindungsparameter zum Online-Vollmachten-Service + + + + + + + + + + das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert + + + + + + + + + + + + + das Attribut URL spezifiziert die Lage des Templates + + + + + + Verifikation zusätzlicher Infoboxen + + + + + Optionales DefaultTrustprofil für die Ãœberprüfung aller weiteren Infoboxen + + + + + + + + + + Parameter für Ãœberprüfung weiterer Infoboxen + + + + + + + Parameter zur Ãœberprüfung einzelner Infoboxen + + + + + optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet + + + + + TrustProfil, das für die Ãœberprüfung der Infobox verwendet werden soll + + + + + Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen + + + + + + Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden + + + + + + + + + + Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert. + + + + + + Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant. + + + + + Eigentlicher Konfigurationsteil für berufliche Parteienvertretung + + + + + + + + + + + + + + Spezifiziert die Lage von XML Schemas + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + + + + + + + Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll + + + + + + + + + + Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation) + + + + + Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert + + + + + + + + + Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + + Optionale Verbindungsparameter zu speziellem (SZR-)Gateway + + + + + + OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren + + + + + + Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist + + + + + + + + Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss) + + + + + + + + Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird + + + + + + + Enthält Informationen zu einem KeyStore bzw. Key zur STORK SAML AuthnRequest Signaturerstellung + + + + + + + + + Enthält Informationen zur Verfikation von Signaturen einer STORK SAML Response + + + + + + + + Enthält Informationen zur Erstellung und Verifikation von STORK SAML Messages + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel zum Erstellen einer Signatur enthält + + + + + + + + + + + + Name zum Key eines KeyStores, der den privaten Schlüssel zum Erstellen einer Signatur darstellt + + + + + + + + + + + + Enthält Informationen zu einem Citizen Country PEPS (C-PEPS) + + + + + + + + + + + + Contains STORK related information + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-1.3.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-1.3.xsd new file mode 100644 index 00000000..5a58e4f8 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-1.3.xsd @@ -0,0 +1,469 @@ + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung gescheitert ist + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. + + + + + Profilbezeichner für einen Transformationsweg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. + + + + Der Transformationsparameter explizit angegeben. + + + + + Der Hashwert des Transformationsparameters. + + + + + + + + + + + + + + + + + + + + + + Explizite Angabe des Transformationswegs + + + + + + + Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-1.4.7.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-1.4.7.xsd new file mode 100644 index 00000000..32b4d68e --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-1.4.7.xsd @@ -0,0 +1,471 @@ + + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung gescheitert ist + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. + + + + + Profilbezeichner für einen Transformationsweg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. + + + + Der Transformationsparameter explizit angegeben. + + + + + Der Hashwert des Transformationsparameters. + + + + + + + + + + + + + + + + + + + + + + Explizite Angabe des Transformationswegs + + + + + + + Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-2.0.0.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-2.0.0.xsd new file mode 100644 index 00000000..73d145ec --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-2.0.0.xsd @@ -0,0 +1,572 @@ + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung gescheitert ist + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. + + + + + Profilbezeichner für einen Transformationsweg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. + + + + Der Transformationsparameter explizit angegeben. + + + + + Der Hashwert des Transformationsparameters. + + + + + + + + + + + + + + + + + + + + + + Explizite Angabe des Transformationswegs + + + + + + + Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.3.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.3.xsd new file mode 100644 index 00000000..291e75a7 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.3.xsd @@ -0,0 +1,253 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.3.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.3.xsd new file mode 100644 index 00000000..884b20a9 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.3.xsd @@ -0,0 +1,312 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.5.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.5.xsd new file mode 100644 index 00000000..7c3270fd --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.5.xsd @@ -0,0 +1,268 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.7.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.7.xsd new file mode 100644 index 00000000..063f0e13 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.7.xsd @@ -0,0 +1,268 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.5.1.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.5.1.xsd new file mode 100644 index 00000000..bfa48e9d --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.5.1.xsd @@ -0,0 +1,282 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-2.0.0.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-2.0.0.xsd new file mode 100644 index 00000000..7270d288 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-2.0.0.xsd @@ -0,0 +1,353 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/MOAIdentities.xsd b/eaaf_core/src/main/resources/schemas/MOAIdentities.xsd new file mode 100644 index 00000000..470295be --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/MOAIdentities.xsd @@ -0,0 +1,51 @@ + + + + + + MOAIdentities provides a mapping from identities to parameters used in the XMLLoginParameterResolver of MOA-ID + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/PersonData.xsd b/eaaf_core/src/main/resources/schemas/PersonData.xsd new file mode 100644 index 00000000..0e3bc6b3 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/PersonData.xsd @@ -0,0 +1,426 @@ + + + + + + + + + + + + + unique identifier + + + + + actual value of the identifier. + + + + + + + + + + + + type of value (eg 'ZMR', 'SV-Nummer', 'Martrikelnummer', database identification, ...) + + + + + authority, which is reponsible for generation of the identifier (eg university in case of 'MatrikelNummer') + + + + + any additional properties + + + + + + + + + + element of person type + + + + + main structure of person data + + + + + unique identification entities + + + + + + + + + + element of physical person type + + + + + physical person + + + + + + + data related to the person's name + + + + + Former name, Artist name, changes of Given name ... + + + + + + + + + + + + status of a person in the cycle of life + + + + + gender + + + + + date of birth + + + + + place of birth + + + + + country of birth + + + + + nationality of Person (Staatsbürgerschaft) + + + + + confession (religion) of Person + + + + + relatives (parents, ...) + + + + + + type of the relationship + + + + + + + + + any additional properties + + + + + + + + + element of corporate body type + + + + + juridical person, organisation + + + + + + + category (eg organisation, function, sector, ...) + + + + + name of corporate body (whole name) + + + + + alternative names of corporate body (abbreviations, short name, synonyms, ...) + + + + + type of company (eg AG, OHG, ...) + + + + + part of an organisation, see also X.500 ou (eg departement, section, branch, ...) + + + + + any additional properties + + + + + + + + + + element of signed person datastructure type + + + + + signed person datastructure. The first Identification elements (from the base type) denote the record as such (e.g. database key for this record) - not to be mistaken for identifiers of the person or of an address (they have their own Identification elements). + + + + + + + + + one or more electronic signatures applied on fields above + + + + + + + + any additional properties + + + + + + + + + + + + + simple type for sex (gender) of person + + + + + + + + + + simple type for dates (union), which may omit day and/or month + + + + + + simple type for marital status of a person + + + + + + + + + + + pattern type for enlargement of type definitions + + + + + + + + known relations (family + functional) + + + + + + + + + + + + + + + + known + any other relation + + + + + + known types of alternative names + + + + + + + + + + + + known + any other alternative name types + + + + + + + element of address type + + + + + main structure of address data + + + + + unique identification entities + + + + + + + + + element of postal address type + + + + + postal address + + + + + + + type of address - category (eg 'Wohnsitz', 'Zentrale', ...) + + + + + + any additional properties + + + + + + + + + element of telephone address type + + + + + phone numbers + + + + + + + type of phononumber - category (eg 'Festnetz', 'Mobile', 'fax', ...) + + + + + phonenumber + + + + + any additional properties + + + + + + + + + element of internet address type + + + + + internet based communication + + + + + + + certificate for secure communication + + + + + email-Address, Web, FTP, LDAP, ... + + + + + any additional properties + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/PersonData_20_en_moaWID.xsd b/eaaf_core/src/main/resources/schemas/PersonData_20_en_moaWID.xsd new file mode 100644 index 00000000..885c2b76 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/PersonData_20_en_moaWID.xsd @@ -0,0 +1,1229 @@ + + + + + + + + + This version of person deploys only global elements. All types derived from abstract types have been replaced by substitution groups + + + + + dummy abstract Peson Data element needed for bi-lingual schema (substitution groups) + + + + + element of signed person datastructure type + + + + + element of signed person datastructure type + + + + + + + + + + + + + + + + + + + element of person type, essential abstract, subsitute PhysicalPerson or CorporateBody instead or use with xsi:type="..." + + + + + + element of physical person type, dreived from Person (abstract) + + + + + element of physical person type, dreived from Person (abstract) + + + + + element of corporate body type, derived from Person + + + + + element of corporate body type, derived from Person + + + + + + data related to the person's name + + + + + data related to the person's name + + + + + Former name, Artist name, changes of Given name ..., compare AlternativName + + + + + + + + + + + + relatives (parents, ...), compare Verwandter + + + + + + type of the relationship, compare Verwandschftsgrad + + + + + + + + + + element of address type, essentially abstract. Use InternetAddress, TelephoneAddress, PostalAddress, TypedPostalAddress instead, or use Address with xsi:type Attribute + + + + + Postal or ZMR Address, compare PostAdresse + + + + + Postal or ZMR Address, compare PostAdresse + + + + + Typed Postal or ZMR Address, compare TypisiertePostAdresse + + + + + InternetAdress such as e-mail or website, compare InternetAdresse + + + + + Typed TelephoneAddress, compare TelefonAdresse + + + + + National or international bank connection, compare Bankverbindung + + + + + + possibility to include common austrian primary keys in human readable way, english translation not available + + + + + + + + + + + + + + + + + + + + + + + + Ergänzungsregister für nicht-natürliche Personen (CorporateBody) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + teletyper or telephone for the hearing impaired + + + + + + status of a person in the cycle of life, compare Familienstand + + + + + gender, comapre Geschlecht + + + + + date of birth, compare Geburtsdatum + + + + + date of death, compare Sterbedatum + + + + + place of birth, compare Geburtsort + + + + + country of birth, compare Geburtsland + + + + + state of birth, comapre Geburtsbundesland + + + + + nationality of Person, compare Staatsangehoerigkeit. attention! New Fomrat is complex, string value accepted for compatibility only + + + + + confession (religion) of Person - xs:token? gibt es wirklich keine Staaten mit Leerzeichen im Namen? + + + + + occupation, compare Beruf + + + + + + compare InternationalerLaendercode + + + + + compare NationalNummer + + + + + compare Vorwahl + + + + + compare Anschlussnummer + + + + + Complete number, ready formated - e.g. +43 1 5131345 4664 compare FormatierteNummer + + + + + compare Klappe + + + + + unique identifier + + + + + + signed person datastructure. The first Identification elements (from the base type) denote the record as such (e.g. database key for this record) - not to be mistaken for identifiers of the person or of an address (they have their own Identification elements). + + + + + + + + + one or more electronic signatures applied on fields above + + + + + container for your Information needs. Contained Elements must reside in a different Namespace + + + + + + any additional properties + + + + + + + + + + + + signed person datastructure. The first Identification elements (from the base type) denote the record as such (e.g. database key for this record) - not to be mistaken for identifiers of the person or of an address (they have their own Identification elements). + + + + + + + + + one or more electronic signatures applied on fields above + + + + + container for your Information needs. Contained Elements must reside in a different Namespace + + + + + + any additional properties + + + + + + + + + + + + + + + + + unique identifier + + + + + actual value of the identifier. + + + + + + + + + + + + type of value (eg 'ZMR', 'SV-Nummer', 'Martrikelnummer', database identification, ...) + + + + + authority, which is reponsible for generation of the identifier (eg university in case of 'MatrikelNummer') + + + + + any additional properties + + + + + + + + + main structure of person data + + + + + unique identification entities + + + + + + + + + + physical person, compare NatuerlichePersonTyp + + + + + + + + + + + + + + + + + + + + + any additional properties + + + + + + + + + physical person, compare NatuerlichePersonTyp + + + + + + + + + + + + + any additional properties + + + + + + + + + juridical person, organisation, compare NichtNatuerlichePersonTyp + + + + + + + URI pointing to a predefined Class of CorporateBodies, compare Typ + + + + + name of corporate body (whole name), compare VollerName + + + + + alternative names of corporate body (abbreviations, short name, synonyms, ...), comapre AlternativName + + + + + type of company (eg AG, OHG, ...), URI pointing to predefined LegalForm, compare Rechtsform + + + + + part of an organisation, see also X.500 ou (eg departement, section, branch, ...) , compare Organisation + + + + + + any additional properties + + + + + + + + + juridical person, organisation, compare NichtNatuerlichePersonTyp + + + + + + + URI pointing to a predefined Class of CorporateBodies, compare Typ + + + + + name of corporate body (whole name), compare VollerName + + + + + type of company (eg AG, OHG, ...), URI pointing to predefined LegalForm, compare Rechtsform + + + + + part of an organisation, see also X.500 ou (eg departement, section, branch, ...) , compare Organisation + + + + + any additional properties + + + + + + + + + container for parts of a name, comapre PersonenNameTyp + + + + + Complete Name (including Affixes) of the Person, especially useful for names from different cultural environments + + + + + + + + + + + + + + + + + + + + + Every given name should be contained inside a GivenName Tag. If that is not possible due to dabase contraints, ... putting several given names inside one GivenName Element is acceptable + + + + + A Person in possesion of more than one GivenName frequently preferrs the use of a Name other than the first GivenName + + + + + MiddleNames are not commonly found in central Europe. The field is mainly for compatibility reasons + + + + + Every family name should be contained inside a FamilyName Tag. If that is not possible due to dabase contraints, ... putting several family names inside one FamilyName Element is acceptable + + + + + + + + + + + + + + + + + + + + + Inlcudes all Information that is not exactly a name: academic or aristocratic titles, ... the new position attribute can contain a suffx or prefix value + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + container for parts of a name, comapre PersonenNameTyp + + + + + Every given name should be contained inside a GivenName Tag. If that is not possible due to dabase contraints, ... putting several given names inside one GivenName Element is acceptable + + + + + Every family name should be contained inside a FamilyName Tag. If that is not possible due to dabase contraints, ... putting several family names inside one FamilyName Element is acceptable + + + + + + + + + + + + + + + + + + + + + Inlcudes all Information that is not exactly a name: academic or aristocratic titles, ... the new position attribute can contain a suffx or prefix value + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + comapre, StaatsangehoerigkeitTyp + + + + + + + + + + + + + + + + + + compare BankverbindungTyp + + + + + Account holder, compare Inhaber + + + + + compare BankName + + + + + + compare NationaleBankverbindung + + + + + + compare Kontonummer + + + + + compare BLZ + + + + + + + + compare InternationaleBankverbindung + + + + + + compare IBAN + + + + + comapre BIC + + + + + + + + + + + main structure of address data + + + + + unique identification entities + + + + + + + + + postal address with type information, compare TypisiertePostAdresseTyp + + + + + + + type of address - category (eg 'Wohnsitz', 'Zentrale', ...) + + + + + + any additional properties + + + + + + + + + compare PostAdresseTyp + + + + + + + Code for the country, use ISO or internatinal Postalstandard, compare Staatscode + + + + + + + + + + Name of the country, use ISO Name, or international Postal Standard, compare Staatsname + + + + + ZIP, compare Postleitzahl + + + + + compare Region + + + + + compare Bundesland + + + + + compare Gemeinde + + + + + compare Gemeindekennzahl + + + + + ZMR use, compare Ortschaft + + + + + ZMR use, comapre OrtschaftZweisprachig + + + + + + + + + + + + + + zmr use only + + + + + zmr use only + + + + + + Addressregister database keys used to identify Addresses + + + + + + + + + + + + + + + If Addressis used outside of PersonData a recipient can be specified + + + + + + + + rather OrganizationUnit e.G Sales Departement + + + + + e.g. Smith Ltd + + + + + + + + + + + + + + + + + + + + + + compare PostAdresseTyp + + + + + + + Code for the country, use ISO or internatinal Postalstandard, compare Staatscode + + + + + + + + + + Name of the country, use ISO Name, or international Postal Standard, compare Staatsname + + + + + ZIP, compare Postleitzahl + + + + + compare Gemeinde + + + + + + + + if streetname not available use name of Ortschaft + + + + + + + + + + + + + + + + + + + + + + + + + e.g. e-mail, webiste, compare InternetAdresseTyp + + + + + + + certificate for secure communication + + + + + URI: email-Address, Web, FTP, LDAP, ..., comapre Adress + + + + + any additional properties + + + + + + + + + phone numbers, conmpare TelephoneAdresseTyp + + + + + + + type of phononumber - category (eg 'Festnetz', 'Mobile', 'fax', ...) + + + + + phonenumber + + + + + any additional properties + + + + + + + + + like TelephoneAddresseType but with additional smsEnabled attribute + + + + + + + + + + formated number or set of telephone number parts + + + + + + + + + set of telephone number parts + + + + + + + + + + + + + simple type for sex (gender) of person + + + + + + + + + + simple type for dates (union), which may omit day and/or month + + + + + + simple type for dates (union), which may omit day and/or month + + + + + + simple type for marital status of a person + + + + + + + + + + + pattern type for enlargement of type definitions. Contents as follows +x:sometext or 12345 or _ or other symbols + + + + + + + + + known relations (family + functional) + + + + + + + + + + + + + + + + known + any other relation + + + + + + known types of alternative names + + + + + + + + + + + + known + any other alternative name types + + + + + + + zmr use only + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/PersonName-1_2.xsd b/eaaf_core/src/main/resources/schemas/PersonName-1_2.xsd new file mode 100644 index 00000000..7a52b858 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/PersonName-1_2.xsd @@ -0,0 +1,115 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/PostalAddress-1_2.xsd b/eaaf_core/src/main/resources/schemas/PostalAddress-1_2.xsd new file mode 100644 index 00000000..2203ede4 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/PostalAddress-1_2.xsd @@ -0,0 +1,95 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/TelcomNumber-1_0.xsd b/eaaf_core/src/main/resources/schemas/TelcomNumber-1_0.xsd new file mode 100644 index 00000000..8bc02d40 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/TelcomNumber-1_0.xsd @@ -0,0 +1,89 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/XAdES-1.1.1.xsd b/eaaf_core/src/main/resources/schemas/XAdES-1.1.1.xsd new file mode 100644 index 00000000..c57f09de --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/XAdES-1.1.1.xsd @@ -0,0 +1,545 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/XAdES-1.2.2.xsd b/eaaf_core/src/main/resources/schemas/XAdES-1.2.2.xsd new file mode 100644 index 00000000..04ddb2d3 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/XAdES-1.2.2.xsd @@ -0,0 +1,551 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/XAdES-1.3.2.xsd b/eaaf_core/src/main/resources/schemas/XAdES-1.3.2.xsd new file mode 100644 index 00000000..b0569151 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/XAdES-1.3.2.xsd @@ -0,0 +1,466 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/XAdES-1.4.1.xsd b/eaaf_core/src/main/resources/schemas/XAdES-1.4.1.xsd new file mode 100644 index 00000000..274dbdca --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/XAdES-1.4.1.xsd @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/XMLSchema-instance.xsd b/eaaf_core/src/main/resources/schemas/XMLSchema-instance.xsd new file mode 100644 index 00000000..f47577b8 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/XMLSchema-instance.xsd @@ -0,0 +1,37 @@ + + + + + + + +]> + + + +

XML Schema instance namespace

+

See the XML Schema + Recommendation for an introduction

+ + +
+ $Date: 2001/03/16 20:25:57 $
+ $Id: XMLSchema-instance.xsd,v 1.4 2001/03/16 20:25:57 ht Exp $ + + + +

This schema should never be used as such: + the XML + Schema Recommendation forbids the declaration of + attributes in this namespace

+ + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/XMLSchema.dtd b/eaaf_core/src/main/resources/schemas/XMLSchema.dtd new file mode 100644 index 00000000..e8e8f762 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/XMLSchema.dtd @@ -0,0 +1,402 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +%xs-datatypes; + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/cs-sstc-schema-assertion-01.xsd b/eaaf_core/src/main/resources/schemas/cs-sstc-schema-assertion-01.xsd new file mode 100644 index 00000000..d41f3e81 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/cs-sstc-schema-assertion-01.xsd @@ -0,0 +1,194 @@ + + + + + + + Document identifier: cs-sstc-schema-assertion-01 + Location: http://www.oasis-open.org/committees/security/docs/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/cs-sstc-schema-protocol-01.xsd b/eaaf_core/src/main/resources/schemas/cs-sstc-schema-protocol-01.xsd new file mode 100644 index 00000000..d939fa73 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/cs-sstc-schema-protocol-01.xsd @@ -0,0 +1,127 @@ + + + + + + + + Document identifier: cs-sstc-schema-protocol-01 + Location: http://www.oasis-open.org/committees/security/docs/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/datatypes.dtd b/eaaf_core/src/main/resources/schemas/datatypes.dtd new file mode 100644 index 00000000..8e48553b --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/datatypes.dtd @@ -0,0 +1,203 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/eIDAS_saml_extensions.xsd b/eaaf_core/src/main/resources/schemas/eIDAS_saml_extensions.xsd new file mode 100644 index 00000000..76b82a26 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/eIDAS_saml_extensions.xsd @@ -0,0 +1,31 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/exclusive-canonicalization.xsd b/eaaf_core/src/main/resources/schemas/exclusive-canonicalization.xsd new file mode 100644 index 00000000..074e3f19 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/exclusive-canonicalization.xsd @@ -0,0 +1,22 @@ + + + + + + + + \ No newline at end of file diff --git a/eaaf_core/src/main/resources/schemas/saml-schema-assertion-2.0.xsd b/eaaf_core/src/main/resources/schemas/saml-schema-assertion-2.0.xsd new file mode 100644 index 00000000..977c3fe6 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/saml-schema-assertion-2.0.xsd @@ -0,0 +1,290 @@ + + + + + + + + + Document identifier: saml-schema-assertion-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V1.0 (November, 2002): + Initial Standard Schema. + V1.1 (September, 2003): + Updates within the same V1.0 namespace. + V2.0 (March, 2005): + New assertion schema for SAML V2.0 namespace. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/saml-schema-metadata-2.0.xsd b/eaaf_core/src/main/resources/schemas/saml-schema-metadata-2.0.xsd new file mode 100644 index 00000000..c83806b0 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/saml-schema-metadata-2.0.xsd @@ -0,0 +1,323 @@ + + + + + + + + + Document identifier: saml-schema-metadata-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + Schema for SAML metadata, first published in SAML 2.0. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eaaf_core/src/main/resources/schemas/saml-schema-protocol-2.0.xsd b/eaaf_core/src/main/resources/schemas/saml-schema-protocol-2.0.xsd new file mode 100644 index 00000000..b7d14e3e --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/saml-schema-protocol-2.0.xsd @@ -0,0 +1,306 @@ + + + + + + + + Document identifier: saml-schema-protocol-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V1.0 (November, 2002): + Initial Standard Schema. + V1.1 (September, 2003): + Updates within the same V1.0 namespace. + V2.0 (March, 2005): + New protocol schema based in a SAML V2.0 namespace. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/sstc-metadata-attr.xsd b/eaaf_core/src/main/resources/schemas/sstc-metadata-attr.xsd new file mode 100644 index 00000000..f23e462a --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/sstc-metadata-attr.xsd @@ -0,0 +1,35 @@ + + + + + + Document title: SAML V2.0 Metadata Extention for Entity Attributes Schema + Document identifier: sstc-metadata-attr.xsd + Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security + Revision history: + V1.0 (November 2008): + Initial version. + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/stork-schema-assertion-1.0.xsd b/eaaf_core/src/main/resources/schemas/stork-schema-assertion-1.0.xsd new file mode 100644 index 00000000..2791f3a1 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/stork-schema-assertion-1.0.xsd @@ -0,0 +1,80 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/stork-schema-protocol-1.0.xsd b/eaaf_core/src/main/resources/schemas/stork-schema-protocol-1.0.xsd new file mode 100644 index 00000000..92fda60a --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/stork-schema-protocol-1.0.xsd @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/ts_102231v030102_additionaltypes_xsd.xsd b/eaaf_core/src/main/resources/schemas/ts_102231v030102_additionaltypes_xsd.xsd new file mode 100644 index 00000000..5f1c646a --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/ts_102231v030102_additionaltypes_xsd.xsd @@ -0,0 +1,35 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/ts_102231v030102_sie_xsd.xsd b/eaaf_core/src/main/resources/schemas/ts_102231v030102_sie_xsd.xsd new file mode 100644 index 00000000..1b3bed4b --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/ts_102231v030102_sie_xsd.xsd @@ -0,0 +1,81 @@ + + + + + + + + + + + + + + + + + + + Please first try to use the CriteriaList before doing the OtherCriteria extension point. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/ts_102231v030102_xsd.xsd b/eaaf_core/src/main/resources/schemas/ts_102231v030102_xsd.xsd new file mode 100644 index 00000000..5ee04ec3 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/ts_102231v030102_xsd.xsd @@ -0,0 +1,331 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd b/eaaf_core/src/main/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd new file mode 100644 index 00000000..4af373cf --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd @@ -0,0 +1,35 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/ts_119612v010201_sie_xsd.xsd b/eaaf_core/src/main/resources/schemas/ts_119612v010201_sie_xsd.xsd new file mode 100644 index 00000000..42a96b78 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/ts_119612v010201_sie_xsd.xsd @@ -0,0 +1,81 @@ + + + + + + + + + + + + + + + + + + + Please first try to use the CriteriaList before doing the OtherCriteria extension point. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/ts_119612v010201_xsd.xsd b/eaaf_core/src/main/resources/schemas/ts_119612v010201_xsd.xsd new file mode 100644 index 00000000..fb1852ec --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/ts_119612v010201_xsd.xsd @@ -0,0 +1,337 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/xenc-schema.xsd b/eaaf_core/src/main/resources/schemas/xenc-schema.xsd new file mode 100644 index 00000000..d4519cd7 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/xenc-schema.xsd @@ -0,0 +1,150 @@ + + + + + + ]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/xml.xsd b/eaaf_core/src/main/resources/schemas/xml.xsd new file mode 100644 index 00000000..547867f5 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/xml.xsd @@ -0,0 +1,83 @@ + + + + + + + See http://www.w3.org/XML/1998/namespace.html and + http://www.w3.org/TR/REC-xml for information about this namespace. + + + + + This schema defines attributes and an attribute group + suitable for use by + schemas wishing to allow xml:base, xml:lang or xml:space attributes + on elements they define. + + To enable this, such a schema must import this schema + for the XML namespace, e.g. as follows: + <schema . . .> + . . . + <import namespace="http://www.w3.org/XML/1998/namespace" + schemaLocation="http://www.w3.org/2001/03/xml.xsd"/> + + Subsequently, qualified reference to any of the attributes + or the group defined below will have the desired effect, e.g. + + <type . . .> + . . . + <attributeGroup ref="xml:specialAttrs"/> + + will define a type which will schema-validate an instance + element with any of those attributes + + + + In keeping with the XML Schema WG's standard versioning + policy, this schema document will persist at + http://www.w3.org/2001/03/xml.xsd. + At the date of issue it can also be found at + http://www.w3.org/2001/xml.xsd. + The schema document at that URI may however change in the future, + in order to remain compatible with the latest version of XML Schema + itself. In other words, if the XML Schema namespace changes, the version + of this document at + http://www.w3.org/2001/xml.xsd will change + accordingly; the version at + http://www.w3.org/2001/03/xml.xsd will not change. + + + + + + In due course, we should install the relevant ISO 2- and 3-letter + codes as the enumerated possible values . . . + + + + + + + + + + + + + + + See http://www.w3.org/TR/xmlbase/ for + information about this attribute. + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/xmldsig-core-schema.xsd b/eaaf_core/src/main/resources/schemas/xmldsig-core-schema.xsd new file mode 100644 index 00000000..d21ca43f --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/xmldsig-core-schema.xsd @@ -0,0 +1,264 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/main/resources/schemas/xmldsig-filter2.xsd b/eaaf_core/src/main/resources/schemas/xmldsig-filter2.xsd new file mode 100644 index 00000000..517e7bd5 --- /dev/null +++ b/eaaf_core/src/main/resources/schemas/xmldsig-filter2.xsd @@ -0,0 +1,38 @@ + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java new file mode 100644 index 00000000..92b2a709 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java @@ -0,0 +1,257 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.module.test; + +import java.util.Map; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; + +/** + * @author tlenz + * + */ +public class TestRequestImpl implements IRequest { + + private String processInstanceID = null; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule() + */ + @Override + public String requestedModule() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction() + */ + @Override + public String requestedAction() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#isPassiv() + */ + @Override + public boolean isPassiv() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#forceAuth() + */ + @Override + public boolean forceAuth() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getGenericData(java.lang.String) + */ + @Override + public Object getGenericData(String key) { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getGenericData(java.lang.String, java.lang.Class) + */ + @Override + public T getGenericData(String key, Class clazz) { + // TODO Auto-generated method stub + return null; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getUniqueTransactionIdentifier() + */ + @Override + public String getUniqueTransactionIdentifier() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getUniqueSessionIdentifier() + */ + @Override + public String getUniqueSessionIdentifier() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getProcessInstanceId() + */ + @Override + public String getProcessInstanceId() { + return processInstanceID; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getAuthURL() + */ + @Override + public String getAuthURL() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getAuthURLWithOutSlash() + */ + @Override + public String getAuthURLWithOutSlash() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#isNeedAuthentication() + */ + @Override + public boolean isNeedAuthentication() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#needSingleSignOnFunctionality() + */ + @Override + public boolean needSingleSignOnFunctionality() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#setNeedSingleSignOnFunctionality(boolean) + */ + @Override + public void setNeedSingleSignOnFunctionality(boolean needSSO) { + // TODO Auto-generated method stub + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#isAuthenticated() + */ + @Override + public boolean isAuthenticated() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#setAuthenticated(boolean) + */ + @Override + public void setAuthenticated(boolean isAuthenticated) { + // TODO Auto-generated method stub + + } + + /** + * @param processInstanceID the processInstanceID to set + */ + public void setProcessInstanceID(String processInstanceID) { + this.processInstanceID = processInstanceID; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#isAbortedByUser() + */ + @Override + public boolean isAbortedByUser() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#setAbortedByUser(boolean) + */ + @Override + public void setAbortedByUser(boolean isAborted) { + // TODO Auto-generated method stub + + } + + @Override + public String getSPEntityId() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setGenericDataToSession(Map map) throws EAAFStorageException { + // TODO Auto-generated method stub + + } + + @Override + public Map genericFullDataStorage() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getPendingRequestId() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOSessionIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setSSOSessionIdentifier(String internalSSOSessionId) { + // TODO Auto-generated method stub + + } + + @Override + public boolean isNeedUserConsent() { + // TODO Auto-generated method stub + return false; + } + + @Override + public void setNeedUserConsent(boolean needConsent) { + // TODO Auto-generated method stub + + } + + @Override + public ISPConfiguration getServiceProviderConfiguration() { + // TODO Auto-generated method stub + return null; + } + + @Override + public T getServiceProviderConfiguration(Class decorator) { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setGenericDataToSession(String key, Object object) throws EAAFStorageException { + // TODO Auto-generated method stub + + } + + + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/DummyTransactionStorage.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/DummyTransactionStorage.java new file mode 100644 index 00000000..15359261 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/DummyTransactionStorage.java @@ -0,0 +1,165 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.spring.test; + +import java.util.ArrayList; +import java.util.Date; +import java.util.Iterator; +import java.util.List; + +import javax.sql.DataSource; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + +/** + * Dummy DataSource implementation for convenience in test cases where a + * database connection will never actually be acquired. + * + * @see DataSource + * @author Chris Beams + */ +public class DummyTransactionStorage implements ITransactionStorage { + + private static final Logger log = LoggerFactory.getLogger(DummyTransactionStorage.class); + + + public class DummyDBEntry{ + public DummyDBEntry(String key, Object value){ + this.obj =value; + this.key = key; + } + public String getKey() { + return key; + } + public void setKey(String key) { + this.key = key; + } + public Object getObj() { + return obj; + } + public void setObj(Object obj) { + this.obj = obj; + } + private String key; + private Object obj; + } + + private ArrayList ds = new ArrayList(); + + + + @Override + public boolean containsKey(String key) { + // TODO Auto-generated method stub + Iterator it = ds.iterator(); + while(it.hasNext()){ + DummyDBEntry t = it.next(); + if(t.getKey().equals(key)) + return true; + } + return false; + } + + @Override + public void put(String key, Object value, int timeout) + throws EAAFException { + // TODO Auto-generated method stub + this.remove(key); + this.ds.add(new DummyDBEntry(key, value)); + + } + + @Override + public Object get(String key) throws EAAFException { + // TODO Auto-generated method stub + Iterator it = ds.iterator(); + while(it.hasNext()){ + DummyDBEntry t = it.next(); + if(t.getKey().equals(key)) + return t; + } + return null; + } + + @Override + public T get(String key, Class clazz) throws EAAFException { + + DummyDBEntry o = (DummyDBEntry) get(key); + if(o == null) + return null; + try { + @SuppressWarnings("unchecked") + T test = (T) (clazz.cast(o.getObj())); + return test; + + } catch (Exception e) { + log.warn("Sessioninformation Cast-Exception by using Artifact=" + key); + throw new EAAFException("Sessioninformation Cast-Exception"); + + } + } + + @Override + public T get(String key, Class clazz, long dataTimeOut) + throws EAAFException { + // TODO Auto-generated method stub + return get(key,clazz); + } + + @Override + public void changeKey(String oldKey, String newKey, Object value) + throws EAAFException { + this.remove(oldKey); + this.put(newKey, value, -1); + + } + + @Override + public void remove(String key) { + Iterator it = ds.iterator(); + while(it.hasNext()){ + DummyDBEntry t = it.next(); + if(t.getKey().equals(key)){ + this.ds.remove(t); + return; + } + } + + } + + @Override + public List clean(Date now, long dataTimeOut) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Object getRaw(String key) throws EAAFException { + // TODO Auto-generated method stub + return null; + } + + @Override + public void putRaw(String key, Object element) throws EAAFException { + // TODO Auto-generated method stub + + } + +// @Override +// public Object getAssertionStore(String key) throwsEAAFException { +// // TODO Auto-generated method stub +// return null; +// } +// +// @Override +// public void putAssertionStore(Object element) throws EAAFException { +// // TODO Auto-generated method stub +// +// } + + +} \ No newline at end of file diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/ExpressionContextAdapter.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/ExpressionContextAdapter.java new file mode 100644 index 00000000..0a25ffe1 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/ExpressionContextAdapter.java @@ -0,0 +1,54 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.spring.test; + + +import java.io.Serializable; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +import at.gv.egiz.eaaf.core.api.idp.process.ExpressionEvaluationContext; + +/** + * Adapter class for {@link ExpressionEvaluationContext}. Intended to be used for testing purposes. + * + * @author tknall + * + */ +public class ExpressionContextAdapter implements ExpressionEvaluationContext { + + private static final long serialVersionUID = 1L; + + private Map ctxData = Collections.synchronizedMap(new HashMap()); + + /** + * Returns a certain {@link Serializable} object associated with a certain {@code key}. + * + * @param key + * The key. + * @return The object or {@code null} if no object was found stored with that key or if a {@code null} value was + * stored. + */ + Serializable get(String key) { + return ctxData.get(key); + } + + /** + * Stores a {@link Serializable} with a certain {@code key}. + * + * @param key + * The key. + * @param object + * The object. + */ + void put(String key, Serializable object) { + ctxData.put(key, object); + } + + @Override + public Map getCtx() { + return Collections.unmodifiableMap(ctxData); + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SimplePojo.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SimplePojo.java new file mode 100644 index 00000000..de25ae3f --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SimplePojo.java @@ -0,0 +1,43 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.spring.test; + +import at.gv.egiz.eaaf.core.api.idp.process.ExpressionEvaluator; + +/** + * A dummy pojo used to test {@link ExpressionEvaluator} with Spring EL referencing Spring beans. + * + * @author tknall + * + */ +public class SimplePojo { + + private Boolean booleanValue; + private String stringValue; + private Integer integerValue; + + public Boolean getBooleanValue() { + return booleanValue; + } + + public void setBooleanValue(Boolean booleanValue) { + this.booleanValue = booleanValue; + } + + public String getStringValue() { + return stringValue; + } + + public void setStringValue(String stringValue) { + this.stringValue = stringValue; + } + + public Integer getIntegerValue() { + return integerValue; + } + + public void setIntegerValue(Integer integerValue) { + this.integerValue = integerValue; + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionAwareProcessEngineTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionAwareProcessEngineTest.java new file mode 100644 index 00000000..a12e3856 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionAwareProcessEngineTest.java @@ -0,0 +1,153 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.spring.test; + +import static at.gv.egiz.eaaf.core.impl.idp.process.ProcessInstanceState.NOT_STARTED; +import static at.gv.egiz.eaaf.core.impl.idp.process.ProcessInstanceState.SUSPENDED; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +import java.io.IOException; +import java.io.InputStream; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine; +import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessDefinitionParserException; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessEngineImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessInstance; +import at.gv.egiz.eaaf.core.impl.idp.process.spring.SpringExpressionEvaluator; + +/** + * Tests the process engine using processes based on Spring EL referencing the process context and further Spring beans. + * + * @author tknall + * + */ +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml") +public class SpringExpressionAwareProcessEngineTest { + + @Autowired private static ProcessEngine pe; + @Autowired private ApplicationContext applicationContext; + + private boolean isInitialized = false; + + @Before + public void init() throws IOException, ProcessDefinitionParserException { + + if (!isInitialized) { + + if (pe == null) { + pe = applicationContext.getBean("processEngine", ProcessEngine.class); + + } + + ((ProcessEngineImpl) pe).setTransitionConditionExpressionEvaluator(new SpringExpressionEvaluator()); + try (InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("/process/spring/test/SampleProcessDefinitionWithExpression1.xml")) { + ((ProcessEngineImpl) pe).registerProcessDefinition(in); + } + try (InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("/process/spring/test/SampleProcessDefinitionForSAML1Authentication.xml")) { + ((ProcessEngineImpl) pe).registerProcessDefinition(in); + } + + //initHibernateForTesting(); + } + } + + private static void initHibernateForTesting() throws IOException{ + +// InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("/at/gv/egovernment/moa/id/process/hibernate.configuration.test.properties"); +// Properties props = new Properties(); +// props.load(in); +// +// try { +// //ConfigurationDBUtils.initHibernate(props); +// Configuration config = new Configuration(); +// config.addProperties(props); +// //config.addAnnotatedClass(ProcessInstanceStore.class); +// config.addAnnotatedClass(AssertionStore.class); +// //MOASessionDBUtils.initHibernate(config, props); +// } catch (Exception e) { +// e.printStackTrace(); +// } + } + + + @Test + public void testSampleProcessDefinitionWithExpression1() throws IOException, ProcessDefinitionParserException, ProcessExecutionException { + + TestRequestImpl req = new TestRequestImpl(); + + String piId = pe.createProcessInstance("SampleProcessWithExpression1"); + ProcessInstance pi = pe.getProcessInstance(piId); + assertEquals(NOT_STARTED, pi.getState()); + + + // start process + req.setProcessInstanceID(piId); + pe.start(req); + + //processInstance should be removed when it ends + try { + pi = pe.getProcessInstance(piId); + throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found."); + //assertEquals(ENDED, pi.getState()); + + } catch (IllegalArgumentException e) { + // do nothing because processInstance should be already removed + + } + } + + @Test + public void testSampleProcessDefinitionForSAML1Authentication() throws IOException, ProcessDefinitionParserException, ProcessExecutionException { + + TestRequestImpl req = new TestRequestImpl(); + + String piId = pe.createProcessInstance("SampleProcessDefinitionForSAML1Authentication"); + ProcessInstance pi = pe.getProcessInstance(piId); + assertEquals(NOT_STARTED, pi.getState()); + + // start process + req.setProcessInstanceID(piId); + pe.start(req); + pi = pe.getProcessInstance(piId); + assertEquals(SUSPENDED, pi.getState()); + + ExecutionContext ec = pi.getExecutionContext(); + assertNotNull(ec); + System.out.println(ec.keySet()); + + assertNotNull(ec.get("bkuURL")); + assertNotNull(ec.get("IdentityLink")); + assertNotNull(ec.get("isIdentityLinkValidated")); + assertNotNull(ec.get("SignedAuthBlock")); + assertNotNull(ec.get("isSignedAuthBlockValidated")); + assertNotNull(ec.get("SAML1Assertion")); + + pe.signal(req); + try { + pi = pe.getProcessInstance(piId); + throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found."); + //assertEquals(ENDED, pi.getState()); + + } catch (IllegalArgumentException e) { + // do nothing because processInstance should be already removed + + } + + + + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java new file mode 100644 index 00000000..8f1ac098 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java @@ -0,0 +1,56 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.spring.test; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.process.ExpressionEvaluator; + +/** + * Tests the {@link ExpressionEvaluator} using a Spring EL based implementation capable of dereferencing Spring beans. + * + * @author tknall + * + */ +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/process/spring/test/SpringExpressionEvaluatorTest-context.xml") +public class SpringExpressionEvaluatorTest { + + private ExpressionContextAdapter ctx; + + @Autowired + private ExpressionEvaluator expressionEvaluator; + + @Before + public void prepareTest() { + ctx = new ExpressionContextAdapter(); + } + + @Test + public void testEvaluateSimpleExpression() { + assertTrue(expressionEvaluator.evaluate(ctx, "'true'")); + } + + @Test + public void testEvaluateExpressionWithCtx() { + ctx.put("myProperty", false); + assertFalse(expressionEvaluator.evaluate(ctx, "ctx['myProperty']")); + } + +// @Test + public void testEvaluateExpressionWithBeanReference() { + assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.booleanValue")); + assertTrue(expressionEvaluator.evaluate(ctx, "'HelloWorld'.equals(@simplePojo.stringValue)")); + assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.integerValue == 42")); + assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10")); + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/CreateSAML1AssertionTask.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/CreateSAML1AssertionTask.java new file mode 100644 index 00000000..cd1d8c0e --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/CreateSAML1AssertionTask.java @@ -0,0 +1,63 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task; + +import java.io.IOException; +import java.io.InputStream; +import java.util.Objects; + +import org.apache.commons.io.IOUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.Task; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; + +/** + * A dummy task simulating the creation of a SAML1 assertion. + *

+ * Requires context data: + *

    + *
  • {@code IdentityLink}
    • + *
  • {@code isIdentityLinkValidated}
    • + *
  • {@code SignedAuthBlock}
    • + *
  • {@code isSignedAuthBlockValidated}
    • + *
+ *

+ *

+ * Enriches context data with: + *

    + *
  • {@code SAML1Assertion}
    • + *
+ *

+ * + * @author tknall + * + */ +@Service("CreateSAML1AssertionTask") +public class CreateSAML1AssertionTask implements Task { + + private Logger log = LoggerFactory.getLogger(getClass()); + + @Override + public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException { + Objects.requireNonNull(executionContext.get("IdentityLink")); + assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated")))); + Objects.requireNonNull(executionContext.get("SignedAuthBlock")); + assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isSignedAuthBlockValidated")))); + + log.debug("Using IdentityLink and signed auth block in order to create SAML1 assertion."); + + try (InputStream in = getClass().getResourceAsStream("/process/spring/test/task/SAML1Assertion.xml")) { + executionContext.put("SAML1Assertion", IOUtils.toString(in, "UTF-8")); + } catch (IOException e) { + throw new TaskExecutionException(null, "", e); + } + + return null; + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/GetIdentityLinkTask.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/GetIdentityLinkTask.java new file mode 100644 index 00000000..6f7246f1 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/GetIdentityLinkTask.java @@ -0,0 +1,60 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task; + +import java.io.IOException; +import java.io.InputStream; +import java.util.Objects; + +import org.apache.commons.io.IOUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.Task; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; + +/** + * A dummy task simulating the retrieval of an IdentityLink. + *

+ * Asynchonous + *

+ * Requires context data: + *

    + *
  • {@code bkuURL}
    • + *
+ *

+ *

+ * Enriches context data with: + *

    + *
  • {@code IdentityLink}
    • + *
+ *

+ * + * @author tknall + * + */ +@Service("GetIdentityLinkTask") +public class GetIdentityLinkTask implements Task { + + private Logger log = LoggerFactory.getLogger(getClass()); + + @Override + public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException { + Objects.requireNonNull(executionContext.get("bkuURL")); + + log.debug("Using bkuURL in order to retrieve IdentityLink."); + + try (InputStream in = getClass().getResourceAsStream("/process/spring/test/task/IdentityLink_Max_Mustermann.xml")) { + executionContext.put("IdentityLink", IOUtils.toString(in, "UTF-8")); + + } catch (IOException e) { + throw new TaskExecutionException(null, "", e); + } + + return null; + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/SelectBKUTask.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/SelectBKUTask.java new file mode 100644 index 00000000..a763c759 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/SelectBKUTask.java @@ -0,0 +1,39 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.Task; + +/** + * A dummy task simulating a bku selection. + *

+ * Asynchonous + *

+ * Enriches context data with: + *

    + *
  • {@code bkuURL}
    • + *
+ *

+ * + * @author tknall + * + */ +@Service("SelectBKUTask") +public class SelectBKUTask implements Task { + + private Logger log = LoggerFactory.getLogger(getClass()); + + @Override + public IRequest execute(IRequest penReq, ExecutionContext executionContext) { + log.debug("Providing BKU selection."); + executionContext.put("bkuURL", "https://127.0.0.1:3496/https-security-layer-request"); + return null; + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/SignAuthBlockTask.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/SignAuthBlockTask.java new file mode 100644 index 00000000..5b3158e3 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/SignAuthBlockTask.java @@ -0,0 +1,62 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task; + +import java.io.IOException; +import java.io.InputStream; +import java.util.Objects; + +import org.apache.commons.io.IOUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.Task; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; + +/** + * A dummy task simulating the signature of an auth block. + *

+ * Asynchonous + *

+ * Requires context data: + *

    + *
  • {@code IdentityLink}
    • + *
  • {@code isIdentityLinkValidated}
    • + *
  • {@code bkuURL}
    • + *
+ *

+ *

+ * Enriches context data with: + *

    + *
  • {@code SignedAuthBlock}
    • + *
+ *

+ * + * @author tknall + * + */ +@Service("SignAuthBlockTask") +public class SignAuthBlockTask implements Task { + + private Logger log = LoggerFactory.getLogger(getClass()); + + @Override + public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException { + Objects.requireNonNull(executionContext.get("IdentityLink")); + assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated")))); + Objects.requireNonNull(executionContext.get("bkuURL")); + + log.debug("Using validated IdentityLink and bkuURL in order to sign auth block."); + try (InputStream in = getClass().getResourceAsStream("/process/spring/test/task/SignedAuthBlock.xml")) { + executionContext.put("SignedAuthBlock", IOUtils.toString(in, "UTF-8")); + } catch (IOException e) { + throw new TaskExecutionException(null, "", e); + + } + return null; + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/ValidateIdentityLinkTask.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/ValidateIdentityLinkTask.java new file mode 100644 index 00000000..8d4d507b --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/ValidateIdentityLinkTask.java @@ -0,0 +1,48 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task; + +import java.util.Objects; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.Task; + +/** + * Dummy task simulating the validation of an IdentityLink. + *

+ * Requires context data: + *

    + *
  • {@code IdentityLink}
    • + *
+ *

+ *

+ * Enriches context data with: + *

    + *
  • {@code isIdentityLinkValidated}
    • + *
+ *

+ * + * @author tknall + * + */ +@Service("ValidateIdentityLinkTask") +public class ValidateIdentityLinkTask implements Task { + + private Logger log = LoggerFactory.getLogger(getClass()); + + @Override + public IRequest execute(IRequest penReq, ExecutionContext executionContext) { + Objects.requireNonNull(executionContext.get("IdentityLink")); + + log.debug("Validating IdentityLink."); + + executionContext.put("isIdentityLinkValidated", true); + return null; + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/ValidateSignedAuthBlockTask.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/ValidateSignedAuthBlockTask.java new file mode 100644 index 00000000..26d1146d --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/ValidateSignedAuthBlockTask.java @@ -0,0 +1,53 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task; + +import java.util.Objects; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.Task; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; + +/** + * A dummy task simulating the validation of an auth block. + *

+ * Requires context data: + *

    + *
  • {@code IdentityLink}
    • + *
  • {@code isIdentityLinkValidated}
    • + *
  • {@code SignedAuthBlock}
    • + *
+ *

+ *

+ * Enriches context data with: + *

    + *
  • {@code isSignedAuthBlockValidated}
    • + *
+ *

+ * + * @author tknall + * + */ +@Service("ValidateSignedAuthBlockTask") +public class ValidateSignedAuthBlockTask implements Task { + + private Logger log = LoggerFactory.getLogger(getClass()); + + @Override + public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException { + Objects.requireNonNull(executionContext.get("IdentityLink")); + assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated")))); + Objects.requireNonNull(executionContext.get("SignedAuthBlock")); + + log.debug("Using validated IdentityLink and signed auth block in order to validate signed auth block."); + + executionContext.put("isSignedAuthBlockValidated", true); + return null; + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/BooleanStringExpressionEvaluator.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/BooleanStringExpressionEvaluator.java new file mode 100644 index 00000000..9b03f60f --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/BooleanStringExpressionEvaluator.java @@ -0,0 +1,26 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.test; + +import java.util.Objects; + +import org.apache.commons.lang3.BooleanUtils; + +import at.gv.egiz.eaaf.core.api.idp.process.ExpressionEvaluationContext; +import at.gv.egiz.eaaf.core.api.idp.process.ExpressionEvaluator; + +/** + * Expression evaluator that guesses the boolean value from a String. Refer to {@link BooleanUtils#toBoolean(String)} + * for further information. + * + * @author tknall + * + */ +public class BooleanStringExpressionEvaluator implements ExpressionEvaluator { + + @Override + public boolean evaluate(ExpressionEvaluationContext expressionContext, String expression) { + return BooleanUtils.toBoolean(Objects.requireNonNull(expression, "Expression must not be null.")); + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/HalloWeltTask.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/HalloWeltTask.java new file mode 100644 index 00000000..62e82bac --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/HalloWeltTask.java @@ -0,0 +1,26 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.test; + +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.Task; + +/** + * Simple task that just outputs a "Hallo World" text to the console. + * + * @author tknall + * + */ +@Service("HalloWeltTask") +public class HalloWeltTask implements Task { + + @Override + public IRequest execute(IRequest pendingReq, ExecutionContext executionContext) { + System.out.println("Hallo Welt"); + return null; + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/HelloWorldTask.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/HelloWorldTask.java new file mode 100644 index 00000000..1338ca50 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/HelloWorldTask.java @@ -0,0 +1,26 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.test; + +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.Task; + +/** + * Simple task that just outputs a "Hello World" text to the console. + * + * @author tknall + * + */ +@Service("HelloWorldTask") +public class HelloWorldTask implements Task { + + @Override + public IRequest execute(IRequest pendingReq, ExecutionContext executionContext) { + System.out.println("Hello World"); + return null; + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/ProcessDefinitionParserTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/ProcessDefinitionParserTest.java new file mode 100644 index 00000000..47b52ce7 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/ProcessDefinitionParserTest.java @@ -0,0 +1,139 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +import java.io.IOException; +import java.io.InputStream; + +import org.junit.Test; + +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessDefinitionParser; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessDefinitionParserException; +import at.gv.egiz.eaaf.core.impl.idp.process.model.EndEvent; +import at.gv.egiz.eaaf.core.impl.idp.process.model.ProcessDefinition; +import at.gv.egiz.eaaf.core.impl.idp.process.model.ProcessNode; +import at.gv.egiz.eaaf.core.impl.idp.process.model.StartEvent; +import at.gv.egiz.eaaf.core.impl.idp.process.model.TaskInfo; +import at.gv.egiz.eaaf.core.impl.idp.process.model.Transition; + +public class ProcessDefinitionParserTest { + + @Test(expected = ProcessDefinitionParserException.class) + public void testParseInvalidProcessDefinition_MultipleStartEvents() throws IOException, ProcessDefinitionParserException { + try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_MultipleStartEvents.xml")) { + new ProcessDefinitionParser().parse(in); + } + } + + @Test(expected = ProcessDefinitionParserException.class) + public void testParseInvalidProcessDefinition_TransitionLoop() throws IOException, ProcessDefinitionParserException { + try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionLoop.xml")) { + new ProcessDefinitionParser().parse(in); + } + } + + @Test(expected = ProcessDefinitionParserException.class) + public void testParseInvalidProcessDefinition_TransitionStartsFromEndEvent() throws IOException, ProcessDefinitionParserException { + try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionStartsFromEndEvent.xml")) { + new ProcessDefinitionParser().parse(in); + } + } + + @Test(expected = ProcessDefinitionParserException.class) + public void testParseInvalidProcessDefinition_TransitionRefsTransition() throws IOException, ProcessDefinitionParserException { + try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionRefsTransition.xml")) { + new ProcessDefinitionParser().parse(in); + } + } + + @Test(expected = ProcessDefinitionParserException.class) + public void testParseInvalidProcessDefinition_NoStartEvents() throws IOException, ProcessDefinitionParserException { + try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_NoStartEvents.xml")) { + new ProcessDefinitionParser().parse(in); + } + } + + @Test + public void testParseSampleProcessDefinition() throws IOException, ProcessDefinitionParserException { + try (InputStream in = getClass().getResourceAsStream("/process/test/SampleProcessDefinition1.xml")) { + + ProcessDefinitionParser parser = new ProcessDefinitionParser(); + ProcessDefinition pd = parser.parse(in); + + assertNotNull(pd); + assertEquals("SampleProcess1", pd.getId()); + + // first assert tasks then transitions + // start event + StartEvent startEvent = pd.getStartEvent(); + assertNotNull(startEvent); + assertEquals("start", startEvent.getId()); + assertEquals(startEvent, pd.getProcessNode("start")); + // task1 + ProcessNode processNode = pd.getProcessNode("task1"); + assertNotNull(processNode); + assertTrue(processNode instanceof TaskInfo); + TaskInfo task1 = (TaskInfo) processNode; + assertEquals("task1", task1.getId()); + assertFalse(task1.isAsync()); + // task2 + processNode = pd.getProcessNode("task2"); + assertNotNull(processNode); + assertTrue(processNode instanceof TaskInfo); + TaskInfo task2 = (TaskInfo) processNode; + assertEquals("task2", task2.getId()); + assertTrue(task2.isAsync()); + // end event + processNode = pd.getProcessNode("end"); + assertNotNull(processNode); + assertTrue(processNode instanceof EndEvent); + EndEvent endEvent = (EndEvent) processNode; + assertEquals("end", endEvent.getId()); + + // assert transitions + // start event + assertNotNull(startEvent.getIncomingTransitions()); + assertTrue(startEvent.getIncomingTransitions().isEmpty()); + assertNotNull(startEvent.getOutgoingTransitions()); + assertEquals(1, startEvent.getOutgoingTransitions().size()); + // transition from start to task1 + Transition startToTask1 = startEvent.getOutgoingTransitions().get(0); + assertEquals("fromStart", startToTask1.getId()); + assertEquals(startEvent, startToTask1.getFrom()); + assertEquals(task1, startToTask1.getTo()); + assertEquals("true", startToTask1.getConditionExpression()); + // task1 + assertNotNull(task1.getIncomingTransitions()); + assertEquals(1, task1.getIncomingTransitions().size()); + assertEquals(startToTask1, task1.getIncomingTransitions().get(0)); + assertNotNull(task1.getOutgoingTransitions()); + assertEquals(1, task1.getOutgoingTransitions().size()); + // transition from task1 to task2 + Transition task1ToTask2 = task1.getOutgoingTransitions().get(0); + assertNull(task1ToTask2.getId()); + assertEquals(task1, task1ToTask2.getFrom()); + assertEquals(task2, task1ToTask2.getTo()); + assertNull(task1ToTask2.getConditionExpression()); + // task2 + assertNotNull(task2.getIncomingTransitions()); + assertEquals(1, task2.getIncomingTransitions().size()); + assertEquals(task1ToTask2, task2.getIncomingTransitions().get(0)); + assertNotNull(task2.getOutgoingTransitions()); + assertEquals(1, task2.getOutgoingTransitions().size()); + // transition from task2 to end + Transition task2ToEnd = task2.getOutgoingTransitions().get(0); + assertNull(task2ToEnd.getId()); + assertEquals(task2, task2ToEnd.getFrom()); + assertEquals(endEvent, task2ToEnd.getTo()); + assertNull(task2ToEnd.getConditionExpression()); + + } + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/ProcessEngineTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/ProcessEngineTest.java new file mode 100644 index 00000000..fe07f74d --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/ProcessEngineTest.java @@ -0,0 +1,145 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.process.test; + +import static at.gv.egiz.eaaf.core.impl.idp.process.ProcessInstanceState.NOT_STARTED; +import static at.gv.egiz.eaaf.core.impl.idp.process.ProcessInstanceState.SUSPENDED; +import static org.junit.Assert.assertEquals; + +import java.io.IOException; +import java.io.InputStream; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine; +import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessDefinitionParser; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessDefinitionParserException; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessEngineImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessInstance; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml") +public class ProcessEngineTest { + + @Autowired private static ProcessEngine pe; + + @Autowired private ApplicationContext applicationContext; + + private boolean isInitialized = false; + + @Before + public void init() throws IOException, ProcessDefinitionParserException { + + if (!isInitialized) { + ProcessDefinitionParser pdp = new ProcessDefinitionParser(); + + if (pe == null) { + pe = applicationContext.getBean("processEngine", ProcessEngine.class); + + } + + ((ProcessEngineImpl) pe).setTransitionConditionExpressionEvaluator(new BooleanStringExpressionEvaluator()); + try (InputStream in = ProcessEngineTest.class.getResourceAsStream("/process/test/SampleProcessDefinition1.xml")) { + ((ProcessEngineImpl) pe).registerProcessDefinition(pdp.parse(in)); + } + try (InputStream in = ProcessEngineTest.class.getResourceAsStream("/process/test/SampleProcessDefinition2.xml")) { + ((ProcessEngineImpl) pe).registerProcessDefinition(pdp.parse(in)); + } + + //initHibernateForTesting(); + isInitialized = true; + } + } + + private static void initHibernateForTesting() throws IOException{ + +// InputStream in = ProcessEngineTest.class.getResourceAsStream("/at/gv/egovernment/moa/id/process/hibernate.configuration.test.properties"); +// Properties props = new Properties(); +// props.load(in); +// +// try { +// //ConfigurationDBUtils.initHibernate(props); +// Configuration config = new Configuration(); +// config.addProperties(props); +// //config.addAnnotatedClass(ProcessInstanceStore.class); +// config.addAnnotatedClass(AssertionStore.class); +// //MOASessionDBUtils.initHibernate(config, props); +// } catch (Exception e) { +// e.printStackTrace(); +// } + } + + @Test + public void testSampleProcess1() throws IOException, ProcessDefinitionParserException, ProcessExecutionException { + + TestRequestImpl testReq = new TestRequestImpl(); + + String piId = pe.createProcessInstance("SampleProcess1"); + ProcessInstance pi = pe.getProcessInstance(piId); + assertEquals(NOT_STARTED, pi.getState()); + + // start process + testReq.setProcessInstanceID(piId); + pe.start(testReq); + pi = pe.getProcessInstance(piId); + assertEquals(SUSPENDED, pi.getState()); + + System.out.println("Do something asynchronously"); + testReq.setProcessInstanceID(piId); + pe.signal(testReq); + try { + pi = pe.getProcessInstance(piId); + throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found."); + //assertEquals(ENDED, pi.getState()); + + } catch (IllegalArgumentException e) { + // do nothing because processInstance should be already removed + + } + } + + @Test + public void testSampleProcess2() throws IOException, ProcessDefinitionParserException, ProcessExecutionException { + + TestRequestImpl testReq = new TestRequestImpl(); + + String piId = pe.createProcessInstance("SampleProcess2"); + ProcessInstance pi = pe.getProcessInstance(piId); + assertEquals(NOT_STARTED, pi.getState()); + + // start process + testReq.setProcessInstanceID(piId); + pe.start(testReq); + pi = pe.getProcessInstance(piId); + assertEquals(SUSPENDED, pi.getState()); + + System.out.println("Do something asynchronously"); + testReq.setProcessInstanceID(piId); + pe.signal(testReq); + try { + pi = pe.getProcessInstance(piId); + throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found."); + //assertEquals(ENDED, pi.getState()); + + } catch (IllegalArgumentException e) { + // do nothing because processInstance should be already removed + + } + + + } + + @Test(expected = IllegalArgumentException.class) + public void testProcessInstanceDoesNotExist() { + pe.getProcessInstance("does not exist"); + } + +} diff --git a/eaaf_core/src/test/resources/log4j.xml b/eaaf_core/src/test/resources/log4j.xml new file mode 100644 index 00000000..6685c1e8 --- /dev/null +++ b/eaaf_core/src/test/resources/log4j.xml @@ -0,0 +1,16 @@ + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/test/resources/process/hibernate.configuration.test.properties b/eaaf_core/src/test/resources/process/hibernate.configuration.test.properties new file mode 100644 index 00000000..c4faa6d0 --- /dev/null +++ b/eaaf_core/src/test/resources/process/hibernate.configuration.test.properties @@ -0,0 +1,12 @@ +# minimal Hibnerate configuration for testing the process engine +hibernate.dialect=org.hibernate.dialect.H2Dialect +hibernate.connection.url=jdbc:h2:mem:moa.id-session;DB_CLOSE_DELAY=-1 +hibernate.connection.charSet=utf-8 +hibernate.connection.driver_class=org.h2.Driver +hibernate.connection.username= +hibernate.connection.password= + +hibernate.format_sql=true +hibernate.show_sql=false +hibernate.transaction.auto_close_session=true +hibernate.hbm2ddl.auto=update diff --git a/eaaf_core/src/test/resources/process/spring/test/SampleProcessDefinitionForSAML1Authentication.xml b/eaaf_core/src/test/resources/process/spring/test/SampleProcessDefinitionForSAML1Authentication.xml new file mode 100644 index 00000000..3ccc837f --- /dev/null +++ b/eaaf_core/src/test/resources/process/spring/test/SampleProcessDefinitionForSAML1Authentication.xml @@ -0,0 +1,58 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/test/resources/process/spring/test/SampleProcessDefinitionWithExpression1.xml b/eaaf_core/src/test/resources/process/spring/test/SampleProcessDefinitionWithExpression1.xml new file mode 100644 index 00000000..dfe18642 --- /dev/null +++ b/eaaf_core/src/test/resources/process/spring/test/SampleProcessDefinitionWithExpression1.xml @@ -0,0 +1,19 @@ + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/test/resources/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml b/eaaf_core/src/test/resources/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml new file mode 100644 index 00000000..2f4648de --- /dev/null +++ b/eaaf_core/src/test/resources/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml @@ -0,0 +1,48 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/test/resources/process/spring/test/SpringExpressionEvaluatorTest-context.xml b/eaaf_core/src/test/resources/process/spring/test/SpringExpressionEvaluatorTest-context.xml new file mode 100644 index 00000000..97dfe6fb --- /dev/null +++ b/eaaf_core/src/test/resources/process/spring/test/SpringExpressionEvaluatorTest-context.xml @@ -0,0 +1,14 @@ + + + + + + + + + + + + diff --git a/eaaf_core/src/test/resources/process/spring/test/task/IdentityLink_Max_Mustermann.xml b/eaaf_core/src/test/resources/process/spring/test/task/IdentityLink_Max_Mustermann.xml new file mode 100644 index 00000000..c68972f1 --- /dev/null +++ b/eaaf_core/src/test/resources/process/spring/test/task/IdentityLink_Max_Mustermann.xml @@ -0,0 +1,52 @@ + + + + + urn:oasis:names:tc:SAML:1.0:cm:sender-vouches + + tqCQEC7+AqGEeeL390V5Jg==urn:publicid:gv.at:baseidMaxMustermann1940-01-01 + + + + + + + + + + + + not(ancestor-or-self::pr:Identification) + + + + + Rmr5vkWXL/PvpoXnbK632QmzYms= + + + + HoPZWYll8aMFpKOlRSwckt5iCQk= + + + + NPpRwVo5/5kf5iHUyaEc7d7So3W4oPgOCYNgnKpgdZfttFkFFN+9oG60w7YvKEYSeTPhP3zp7eaH +ZFapj+naD+wd0y5ELWep9Y+s+qP7fNLrFECHQxQasLWtR4akxlWDpYQ0bvOuepK2ip1EQ6pRlccA +wJ1l4iOWFhfdA9YAg5QLkBqWSwgrNUswhLnDBM+Ot6Gj5g2rpYY7aoAOXvTR8B5Dkg94ASb4u0wv +VPV8+4mjOfP+l6QWLqywzcq3qj/qFZkbujjZbV/fNPDnDD1ff/M6ZfCGO8xzlYfjfEA7cmHuiJf2 +/ey/3nT7vI5XbpBPWChT5Sl4DQysxlfE6e4MZw== + MIIF3TCCBMWgAwIBAgIDByniMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIwIAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMB4XDTEwMDcyODExMzY0M1oXDTE1MDcyODExMzY0M1owgbYxCzAJBgNVBAYTAkFUMR4wHAYDVQQKDBVEYXRlbnNjaHV0emtvbW1pc3Npb24xIjAgBgNVBAsMGVN0YW1temFobHJlZ2lzdGVyYmVob2VyZGUxLjAsBgNVBAMMJVNpZ25hdHVyc2VydmljZSBEYXRlbnNjaHV0emtvbW1pc3Npb24xFTATBgNVBAUTDDMyNTkyODMyMzk5ODEcMBoGCSqGSIb3DQEJARYNZHNrQGRzay5ndi5hdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+dBSEBGj2jUXIK1Mp3lVxc/Za+pJMiyKrX3G1ZxgX/ikx7D9scsPYMt473LlAWl9cmCbHbJK+PV2XNNdURLMUCIX+4vUNs2MHeDTQtX8BXjJFpwJYSoaRJQ39FVS/1r5sWcra9Hhdm7w5Gtx/2ukyDX0kdkxawkhP4EQEzi/SI+Fugn+WqgQ1nAdlbxb/dcBw5w1h9b3lmuwUf4z3ooQWUD2DgA/kKd1KejNR43mLUsmvSzevPxT9zs78pOR1OacB7IszTVJPXeOEaaNZHnnB/UeO3g8LEV/3OkXcUgcMkbIIiaBHlll71Pq0COj9kqjXoe7OrRjLY5i3KwOpa6TMCAwEAAaOCAgcwggIDMBMGA1UdIwQMMAqACEkcWDpP6A0DMH8GCCsGAQUFBwEBBHMwcTAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AuYS10cnVzdC5hdC9vY3NwMEYGCCsGAQUFBzAChjpodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMmEuY3J0MFQGA1UdIARNMEswSQYGKigAEQESMD8wPQYIKwYBBQUHAgEWMWh0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Etc2lnbi1BbXRzc2lnbmF0dXIwgZ4GA1UdHwSBljCBkzCBkKCBjaCBioaBh2xkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMixvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQITAgOnhr0tbowDgYDVR0PAQH/BAQDAgSwMCAGA1UdEQQZMBeBFW1hcmN1cy5oaWxkQGRzay5ndi5hdDAJBgNVHRMEAjAAMA4GByooAAoBBwEEAwEB/zAUBgcqKAAKAQEBBAkMB0JTQi1EU0swDQYJKoZIhvcNAQEFBQADggEBAHTklnvPCH/bJSOlIPbLUEkSGuFHsektSZ8Vr22x/Yv7EzsxoQrJIiz2mQ2gQqFuExdWYxvsowjiSbiis9iUf1c0zscvDS3mIZxGs4M89XHsjHnIyb+Fuwnamw65QrFvM1tNB1ZMjxJ3x+YmHLHdtT3BEBcr3/NCRHd2S0HoBspNz9HVgJaZY1llR7poKBvnAc4g1i+QTvyVb00PtKxR9Lw/9ABInX/1pzpxqrPy7Ib2OP8z6dd3WHmIsCiSHUaj0Dxwwln6fYJjhxZ141SnbovlCLYtrsZLXoi9ljIqX4xO0PwMI2RfNc9cXxTRrRS6rEOvX7PpvgXiDXhp592Yyp4= + + + + + + not(ancestor-or-self::dsig:Signature) + + + + 7IkIdYti2dh3VZQ4Fp+9lPT67cM= + + + + + \ No newline at end of file diff --git a/eaaf_core/src/test/resources/process/spring/test/task/SAML1Assertion.xml b/eaaf_core/src/test/resources/process/spring/test/task/SAML1Assertion.xml new file mode 100644 index 00000000..3aeedd59 --- /dev/null +++ b/eaaf_core/src/test/resources/process/spring/test/task/SAML1Assertion.xml @@ -0,0 +1,487 @@ + + + + + K2YMyx3/5kIpNJR+SAD/rbRYH+c= + + http://reference.e-government.gv.at/namespace/moa/20020822#cm + + + + + https://localhost:18443/moa-id-auth/ + + + + + K2YMyx3/5kIpNJR+SAD/rbRYH+c= + urn:publicid:gv.at:wbpk+FN+www.act.at + + + + + https://localhost:48443/mandates/ + + + 1978-04-29 + + + Vollmachtsvertreter + + + MeineTestFirma + + + 123456i + + + + + + + + + + + + + + + Signatur der Anmeldedaten + + + +

Signatur der Anmeldedaten

+

+

Mit meiner elektronischen Signatur beantrage ich, + + + , geboren am + . + . + , + + in der Rolle als + (OID***= ), + + den Zugang zur gesicherten Anwendung. +

+

+

Datum und Uhrzeit: + . + . + , + : + : + +

+ +

HPI(**): +

+ + +

wbPK(*): +

+ + +
+

Ich bin weiters ermächtigt als + von + , geboren am + . + . + + + , + + , in deren Auftrag zu handeln. +

+ +

wbPK(*) des Vollmachtgebers: +

+ +

+ + + +

+

+ + +

+

+ + +

+

+ + + +
(*) wbPK: Das wirtschaftsbereichsspezifische Personenkennzeichen wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.
+ + +
(**) HPI: Der eHealth Professional Identifier wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.
+ + +
(***) OID: Object Identifier sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.
+ + + + + + + + + + 0q9QWyqAyyiVNNLu1rIcU+nKsEE= + + + + WtB0/ptvoB/r/7+fauSUIBULymg= + + + mZt9DuZiDqG81scsf30qjSDdy6vKC2/n034ZZwMUAvfWOXy3+Ubsk5X5CHhz ++lyI + + + MIIEtDCCA5ygAwIBAgIDAgTEMA0GCSqGSIb3DQEBBQUAMIGXMQswCQYDVQQG +EwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lz +dGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR4wHAYDVQQLDBVh +LXNpZ24tUHJlbWl1bS1TaWctMDIxHjAcBgNVBAMMFWEtc2lnbi1QcmVtaXVt +LVNpZy0wMjAeFw0wNjA0MDQwOTUyMjhaFw0xMTA0MDQwOTUyMjhaMGkxCzAJ +BgNVBAYTAkFUMRUwEwYDVQQDDAxUaG9tYXMgS25hbGwxDjAMBgNVBAQMBUtu +YWxsMQ8wDQYDVQQqDAZUaG9tYXMxFTATBgNVBAUTDDUzNTE5ODkyMzM0OTEL +MAkGA1UEDAwCREkwSTATBgcqhkjOPQIBBggqhkjOPQMBAQMyAARrnYW5sXCQ +6M3irWaanDPi/ROXueKWiPRyZGjNH0Cp/NaiOuvrpv2RDVEKQm2tBiajggIP +MIICCzATBgNVHSMEDDAKgAhN3+H/S9nJ3zAnBggrBgEFBQcBAwEB/wQYMBYw +CAYGBACORgEBMAoGCCsGAQUFBwsBMHsGCCsGAQUFBwEBBG8wbTBCBggrBgEF +BQcwAoY2aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Etc2lnbi1QcmVt +aXVtLVNpZy0wMmEuY3J0MCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5hLXRy +dXN0LmF0L29jc3AwWQYDVR0gBFIwUDBEBgYqKAARAQswOjA4BggrBgEFBQcC +ARYsaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3AvYS1zaWduLVByZW1p +dW0wCAYGBACLMAEBMIGaBgNVHR8EgZIwgY8wgYyggYmggYaGgYNsZGFwOi8v +bGRhcC5hLXRydXN0LmF0L291PWEtc2lnbi1QcmVtaXVtLVNpZy0wMixvPUEt +VHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2Jq +ZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQI +SNyH29WUoCgwDgYDVR0PAQH/BAQDAgbAMCgGA1UdCQQhMB8wHQYIKwYBBQUH +CQExERgPMTk3ODA0MjkwMDAwMDBaMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEF +BQADggEBAFkSCJE0YD4p4izU3ekQYPv4Z7gm/VFlpma5hXNvwkajVjHlAqo/ +ylYn8NQ4mMkD+yCDNtm8m8nr0K/yICb8Gnkbv59i6nh2AbzYBBb49VnYYGL6 +uunLH0aFUpAhy+3mDdlH8uhhIQBHwCfgwG1qa5zXY7bz4Vzkac/h6T+JVFkI +egO8OHQDadhgJvW80qspiao2DTac6vVgx4tGvjpdmw1R2pXBYhHD5rkPHlkf +GoeL3ak6hq4ea94Oy5VfNTIJv5MA0J2G1mwnW9B8uPWSM5EYPoWJyBOWcKBL +SSUqOt9D/9215ZGfbchkdRZjx0dTAD3FIhgG8nA72/uCFrBzyTk= + + + + + + + + 2008-07-14T15:51:35Z + + + + + inMYWBmAxMHP7mDENjLFaEtv0Zk= + + + CN=a-sign-Premium-Sig-02,OU=a-sign-Premium-Sig-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT + 132292 + + + + + + + + + + application/xhtml+xml + + + + + + + + + + + + urn:oasis:names:tc:SAML:1.0:cm:sender-vouches + + + + K2YMyx3/5kIpNJR+SAD/rbRYH+c= + urn:publicid:gv.at:wbpk+FN+www.act.at + + + Thomas + Knall + + 1978-04-29 + + + + + + + + + + + + + + + + + + + + + sWOqPZzPTn9VvBR5LjuopIWYdh5aGzuX2vMjofhn8bStba1CDW1qkDdlYW4Rs/DfU/I1uqor4Lje +/G3Yzh82yD0MHdzlW8MYUJ8RJe+czbjRUPaSbC/NRqhyF3eKnflxM++sJb2abrUH/9TV0q8P5QRS +uZC/JpAEYpSazysPz/fv8AEnU8oxcTvCiax1jf2GZPmm3qFjPc4qDYNHqfnE8yWYt7kHeqPV/cRw +x3aMGW8mRwQZb7VRFLW5g37nrt9N + AQAB + + + + + + + + + + + + not(ancestor-or-self::pr:Identification) + + + + + b3d/wcQb0Bl0/6GSPsrMxWpdRLA= + + + + eet0q3Thmw6+cbO1fazbEg0556I= + + + +oy55Cq7IyYy7z/TO2a3+m7tjG/ztiKhxhGzVqEYIWIObEOs/GVJDCCI4oe/HS8Fhc4TaXDcZXk4y +qBp4JJ288TeaNjPYkPzp38nWJ4xRatEyo7VaySXy+TqgwiBT5uhxrwkroCr4ZIWwOvt1uR5UBVAf +qk1ii+LPW2WYE3bMpoHfrM9CdFSPzWTRl/0zsEURc64EBPyIdKz+c70DaexeX2E0JVelKcj+jDaJ +mHsFhi/9QoscqPEVA87qv07yhyK5S41+f3HDvpuhYwvQDdOq50sclfsI+g9r473VxiRsOmJ9Ak4/ +k2KP0tgfAQ+h5hRGQUUo5LYPywjg7zPxe8SGGA== + + + + +MIIFZTCCBE2gAwIBAgIDAt4cMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29y +cG9yYXRlLWxpZ2h0LTAzMSIwIAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0 +LTAzMB4XDTA3MDExOTA5MDY0OFoXDTEyMDExOTA5MDY0OFowgZwxCzAJBgNVBAYT +AkFUMRkwFwYDVQQKDBBCdW5kZXNrYW56bGVyYW10MR4wHAYDVQQLDBVEYXRlbnNj +aHV0emtvbW1pc3Npb24xHTAbBgNVBAMMFERyLiBXYWx0cmF1dCBLb3RzY2h5MRUw +EwYDVQQFEww3MDAyNDc0OTk4MDQxHDAaBgkqhkiG9w0BCQEWDWRza0Bkc2suZ3Yu +YXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfnQUhARo9o1FyCtTK +d5VcXP2WvqSTIsiq19xtWcYF/4pMew/bHLD2DLeO9y5QFpfXJgmx2ySvj1dlzTXV +ESzFAiF/uL1DbNjB3g00LV/AV4yRacCWEqGkSUN/RVUv9a+bFnK2vR4XZu8ORrcf +9rpMg19JHZMWsJIT+BEBM4v0iPhboJ/lqoENZwHZW8W/3XAcOcNYfW95ZrsFH+M9 +6KEFlA9g4AP5CndSnozUeN5i1LJr0s3rz8U/c7O/KTkdTmnAeyLM01ST13jhGmjW +R55wf1Hjt4PCxFf9zpF3FIHDJGyCImgR5ZZe9T6tAjo/ZKo16Huzq0Yy2OYtysDq +WukzAgMBAAGjggGpMIIBpTATBgNVHSMEDDAKgAhBkWkcv63YmDBVBggrBgEFBQcB +AQRJMEcwRQYIKwYBBQUHMAKGOWh0dHA6Ly93d3cuYS10cnVzdC5hdC9jZXJ0cy9h +LXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAzLmNydDBYBgNVHSAEUTBPME0GByooABEB +BwEwQjBABggrBgEFBQcCARY0aHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3Av +YS1zaWduLWNvcnBvcmF0ZS1saWdodDCBngYDVR0fBIGWMIGTMIGQoIGNoIGKhoGH +bGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1hLXNpZ24tY29ycG9yYXRlLWxpZ2h0 +LTAzLG89QS1UcnVzdCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFz +ZT9vYmplY3RjbGFzcz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MBEGA1UdDgQK +BAhMCA6eGvS1ujAOBgNVHQ8BAf8EBAMCBLAwCQYDVR0TBAIwADAOBgcqKAAKAQcB +BAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAEoIvqPLAg0n2wCS27zTL+hmLi7zSbes +Od4e6pFT1l3cwGfdTkhiHVPnPRaDGLQkS384fAXBrOp6W13X9m2jD9csO6vZhd+T +nERXN1AqayoaecXFyHPykVUTLhn6pMdiSE21mEozfGLUDGMz74lvphEKFAOOCgp1 +o5ZCR09RbGAEbQNNn+ucXJxIa3mYjr1h3AElVbXoeoz12qUpqsNm9znymSkcmcNo +B5Pk6qXXx9UeC/Tj0aTglNkcMOSCFayldzOBaY6+qWKguPdzQUEryhGiNuARQpM5 +KMzvI0rmpc4Gau5HT9rQZHadr++VS8v1k6935uIyyZF9s+gdS5ywnSM= + + + + + + + + + not(ancestor-or-self::dsig:Signature) + + + + JZGwiDzQAtJtnJMeeXyypTrDjwY= + + + + + + + + + + + + + K2YMyx3/5kIpNJR+SAD/rbRYH+c= + urn:publicid:gv.at:wbpk+FN+www.act.at + + + Thomas + Knall + + 1978-04-29 + + + + + true + + + https://127.0.0.1:3496/https-security-layer-request + + + MIIEtDCCA5ygAwIBAgIDAgTEMA0GCSqGSIb3DQEBBQUAMIGXMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR4wHAYDVQQLDBVhLXNpZ24tUHJl +bWl1bS1TaWctMDIxHjAcBgNVBAMMFWEtc2lnbi1QcmVtaXVtLVNpZy0wMjAeFw0w +NjA0MDQwOTUyMjhaFw0xMTA0MDQwOTUyMjhaMGkxCzAJBgNVBAYTAkFUMRUwEwYD +VQQDDAxUaG9tYXMgS25hbGwxDjAMBgNVBAQMBUtuYWxsMQ8wDQYDVQQqDAZUaG9t +YXMxFTATBgNVBAUTDDUzNTE5ODkyMzM0OTELMAkGA1UEDAwCREkwSTATBgcqhkjO +PQIBBggqhkjOPQMBAQMyAARrnYW5sXCQ6M3irWaanDPi/ROXueKWiPRyZGjNH0Cp +/NaiOuvrpv2RDVEKQm2tBiajggIPMIICCzATBgNVHSMEDDAKgAhN3+H/S9nJ3zAn +BggrBgEFBQcBAwEB/wQYMBYwCAYGBACORgEBMAoGCCsGAQUFBwsBMHsGCCsGAQUF +BwEBBG8wbTBCBggrBgEFBQcwAoY2aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRz +L2Etc2lnbi1QcmVtaXVtLVNpZy0wMmEuY3J0MCcGCCsGAQUFBzABhhtodHRwOi8v +b2NzcC5hLXRydXN0LmF0L29jc3AwWQYDVR0gBFIwUDBEBgYqKAARAQswOjA4Bggr +BgEFBQcCARYsaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3AvYS1zaWduLVBy +ZW1pdW0wCAYGBACLMAEBMIGaBgNVHR8EgZIwgY8wgYyggYmggYaGgYNsZGFwOi8v +bGRhcC5hLXRydXN0LmF0L291PWEtc2lnbi1QcmVtaXVtLVNpZy0wMixvPUEtVHJ1 +c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xh +c3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQISNyH29WUoCgw +DgYDVR0PAQH/BAQDAgbAMCgGA1UdCQQhMB8wHQYIKwYBBQUHCQExERgPMTk3ODA0 +MjkwMDAwMDBaMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAFkSCJE0YD4p +4izU3ekQYPv4Z7gm/VFlpma5hXNvwkajVjHlAqo/ylYn8NQ4mMkD+yCDNtm8m8nr +0K/yICb8Gnkbv59i6nh2AbzYBBb49VnYYGL6uunLH0aFUpAhy+3mDdlH8uhhIQBH +wCfgwG1qa5zXY7bz4Vzkac/h6T+JVFkIegO8OHQDadhgJvW80qspiao2DTac6vVg +x4tGvjpdmw1R2pXBYhHD5rkPHlkfGoeL3ak6hq4ea94Oy5VfNTIJv5MA0J2G1mwn +W9B8uPWSM5EYPoWJyBOWcKBLSSUqOt9D/9215ZGfbchkdRZjx0dTAD3FIhgG8nA7 +2/uCFrBzyTk= + + + + + Prokura - MeineTestFirma + http://localhost:58080/omsp/OMSPRequest + + + + K2YMyx3/5kIpNJR+SAD/rbRYH+c= + urn:publicid:gv.at:wbpk+FN+www.act.at + + + Thomas + Knall + + 1978-04-29 + + + + + + 123456i + urn:publicid:gv.at:baseid+XFN + + MeineTestFirma + + + + Wien + 2008-07-14 + + + false + + + Der/Die Bevollmächtigte wird zum Prokuristen/Prokuristin bestellt. + + + + + + + + + not(ancestor-or-self::pr:Identification or ancestor-or-self::dsig:Signature) + + + + + + PRRF0sWBgoywztCKWEXafZfhpd0= + + + + NorNorUqPFMA06JfxSJopOq7Qv0= + + + IQMZFc57XZd9LjeiaZqSfzZtWuXhuikAqbKA7pWuDK02DLFSYZPXsGjcvnwNdVaP + + + MIICtjCCAm6gAwIBAgIBATAJBgcqhkjOPQQBMGoxCzAJBgNVBAYTAkFUMQ0wCwYD +VQQHEwRXaWVuMRkwFwYDVQQJExBFc3NsaW5nZ2Fzc2UgNS85MQwwCgYDVQQKEwNB +Q1QxIzAhBgNVBAMTGlZvbGxtYWNodGVuIFNpZ25hdHVyZGllbnN0MB4XDTA4MDcw +ODE1MTk1MFoXDTEyMTIzMTIxNTk1OVowajELMAkGA1UEBhMCQVQxDTALBgNVBAcT +BFdpZW4xGTAXBgNVBAkTEEVzc2xpbmdnYXNzZSA1LzkxDDAKBgNVBAoTA0FDVDEj +MCEGA1UEAxMaVm9sbG1hY2h0ZW4gU2lnbmF0dXJkaWVuc3QwgfMwgbwGByqGSM49 +AgEwgbACAQEwJAYHKoZIzj0BAQIZAP////////////////////7//////////zA0 +BBj////////////////////+//////////wEGGQhBRnlnIDnD6fpq3IkMEn+uN7s +wUa5sQQxBBiNqA6wMJD2fL8g60OhiAD0/wr9gv8QEgcZK5X/yNp4YxAR7WskzdVz ++XehHnlIEQIZAP///////////////5ne+DYUa8mxtNIoMQIBAQMyAAS908G9FD5/ +LLYruwFbp9giXahdQ1FAqKwzohSn9pgsVTQBnvXxU8IWIzhPHs49DZCjazBpMAwG +A1UdEwEB/wQCMAAwHQYDVR0OBBYEFLOSgnkLSJ3l4Ah49rHX/FAV1wWcMBkGA1Ud +IAQSMBAwDgYMKwYBBAGVEgECBAEBMB8GA1UdIwQYMBaAFLOSgnkLSJ3l4Ah49rHX +/FAV1wWcMAkGByqGSM49BAEDNwAwNAIYTTppZzS6wqoLDFcf9frHzf1kMheY04dT +Ahg4Nrb54vE3DTRf9sbO4xs4dTARHSt1ihA= + + + + + + + + not(ancestor-or-self::dsig:Signature) + + + + + + oz6ThHPL3V7RNibfPrDSWVhUgi8= + + + + + + + + + diff --git a/eaaf_core/src/test/resources/process/spring/test/task/SignedAuthBlock.xml b/eaaf_core/src/test/resources/process/spring/test/task/SignedAuthBlock.xml new file mode 100644 index 00000000..450ba90f --- /dev/null +++ b/eaaf_core/src/test/resources/process/spring/test/task/SignedAuthBlock.xml @@ -0,0 +1,179 @@ + + + + + + + + + + + + + + Signatur der Anmeldedaten + + + +

Signatur der Anmeldedaten

+

+

Mit meiner elektronischen Signatur beantrage ich, + + + , geboren am +. +. +, + +in der Rolle als +(OID***= ), + +den Zugang zur gesicherten Anwendung. +

+

+

Datum und Uhrzeit: +. +. +, +: +: + +

+ +

HPI(**): +

+ + +

wbPK(*): +

+ + +
+

Ich bin weiters ermächtigt als +von + , geboren am + . + . + + + , + + , in deren Auftrag zu handeln. +

+ +

wbPK(*) des Vollmachtgebers: +

+ +

+ + + +

+

+ + +

+

+ + +

+

+ + + +
(*) wbPK: Das wirtschaftsbereichsspezifische Personenkennzeichen wird aus den +jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum +Wirtschaftsunternehmen.
+ + +
(**) HPI: Der eHealth Professional Identifier wird aus den jeweiligen +Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der +Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.
+ + +
(***) OID: Object Identifier sind standardisierte Objekt-Bezeichner und +beschreiben eindeutig die Rollen des GDA-Token Inhabers.
+ + + + + + + + + + 0q9QWyqAyyiVNNLu1rIcU+nKsEE= + + + + WtB0/ptvoB/r/7+fauSUIBULymg= + + + mZt9DuZiDqG81scsf30qjSDdy6vKC2/n034ZZwMUAvfWOXy3+Ubsk5X5CHhz ++lyI + + + MIIEtDCCA5ygAwIBAgIDAgTEMA0GCSqGSIb3DQEBBQUAMIGXMQswCQYDVQQG +EwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lz +dGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR4wHAYDVQQLDBVh +LXNpZ24tUHJlbWl1bS1TaWctMDIxHjAcBgNVBAMMFWEtc2lnbi1QcmVtaXVt +LVNpZy0wMjAeFw0wNjA0MDQwOTUyMjhaFw0xMTA0MDQwOTUyMjhaMGkxCzAJ +BgNVBAYTAkFUMRUwEwYDVQQDDAxUaG9tYXMgS25hbGwxDjAMBgNVBAQMBUtu +YWxsMQ8wDQYDVQQqDAZUaG9tYXMxFTATBgNVBAUTDDUzNTE5ODkyMzM0OTEL +MAkGA1UEDAwCREkwSTATBgcqhkjOPQIBBggqhkjOPQMBAQMyAARrnYW5sXCQ +6M3irWaanDPi/ROXueKWiPRyZGjNH0Cp/NaiOuvrpv2RDVEKQm2tBiajggIP +MIICCzATBgNVHSMEDDAKgAhN3+H/S9nJ3zAnBggrBgEFBQcBAwEB/wQYMBYw +CAYGBACORgEBMAoGCCsGAQUFBwsBMHsGCCsGAQUFBwEBBG8wbTBCBggrBgEF +BQcwAoY2aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Etc2lnbi1QcmVt +aXVtLVNpZy0wMmEuY3J0MCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5hLXRy +dXN0LmF0L29jc3AwWQYDVR0gBFIwUDBEBgYqKAARAQswOjA4BggrBgEFBQcC +ARYsaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3AvYS1zaWduLVByZW1p +dW0wCAYGBACLMAEBMIGaBgNVHR8EgZIwgY8wgYyggYmggYaGgYNsZGFwOi8v +bGRhcC5hLXRydXN0LmF0L291PWEtc2lnbi1QcmVtaXVtLVNpZy0wMixvPUEt +VHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2Jq +ZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQI +SNyH29WUoCgwDgYDVR0PAQH/BAQDAgbAMCgGA1UdCQQhMB8wHQYIKwYBBQUH +CQExERgPMTk3ODA0MjkwMDAwMDBaMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEF +BQADggEBAFkSCJE0YD4p4izU3ekQYPv4Z7gm/VFlpma5hXNvwkajVjHlAqo/ +ylYn8NQ4mMkD+yCDNtm8m8nr0K/yICb8Gnkbv59i6nh2AbzYBBb49VnYYGL6 +uunLH0aFUpAhy+3mDdlH8uhhIQBHwCfgwG1qa5zXY7bz4Vzkac/h6T+JVFkI +egO8OHQDadhgJvW80qspiao2DTac6vVgx4tGvjpdmw1R2pXBYhHD5rkPHlkf +GoeL3ak6hq4ea94Oy5VfNTIJv5MA0J2G1mwnW9B8uPWSM5EYPoWJyBOWcKBL +SSUqOt9D/9215ZGfbchkdRZjx0dTAD3FIhgG8nA72/uCFrBzyTk= + + + + + + + + 2008-07-14T15:51:35Z + + + + + inMYWBmAxMHP7mDENjLFaEtv0Zk= + + + CN=a-sign-Premium-Sig-02,OU=a-sign-Premium-Sig-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT + 132292 + + + + + + + + + + application/xhtml+xml + + + + + + \ No newline at end of file diff --git a/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_MultipleStartEvents.xml b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_MultipleStartEvents.xml new file mode 100644 index 00000000..2f492efa --- /dev/null +++ b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_MultipleStartEvents.xml @@ -0,0 +1,22 @@ + + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_NoStartEvents.xml b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_NoStartEvents.xml new file mode 100644 index 00000000..3a5b9527 --- /dev/null +++ b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_NoStartEvents.xml @@ -0,0 +1,16 @@ + + + + + + + + + + + + diff --git a/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionLoop.xml b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionLoop.xml new file mode 100644 index 00000000..541f7e2b --- /dev/null +++ b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionLoop.xml @@ -0,0 +1,21 @@ + + + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionRefsTransition.xml b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionRefsTransition.xml new file mode 100644 index 00000000..4b7a55e4 --- /dev/null +++ b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionRefsTransition.xml @@ -0,0 +1,19 @@ + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionStartsFromEndEvent.xml b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionStartsFromEndEvent.xml new file mode 100644 index 00000000..795990a1 --- /dev/null +++ b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionStartsFromEndEvent.xml @@ -0,0 +1,19 @@ + + + + + + + + + + + + + + + diff --git a/eaaf_core/src/test/resources/process/test/SampleProcessDefinition1.xml b/eaaf_core/src/test/resources/process/test/SampleProcessDefinition1.xml new file mode 100644 index 00000000..67134393 --- /dev/null +++ b/eaaf_core/src/test/resources/process/test/SampleProcessDefinition1.xml @@ -0,0 +1,18 @@ + + + + + + + + + + + + + + diff --git a/eaaf_core/src/test/resources/process/test/SampleProcessDefinition2.xml b/eaaf_core/src/test/resources/process/test/SampleProcessDefinition2.xml new file mode 100644 index 00000000..51601331 --- /dev/null +++ b/eaaf_core/src/test/resources/process/test/SampleProcessDefinition2.xml @@ -0,0 +1,21 @@ + + + + + + + + + + + + + + + + + diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml new file mode 100644 index 00000000..57d190eb --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml @@ -0,0 +1,94 @@ + + + + + 4.0.0 + + at.gv.egiz.eaaf + eaaf_modules + 1.x + + eaaf_module_pvp2_core + ${egiz.eaaf.version} + eaaf_module_pvp2_core + http://maven.apache.org + + UTF-8 + + + + at.gv.egiz.eaaf + eaaf-core + ${egiz.eaaf.version} + + + + org.opensaml + opensaml + + + org.opensaml + xmltooling + + + org.opensaml + openws + + + org.apache.santuario + xmlsec + + + org.owasp.esapi + esapi + + + javax.servlet + javax.servlet-api + provided + + + + + junit + junit + test + + + + + eaaf_module_pvp2_core + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.7.0 + + 1.8 + 1.8 + + + + + + maven-surefire-plugin + ${surefire.version} + + 1 + --add-modules java.xml.bind + + + + org.apache.maven.surefire + surefire-junit47 + ${surefire.version} + + + + + + + diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVP2SProfileCoreSpringResourceProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVP2SProfileCoreSpringResourceProvider.java new file mode 100644 index 00000000..cfb88e87 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVP2SProfileCoreSpringResourceProvider.java @@ -0,0 +1,30 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +public class PVP2SProfileCoreSpringResourceProvider implements SpringResourceProvider { + + @Override + public String getName() { + return "EAAF PVP2 S-Profile Core SpringResourceProvider"; + } + + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource sl20AuthConfig = new ClassPathResource("/eaaf_pvp.beans.xml", PVP2SProfileCoreSpringResourceProvider.class); + + return new Resource[] {sl20AuthConfig}; + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java new file mode 100644 index 00000000..f5b7baa8 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java @@ -0,0 +1,107 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.opensaml.xml.encryption.EncryptionConstants; +import org.opensaml.xml.signature.SignatureConstants; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.impl.data.Trible; + +public interface PVPConstants extends PVPAttributeDefinitions { + + public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256; + public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256; + public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256; + public static final String DEFAULT_ASYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP; + + public static final String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category"; + public static final String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken"; + public static final String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken"; + + @Deprecated + public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/"; + + public static final String REDIRECT = "Redirect"; + public static final String POST = "Post"; + public static final String SOAP = "Soap"; + public static final String METADATA = "Metadata"; + public static final String ATTRIBUTEQUERY = "AttributeQuery"; + public static final String SINGLELOGOUT = "SingleLogOut"; + + /** + * + * Get required PVP attributes for egovtoken + * First : PVP attribute name (OID) + * Second: FriendlyName + * Third: Required + * + */ + public static final List> EGOVTOKEN_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + //currently supported attributes + add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); + add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true)); + + //currently not supported attributes + add(Trible.newInstance(USERID_NAME, USERID_FRIENDLY_NAME, false)); + add(Trible.newInstance(GID_NAME, GID_FRIENDLY_NAME, false)); + add(Trible.newInstance(PARTICIPANT_ID_NAME, PARTICIPANT_ID_FRIENDLY_NAME, false)); + add(Trible.newInstance(OU_GV_OU_ID_NAME, OU_GV_OU_ID_FRIENDLY_NAME, false)); + add(Trible.newInstance(OU_NAME, OU_FRIENDLY_NAME, false)); + add(Trible.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false)); + + + } + }); + + /** + * + * Get required PVP attributes for citizenToken + * First : PVP attribute name (OID) + * Second: FriendlyName + * Third: Required + * + */ + public static final List> CITIZENTOKEN_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + //required attributes - eIDAS minimal-data set + add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); + add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true)); + add(Trible.newInstance(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true)); + add(Trible.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true)); + add(Trible.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true)); + + + //not required attributes + add(Trible.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false)); + add(Trible.newInstance(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false)); + add(Trible.newInstance(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_TYPE_OID_NAME, MANDATE_TYPE_OID_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false)); + + + + } + }); + + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPEventConstants.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPEventConstants.java new file mode 100644 index 00000000..9b620a04 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPEventConstants.java @@ -0,0 +1,11 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2; + +public class PVPEventConstants { + + //TODO!!! + public static final int AUTHPROTOCOL_PVP_METADATA = 3100; + public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST = 3101; + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java new file mode 100644 index 00000000..28ccd7e0 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java @@ -0,0 +1,26 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.api; + +import java.util.List; + +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.Organization; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + +public interface IPVP2BasicConfiguration { + + public String getIDPEntityId(String authURL) throws EAAFException; + + public String getIDPSSOPostService(String authURL) throws EAAFException; + + public String getIDPSSORedirectService(String authURL) throws EAAFException; + + public Object getIDPSSOSOAPService(String extractAuthURLFromRequest) throws EAAFException; + + public List getIDPContacts() throws EAAFException; + + public Organization getIDPOrganisation() throws EAAFException; + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java new file mode 100644 index 00000000..959ad747 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java @@ -0,0 +1,25 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.api.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.binding.decoding.URIComparator; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.xml.security.SecurityException; + +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + + +public interface IDecoder { + public InboundMessageInterface decode(HttpServletRequest req, + HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) + throws MessageDecodingException, SecurityException, PVP2Exception; + + public boolean handleDecode(String action, HttpServletRequest req); + + public String getSAML2BindingName(); +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java new file mode 100644 index 00000000..a4475f20 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java @@ -0,0 +1,51 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.api.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + +public interface IEncoder { + + /** + * + * @param req The http request + * @param resp The http response + * @param request The SAML2 request object + * @param targetLocation URL, where the request should be transmit + * @param relayState token for session handling + * @param credentials Credential to sign the request object + * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null + * @throws MessageEncodingException + * @throws SecurityException + * @throws PVP2Exception + */ + public void encodeRequest(HttpServletRequest req, + HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) + throws MessageEncodingException, SecurityException, PVP2Exception; + + /** + * Encoder SAML Response + * @param req The http request + * @param resp The http response + * @param response The SAML2 repsonse object + * @param targetLocation URL, where the request should be transmit + * @param relayState token for session handling + * @param credentials Credential to sign the response object + * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null + * @throws MessageEncodingException + * @throws SecurityException + */ + public void encodeRespone(HttpServletRequest req, + HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) + throws MessageEncodingException, SecurityException, PVP2Exception; +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java new file mode 100644 index 00000000..00edb1bf --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java @@ -0,0 +1,18 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.api.message; + +import org.w3c.dom.Element; + +/** + * @author tlenz + * + */ +public interface InboundMessageInterface { + + public String getRelayState(); + public String getEntityID(); + public boolean isVerified(); + public Element getInboundMessage(); + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java new file mode 100644 index 00000000..218e5171 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java @@ -0,0 +1,218 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.api.metadata; + +import java.util.List; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; + +/** + * @author tlenz + * + */ +public interface IPVPMetadataBuilderConfiguration { + + + /** + * Defines a unique name for this PVP Service-provider, which is used for logging + * + * @return + */ + public String getSPNameForLogging(); + + /** + * Set metadata valid area + * + * @return valid until in hours [h] + */ + public int getMetadataValidUntil(); + + /** + * Build a SAML2 Entities element as metadata root element + * + * @return true, if the metadata should start with entities element + */ + public boolean buildEntitiesDescriptorAsRootElement(); + + /** + * + * + * @return true, if an IDP SSO-descriptor element should be generated + */ + public boolean buildIDPSSODescriptor(); + + /** + * + * + * @return true, if an SP SSO-descriptor element should be generated + */ + public boolean buildSPSSODescriptor(); + + /** + * Set the PVP entityID for this SAML2 metadata. + * The entityID must be an URL and must be start with the public-URL prefix of the server + * + * @return PVP entityID postfix as String + */ + public String getEntityID(); + + /** + * Set a friendlyName for this PVP entity + * + * @return + */ + public String getEntityFriendlyName(); + + /** + * Set the contact information for this metadata entity + * + * @return + */ + public List getContactPersonInformation(); + + /** + * Set organisation information for this metadata entity + * + * @return + */ + public Organization getOrgansiationInformation(); + + + /** + * Set the credential for metadata signing + * + * @return + * @throws CredentialsNotAvailableException + */ + public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException; + + /** + * Set the credential for request/response signing + * IDP metadata: this credential is used for SAML2 response signing + * SP metadata: this credential is used for SAML2 response signing + * + * @return + * @throws CredentialsNotAvailableException + */ + public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException; + + /** + * Set the credential for response encryption + * + * @return + * @throws CredentialsNotAvailableException + */ + public Credential getEncryptionCredentials() throws CredentialsNotAvailableException; + + /** + * Set the IDP Post-Binding URL for WebSSO + * + * @return + */ + public String getIDPWebSSOPostBindingURL(); + + /** + * Set the IDP Redirect-Binding URL for WebSSO + * + * @return + */ + public String getIDPWebSSORedirectBindingURL(); + + /** + * Set the IDP Post-Binding URL for Single LogOut + * + * @return + */ + public String getIDPSLOPostBindingURL(); + + /** + * Set the IDP Redirect-Binding URL for Single LogOut + * + * @return + */ + public String getIDPSLORedirectBindingURL(); + + /** + * Set the SP Post-Binding URL for for the Assertion-Consumer Service + * + * @return + */ + public String getSPAssertionConsumerServicePostBindingURL(); + + /** + * Set the SP Redirect-Binding URL for the Assertion-Consumer Service + * + * @return + */ + public String getSPAssertionConsumerServiceRedirectBindingURL(); + + /** + * Set the SP Post-Binding URL for Single LogOut + * + * @return + */ + public String getSPSLOPostBindingURL(); + + /** + * Set the SP Redirect-Binding URL for Single LogOut + * + * @return + */ + public String getSPSLORedirectBindingURL(); + + /** + * Set the SP SOAP-Binding URL for Single LogOut + * + * @return + */ + public String getSPSLOSOAPBindingURL(); + + + /** + * Set all SAML2 attributes which could be provided by this IDP + * + * @return + */ + public List getIDPPossibleAttributes(); + + /** + * Set all nameID types which could be provided by this IDP + * + * @return a List of SAML2 nameID types + */ + public List getIDPPossibleNameITTypes(); + + /** + * Set all SAML2 attributes which are required by the SP + * + * @return + */ + public List getSPRequiredAttributes(); + + /** + * Set all nameID types which allowed from the SP + * + * @return a List of SAML2 nameID types + */ + public List getSPAllowedNameITTypes(); + + /** + * Set the 'wantAssertionSigned' attribute in SP metadata + * + * @return + */ + public boolean wantAssertionSigned(); + + /** + * Set the 'wantAuthnRequestSigned' attribute + * + * @return + */ + public boolean wantAuthnRequestSigned(); +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java new file mode 100644 index 00000000..7492c0ff --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java @@ -0,0 +1,11 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.api.metadata; + +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; + +public interface IPVPMetadataConfigurationFactory { + + public IPVPMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authURL, AbstractCredentialProvider pvpIDPCredentials); + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java new file mode 100644 index 00000000..4c721d45 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java @@ -0,0 +1,37 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.api.metadata; + +import java.util.List; + +import javax.xml.namespace.QName; + +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.XMLObject; + +public interface IPVPMetadataProvider extends MetadataProvider { + + boolean requireValidMetadata(); + + void setRequireValidMetadata(boolean requireValidMetadata); + + MetadataFilter getMetadataFilter(); + + void setMetadataFilter(MetadataFilter newFilter) throws MetadataProviderException; + + XMLObject getMetadata() throws MetadataProviderException; + + EntitiesDescriptor getEntitiesDescriptor(String entitiesID) throws MetadataProviderException; + + EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException; + + List getRole(String entityID, QName roleName) throws MetadataProviderException; + + RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol) throws MetadataProviderException; + +} \ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java new file mode 100644 index 00000000..07321e0c --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java @@ -0,0 +1,18 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.api.metadata; + +/** + * @author tlenz + * + */ +public interface IRefreshableMetadataProvider { + + /** + * Refresh a entity or load a entity in a metadata provider + * + * @param entityID + * @return true, if refresh is success, otherwise false + */ + public boolean refreshMetadataProvider(String entityID); +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java new file mode 100644 index 00000000..a13a0bac --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java @@ -0,0 +1,11 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.api.validation; + +import org.opensaml.saml2.core.RequestAbstractType; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + +public interface ISAMLValidator { + public void validateRequest(RequestAbstractType request) throws EAAFException; +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java new file mode 100644 index 00000000..5388d446 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java @@ -0,0 +1,24 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.exception; + +/** + * @author tlenz + * + */ +public class AttributQueryException extends PVP2Exception { + + /** + * + */ + private static final long serialVersionUID = -4302422507173728748L; + + public AttributQueryException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + public AttributQueryException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java new file mode 100644 index 00000000..e230d490 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java @@ -0,0 +1,21 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.exception; + +import org.opensaml.saml2.core.StatusCode; + +public class BindingNotSupportedException extends PVP2Exception { + + public BindingNotSupportedException(String binding) { + super("pvp2.11", new Object[] {binding}); + this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI; + } + + /** + * + */ + private static final long serialVersionUID = -7227603941387879360L; + + + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java new file mode 100644 index 00000000..f477b67b --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java @@ -0,0 +1,24 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.exception; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + +public class CredentialsNotAvailableException extends EAAFException { + + public CredentialsNotAvailableException(String messageId, + Object[] parameters) { + super(messageId, parameters, messageId); + } + + public CredentialsNotAvailableException(String messageId, + Object[] parameters, Throwable e) { + super(messageId, parameters, e.getMessage(), e); + } + + /** + * + */ + private static final long serialVersionUID = -2564476345552842599L; + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java new file mode 100644 index 00000000..1ea49a49 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java @@ -0,0 +1,19 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.exception; + +import org.opensaml.saml2.core.StatusCode; + +public class InvalidDateFormatException extends PVP2Exception { + + public InvalidDateFormatException() { + super("pvp2.02", null); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + /** + * + */ + private static final long serialVersionUID = -6867976890237846085L; + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidPVPRequestException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidPVPRequestException.java new file mode 100644 index 00000000..31050425 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidPVPRequestException.java @@ -0,0 +1,16 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.exception; + +public class InvalidPVPRequestException extends PVP2Exception { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public InvalidPVPRequestException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIDFormatNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIDFormatNotSupportedException.java new file mode 100644 index 00000000..140ef179 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIDFormatNotSupportedException.java @@ -0,0 +1,22 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.exception; + +import org.opensaml.saml2.core.StatusCode; + +import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; + +public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException { + + public NameIDFormatNotSupportedException(String nameIDFormat) { + super("pvp2.12", new Object[] {nameIDFormat}, "NameID format not supported"); + statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI; + + } + + /** + * + */ + private static final long serialVersionUID = -2270762519437873336L; + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java new file mode 100644 index 00000000..bf528e5c --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java @@ -0,0 +1,19 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.exception; + +import org.opensaml.saml2.core.StatusCode; + +public class NoMetadataInformationException extends PVP2Exception { + + public NoMetadataInformationException() { + super("pvp2.15", null); + this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI; + } + + /** + * + */ + private static final long serialVersionUID = -4608068445208032193L; + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2Exception.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2Exception.java new file mode 100644 index 00000000..889bda2e --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2Exception.java @@ -0,0 +1,42 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.exception; + +import org.opensaml.saml2.core.StatusCode; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + +public abstract class PVP2Exception extends EAAFException { + //TODO:!!!!! + + protected String statusCodeValue = StatusCode.RESPONDER_URI; + protected String statusMessageValue = null; + + public PVP2Exception(String messageId, Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped.getMessage(), wrapped); + this.statusMessageValue = this.getMessage(); + } + + public PVP2Exception(String messageId, Object[] parameters) { + super(messageId, parameters, messageId); + this.statusMessageValue = this.getMessage(); + } + + + public String getStatusCodeValue() { + return (this.statusCodeValue); + } + + public String getStatusMessageValue() { + return (this.statusMessageValue); + } + + /** + * + */ + private static final long serialVersionUID = 7669537952484421069L; + + + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2MetadataException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2MetadataException.java new file mode 100644 index 00000000..f255a7e4 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2MetadataException.java @@ -0,0 +1,17 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.exception; + +public class PVP2MetadataException extends PVP2Exception { + + private static final long serialVersionUID = 1L; + + public PVP2MetadataException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + public PVP2MetadataException(String messageId, Object[] parameters, Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotAllowedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotAllowedException.java new file mode 100644 index 00000000..8b4e74d5 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotAllowedException.java @@ -0,0 +1,20 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.exception; + +import org.opensaml.saml2.core.StatusCode; + + +public class QAANotAllowedException extends PVP2Exception { + + public QAANotAllowedException(String qaa_auth, String qaa_request) { + super("pvp2.17", new Object[] {qaa_auth, qaa_request}); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + /** + * + */ + private static final long serialVersionUID = -3964192953884089323L; + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotSupportedException.java new file mode 100644 index 00000000..9eb44a61 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotSupportedException.java @@ -0,0 +1,20 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.exception; + +import org.opensaml.saml2.core.StatusCode; + + +public class QAANotSupportedException extends PVP2Exception { + + public QAANotSupportedException(String qaa) { + super("pvp2.05", new Object[] {qaa}); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + /** + * + */ + private static final long serialVersionUID = -3964192953884089323L; + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java new file mode 100644 index 00000000..de728f84 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java @@ -0,0 +1,32 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.exception; + +/** + * @author tlenz + * + */ +public class SchemaValidationException extends PVP2Exception { + + /** + * + */ + private static final long serialVersionUID = 1L; + + /** + * @param messageId + * @param parameters + */ + public SchemaValidationException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * @param messageId + * @param parameters + */ + public SchemaValidationException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java new file mode 100644 index 00000000..77d32f10 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java @@ -0,0 +1,38 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.exception; + +import org.opensaml.saml2.metadata.provider.FilterException; + +/** + * @author tlenz + * + */ +public class SignatureValidationException extends FilterException { + + /** + * @param string + */ + public SignatureValidationException(String string) { + super(string); + + } + + /** + * @param e + */ + public SignatureValidationException(Exception e) { + super(e); + } + + /** + * @param string + * @param object + */ + public SignatureValidationException(String string, Exception e) { + super(string, e); + } + + private static final long serialVersionUID = 1L; + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java new file mode 100644 index 00000000..4bcbed19 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java @@ -0,0 +1,211 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.binding.decoding.URIComparator; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.security.SecurityPolicyResolver; +import org.opensaml.ws.security.provider.BasicSecurityPolicy; +import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; +import at.gv.egiz.eaaf.modules.pvp2.PVPConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.HTTPPostEncoderWithOwnTemplate; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PVPSignedRequestPolicyRule; + +@Service("PVPPOSTBinding") +public class PostBinding implements IDecoder, IEncoder { + private static final Logger log = LoggerFactory.getLogger(PostBinding.class); + + @Autowired(required=true) IConfiguration authConfig; + @Autowired(required=true) IGUIFormBuilder guiBuilder; + @Autowired(required=true) IGUIBuilderConfigurationFactory guiConfigFactory; + + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, + RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) + throws MessageEncodingException, SecurityException { + + try { + //load default PVP security configurations + EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration(); + + //initialize POST binding encoder with template decoration + IGUIBuilderConfiguration guiConfig = guiConfigFactory.getSPSpecificSAML2PostConfiguration( + pendingReq, + "pvp_postbinding_template.html", + authConfig.getConfigurationRootDirectory()); + + HTTPPostEncoderWithOwnTemplate encoder = new HTTPPostEncoderWithOwnTemplate(guiConfig, guiBuilder, + VelocityProvider.getClassPathVelocityEngine()); + + //set OpenSAML2 process parameter into binding context dao + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext context = new BasicSAMLMessageContext(); + SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject(); + service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); + service.setLocation(targetLocation);; + + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(request); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(relayState); + + encoder.encode(context); + + } catch (Exception e) { + e.printStackTrace(); + throw new SecurityException(e); + } + } + + public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, + StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) + throws MessageEncodingException, SecurityException { + + try { + //load default PVP security configurations + EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration(); + + log.debug("create SAML POSTBinding response"); + + //initialize POST binding encoder with template decoration + IGUIBuilderConfiguration guiConfig = guiConfigFactory.getSPSpecificSAML2PostConfiguration( + pendingReq, + "pvp_postbinding_template.html", + authConfig.getConfigurationRootDirectory()); + HTTPPostEncoderWithOwnTemplate encoder = new HTTPPostEncoderWithOwnTemplate(guiConfig, guiBuilder, + VelocityProvider.getClassPathVelocityEngine()); + + //set OpenSAML2 process parameter into binding context dao + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext context = new BasicSAMLMessageContext(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + service.setLocation(targetLocation); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + // context.setOutboundMessage(authReq); + context.setOutboundSAMLMessage(response); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(relayState); + + encoder.encode(context); + + } catch (Exception e) { + e.printStackTrace(); + throw new SecurityException(e); + } + } + + public InboundMessageInterface decode(HttpServletRequest req, + HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException, + SecurityException { + + HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + //set metadata descriptor type + if (isSPEndPoint) { + messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + decode.setURIComparator(comparator); + + } else { + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + decode.setURIComparator(comparator); + } + + messageContext.setMetadataProvider(metadataProvider); + + //set security policy context + BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add( + new PVPSignedRequestPolicyRule(metadataProvider, + TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider), + messageContext.getPeerEntityRole())); + SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy); + messageContext.setSecurityPolicyResolver(secResolver); + + decode.decode(messageContext); + + InboundMessage msg = null; + if (messageContext.getInboundMessage() instanceof RequestAbstractType) { + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + msg = new PVPSProfileRequest(inboundMessage, getSAML2BindingName()); + msg.setEntityID(inboundMessage.getIssuer().getValue()); + + } else if (messageContext.getInboundMessage() instanceof StatusResponseType){ + StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage(); + msg = new PVPSProfileResponse(inboundMessage); + msg.setEntityID(inboundMessage.getIssuer().getValue()); + + } else + //create empty container if request type is unknown + msg = new InboundMessage(); + + if (messageContext.getPeerEntityMetadata() != null) + msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); + + else { + if (StringUtils.isEmpty(msg.getEntityID())) + log.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer()); + } + + + msg.setVerified(true); + msg.setRelayState(messageContext.getRelayState()); + + return msg; + } + + public boolean handleDecode(String action, HttpServletRequest req) { + return (req.getMethod().equals("POST") && action.equals(PVPConstants.POST)); + } + + public String getSAML2BindingName() { + return SAMLConstants.SAML2_POST_BINDING_URI; + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java new file mode 100644 index 00000000..949cbe57 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java @@ -0,0 +1,215 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.binding.decoding.URIComparator; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder; +import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; +import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.security.SecurityPolicyResolver; +import org.opensaml.ws.security.provider.BasicSecurityPolicy; +import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.modules.pvp2.PVPConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PVPAuthRequestSignedRole; + +@Service("PVPRedirectBinding") +public class RedirectBinding implements IDecoder, IEncoder { + + private static final Logger log = LoggerFactory.getLogger(RedirectBinding.class); + + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, + RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) + throws MessageEncodingException, SecurityException { + + //load default PVP security configurations + EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration(); + + log.debug("create SAML RedirectBinding response"); + + HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext context = new BasicSAMLMessageContext(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(targetLocation); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(request); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(relayState); + + encoder.encode(context); + } + + public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, + StatusResponseType response, String targetLocation, String relayState, + Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException { + + //load default PVP security configurations + EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration(); + + log.debug("create SAML RedirectBinding response"); + + HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext context = new BasicSAMLMessageContext(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(targetLocation); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(response); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(relayState); + + encoder.encode(context); + + } + + public InboundMessageInterface decode(HttpServletRequest req, + HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException, + SecurityException { + + HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( + new BasicParserPool()); + + BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + + //set metadata descriptor type + if (isSPEndPoint) { + messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + decode.setURIComparator(comparator); + + } else { + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + decode.setURIComparator(comparator); + } + + messageContext.setMetadataProvider(metadataProvider); + + SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( + TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); + PVPAuthRequestSignedRole signedRole = new PVPAuthRequestSignedRole(); + BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add(signedRole); + policy.getPolicyRules().add(signatureRule); + SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( + policy); + messageContext.setSecurityPolicyResolver(resolver); + + //set metadata descriptor type + if (isSPEndPoint) + messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + else + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + try { + decode.decode(messageContext); + + //check signature + signatureRule.evaluate(messageContext); + + } catch (SecurityException e) { + if (StringUtils.isEmpty(messageContext.getInboundMessageIssuer())) { + throw e; + + } + + if (metadataProvider instanceof IRefreshableMetadataProvider) { + log.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + messageContext.getInboundMessageIssuer()); + if (!((IRefreshableMetadataProvider) metadataProvider).refreshMetadataProvider(messageContext.getInboundMessageIssuer())) + throw e; + + else { + log.trace("PVP2X metadata reload finished. Check validate message again."); + decode.decode(messageContext); + + //check signature + signatureRule.evaluate(messageContext); + + } + log.trace("Second PVP2X message validation finished"); + + } else { + throw e; + + } + } + + InboundMessage msg = null; + if (messageContext.getInboundMessage() instanceof RequestAbstractType) { + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + msg = new PVPSProfileRequest(inboundMessage, getSAML2BindingName()); + + + } else if (messageContext.getInboundMessage() instanceof StatusResponseType){ + StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage(); + msg = new PVPSProfileResponse(inboundMessage); + + } else + //create empty container if request type is unknown + msg = new InboundMessage(); + + if (messageContext.getPeerEntityMetadata() != null) + msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); + + else + log.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer()); + + msg.setVerified(true); + msg.setRelayState(messageContext.getRelayState()); + + return msg; + } + + public boolean handleDecode(String action, HttpServletRequest req) { + return ((action.equals(PVPConstants.REDIRECT) || action.equals(PVPConstants.SINGLELOGOUT)) + && req.getMethod().equals("GET")); + } + + public String getSAML2BindingName() { + return SAMLConstants.SAML2_REDIRECT_BINDING_URI; + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java new file mode 100644 index 00000000..2c2e0d77 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java @@ -0,0 +1,148 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.binding; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.binding.decoding.URIComparator; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.soap.soap11.Envelope; +import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.signature.SignableXMLObject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.modules.pvp2.PVPConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap; + +@Service("PVPSOAPBinding") +public class SoapBinding implements IDecoder, IEncoder { + + private static final Logger log = LoggerFactory.getLogger(SoapBinding.class); + public InboundMessageInterface decode(HttpServletRequest req, + HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException, + SecurityException, PVP2Exception { + HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool()); + BasicSAMLMessageContext messageContext = + new BasicSAMLMessageContext(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter( + req)); + messageContext.setMetadataProvider(metadataProvider); + + //TODO: update in a futher version: + // requires a special SignedSOAPRequestPolicyRole because + // messageContext.getInboundMessage() is not directly signed + + //set security context +// BasicSecurityPolicy policy = new BasicSecurityPolicy(); +// policy.getPolicyRules().add( +// new MOAPVPSignedRequestPolicyRule( +// TrustEngineFactory.getSignatureKnownKeysTrustEngine(), +// SPSSODescriptor.DEFAULT_ELEMENT_NAME)); +// SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( +// policy); +// messageContext.setSecurityPolicyResolver(resolver); + + //decode message + soapDecoder.decode(messageContext); + + Envelope inboundMessage = (Envelope) messageContext + .getInboundMessage(); + + if (inboundMessage.getBody() != null) { + List xmlElemList = inboundMessage.getBody().getUnknownXMLObjects(); + + if (!xmlElemList.isEmpty()) { + SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0); + PVPSProfileRequest request = new PVPSProfileRequest(attrReq, getSAML2BindingName()); + + if (messageContext.getPeerEntityMetadata() != null) + request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); + + else if (attrReq instanceof RequestAbstractType) { + RequestAbstractType attributeRequest = (RequestAbstractType) attrReq; + try { + if (StringUtils.isNotEmpty(attributeRequest.getIssuer().getValue()) && + metadataProvider.getRole( + attributeRequest.getIssuer().getValue(), + SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null) + request.setEntityID(attributeRequest.getIssuer().getValue()); + + } catch (Exception e) { + log.warn("No Metadata found with EntityID " + attributeRequest.getIssuer().getValue()); + } + } + + request.setVerified(false); + return request; + + } + } + + log.error("Receive empty PVP 2.1 attributequery request."); + throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null); + } + + public boolean handleDecode(String action, HttpServletRequest req) { + return (req.getMethod().equals("POST") && + (action.equals(PVPConstants.SOAP) || action.equals(PVPConstants.ATTRIBUTEQUERY))); + } + + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, + RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) + throws MessageEncodingException, SecurityException, PVP2Exception { + + } + + public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, + StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) + throws MessageEncodingException, SecurityException, PVP2Exception { + + //load default PVP security configurations + EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration(); + + HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext context = new BasicSAMLMessageContext(); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setOutboundSAMLMessage(response); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + + } + + public String getSAML2BindingName() { + return SAMLConstants.SAML2_SOAP11_BINDING_URI; + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java new file mode 100644 index 00000000..abc47e81 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java @@ -0,0 +1,97 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.builder; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeValue; +import org.opensaml.xml.Configuration; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.schema.XSInteger; +import org.opensaml.xml.schema.XSString; +import org.opensaml.xml.schema.impl.XSIntegerBuilder; +import org.opensaml.xml.schema.impl.XSStringBuilder; + +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; + +public class CitizenTokenBuilder { + + public static XMLObject buildAttributeStringValue(String value) { + XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME); + XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME); + stringValue.setValue(value); + return stringValue; + } + + public static XMLObject buildAttributeIntegerValue(int value) { + XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME); + XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME); + integerValue.setValue(value); + return integerValue; + } + + public static Attribute buildStringAttribute(String friendlyName, + String name, String value) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.getAttributeValues().add(buildAttributeStringValue(value)); + return attribute; + } + + public static Attribute buildIntegerAttribute(String friendlyName, + String name, int value) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.getAttributeValues().add(buildAttributeIntegerValue(value)); + return attribute; + } + + public static Attribute buildPVPVersion(String value) { + return buildStringAttribute("PVP-VERSION", + "urn:oid:1.2.40.0.10.2.1.1.261.10", value); + } + + public static Attribute buildSecClass(int value) { + return buildIntegerAttribute("SECCLASS", + "", value); + } + + public static Attribute buildPrincipalName(String value) { + return buildStringAttribute("PRINCIPAL-NAME", + "urn:oid:1.2.40.0.10.2.1.1.261.20", value); + } + + public static Attribute buildGivenName(String value) { + return buildStringAttribute("GIVEN-NAME", + "urn:oid:2.5.4.42", value); + } + + public static Attribute buildBirthday(String value) { + return buildStringAttribute("BIRTHDATE", + "urn:oid:1.2.40.0.10.2.1.1.55", value); + } + + public static Attribute buildBPK(String value) { + return buildStringAttribute("BPK", + "urn:oid:1.2.40.0.10.2.1.1.149", value); + } + + public static Attribute buildEID_CITIZEN_QAALEVEL(int value) { + return buildIntegerAttribute("EID-CITIZEN-QAA-LEVEL", + "urn:oid:1.2.40.0.10.2.1.1.261.94", value); + } + + public static Attribute buildEID_ISSUING_NATION(String value) { + return buildStringAttribute("EID-ISSUING-NATION", + "urn:oid:1.2.40.0.10.2.1.1.261.32", value); + } + + public static Attribute buildEID_SECTOR_FOR_IDENTIFIER(String value) { + return buildStringAttribute("EID-SECTOR-FOR-IDENTIFIER", + "urn:oid:1.2.40.0.10.2.1.1.261.34", value); + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java new file mode 100644 index 00000000..41623f3d --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java @@ -0,0 +1,186 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.builder; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.ServiceLoader; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidDateFormatException; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; + +public class PVPAttributeBuilder { + + private static final Logger log = LoggerFactory.getLogger(PVPAttributeBuilder.class); + + private static IAttributeGenerator generator = new SamlAttributeGenerator(); + private static HashMap builders; + + private static ServiceLoader attributBuilderLoader = + ServiceLoader.load(IAttributeBuilder.class); + + private static void addBuilder(IAttributeBuilder builder) { + builders.put(builder.getName(), builder); + } + + static { + builders = new HashMap(); + + log.info("Loading protocol attribut-builder modules:"); + if (attributBuilderLoader != null ) { + Iterator moduleLoaderInterator = attributBuilderLoader.iterator(); + while (moduleLoaderInterator.hasNext()) { + try { + IAttributeBuilder modul = moduleLoaderInterator.next(); + log.info("Loading attribut-builder Modul Information: " + modul.getName()); + addBuilder(modul); + + } catch(Throwable e) { + log.error("Check configuration! " + "Some attribute-builder modul" + + " is not a valid IAttributeBuilder", e); + } + } + } + + log.info("Loading attribute-builder modules done"); + + } + + + /** + * Get a specific attribute builder + * + * @param name Attribute-builder friendly name + * + * @return Attribute-builder with this name or null if builder does not exists + */ + public static IAttributeBuilder getAttributeBuilder(String name) { + return builders.get(name); + + } + + public static Attribute buildAttribute(String name, ISPConfiguration oaParam, + IAuthData authData) throws PVP2Exception, AttributeBuilderException { + if (builders.containsKey(name)) { + try { + return builders.get(name).build(oaParam, authData, generator); + } + catch (AttributeBuilderException e) { + if (e instanceof UnavailableAttributeException) { + throw e; + + } else if (e instanceof InvalidDateFormatAttributeException) { + throw new InvalidDateFormatException(); + + } else { + throw new UnavailableAttributeException(name); + + } + } + } + return null; + } + + public static Attribute buildEmptyAttribute(String name) { + if (builders.containsKey(name)) { + return builders.get(name).buildEmpty(generator); + } + return null; + } + + public static Attribute buildAttribute(String name, String value) { + if (builders.containsKey(name)) { + return builders.get(name).buildEmpty(generator); + } + return null; + } + + + + public static List buildSupportedEmptyAttributes() { + List attributes = new ArrayList(); + Iterator builderIt = builders.values().iterator(); + while (builderIt.hasNext()) { + IAttributeBuilder builder = builderIt.next(); + Attribute emptyAttribute = builder.buildEmpty(generator); + if (emptyAttribute != null) { + attributes.add(emptyAttribute); + } + } + return attributes; + } + + public static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) { + RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class); + attribute.setIsRequired(required); + attribute.setName(name); + attribute.setFriendlyName(friendlyName); + attribute.setNameFormat(Attribute.URI_REFERENCE); + return attribute; + } + + /** + * Build a set of PVP Response-Attributes + *

+ * INFO: If a specific attribute can not be build, a info is logged, but no execpetion is thrown. + * Therefore, the return List must not include all requested attributes. + * + * @param authData AuthenticationData IAuthData which is used to build the attribute values, but never null + * @param reqAttributenName List of PVP attribute names which are requested, but never null + * @return List of PVP attributes, but never null + */ + public static List buildSetOfResponseAttributes(IAuthData authData, + Collection reqAttributenName) { + List attrList = new ArrayList(); + if (reqAttributenName != null) { + Iterator it = reqAttributenName.iterator(); + while (it.hasNext()) { + String reqAttributName = it.next(); + try { + Attribute attr = PVPAttributeBuilder.buildAttribute( + reqAttributName, null, authData); + if (attr == null) { + log.info( + "Attribute generation failed! for " + + reqAttributName); + + } else { + attrList.add(attr); + + } + + } catch (PVP2Exception e) { + log.info( + "Attribute generation failed! for " + + reqAttributName); + + } catch (Exception e) { + log.warn( + "General Attribute generation failed! for " + + reqAttributName, e); + + } + } + } + + return attrList; + } + + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPMetadataBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPMetadataBuilder.java new file mode 100644 index 00000000..abfac305 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPMetadataBuilder.java @@ -0,0 +1,425 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.builder; + +import java.io.IOException; +import java.io.StringWriter; +import java.util.List; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.TransformerFactoryConfigurationError; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.apache.commons.httpclient.auth.CredentialsNotAvailableException; +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.opensaml.Configuration; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.saml2.metadata.KeyDescriptor; +import org.opensaml.saml2.metadata.LocalizedString; +import org.opensaml.saml2.metadata.NameIDFormat; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.ServiceName; +import org.opensaml.saml2.metadata.SingleLogoutService; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.SecurityHelper; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; +import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureException; +import org.opensaml.xml.signature.Signer; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; +import org.w3c.dom.Document; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; + +/** + * @author tlenz + * + */ + +@Service("PVPMetadataBuilder") +public class PVPMetadataBuilder { + + private static final Logger log = LoggerFactory.getLogger(PVPMetadataBuilder.class); + + X509KeyInfoGeneratorFactory keyInfoFactory = null; + + /** + * + */ + public PVPMetadataBuilder() { + keyInfoFactory = new X509KeyInfoGeneratorFactory(); + keyInfoFactory.setEmitEntityIDAsKeyName(true); + keyInfoFactory.setEmitEntityCertificate(true); + + } + + + /** + * + * Build PVP 2.1 conform SAML2 metadata + * + * @param config + * PVPMetadataBuilder configuration + * + * @return PVP metadata as XML String + * @throws SecurityException + * @throws ConfigurationException + * @throws CredentialsNotAvailableException + * @throws TransformerFactoryConfigurationError + * @throws MarshallingException + * @throws TransformerException + * @throws ParserConfigurationException + * @throws IOException + * @throws SignatureException + */ + public String buildPVPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, EAAFException, SecurityException, TransformerFactoryConfigurationError, MarshallingException, TransformerException, ParserConfigurationException, IOException, SignatureException { + DateTime date = new DateTime(); + EntityDescriptor entityDescriptor = SAML2Utils + .createSAMLObject(EntityDescriptor.class); + + //set entityID + entityDescriptor.setEntityID(config.getEntityID()); + + //set contact and organisation information + List contactPersons = config.getContactPersonInformation(); + if (contactPersons != null) + entityDescriptor.getContactPersons().addAll(contactPersons); + + Organization organisation = config.getOrgansiationInformation(); + if (organisation != null) + entityDescriptor.setOrganization(organisation); + + //set IDP metadata + if (config.buildIDPSSODescriptor()) { + RoleDescriptor idpSSODesc = generateIDPMetadata(config); + if (idpSSODesc != null) + entityDescriptor.getRoleDescriptors().add(idpSSODesc); + + } + + //set SP metadata for interfederation + if (config.buildSPSSODescriptor()) { + RoleDescriptor spSSODesc = generateSPMetadata(config); + if (spSSODesc != null) + entityDescriptor.getRoleDescriptors().add(spSSODesc); + + } + + //set metadata signature parameters + Credential metadataSignCred = config.getMetadataSigningCredentials(); + Signature signature = AbstractCredentialProvider.getIDPSignature(metadataSignCred); + SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null); + + //initialize XML document builder + DocumentBuilder builder; + DocumentBuilderFactory factory = DocumentBuilderFactory + .newInstance(); + + builder = factory.newDocumentBuilder(); + Document document = builder.newDocument(); + + + //build entities descriptor + if (config.buildEntitiesDescriptorAsRootElement()) { + EntitiesDescriptor entitiesDescriptor = + SAML2Utils.createSAMLObject(EntitiesDescriptor.class); + entitiesDescriptor.setName(config.getEntityFriendlyName()); + entitiesDescriptor.setID(SAML2Utils.getSecureIdentifier()); + entitiesDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil())); + entitiesDescriptor.getEntityDescriptors().add(entityDescriptor); + + //load default PVP security configurations + EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration(); + entitiesDescriptor.setSignature(signature); + + + //marshall document + Marshaller out = Configuration.getMarshallerFactory() + .getMarshaller(entitiesDescriptor); + out.marshall(entitiesDescriptor, document); + + } else { + entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil())); + entityDescriptor.setID(SAML2Utils.getSecureIdentifier()); + + entityDescriptor.setSignature(signature); + + + + //marshall document + Marshaller out = Configuration.getMarshallerFactory() + .getMarshaller(entityDescriptor); + out.marshall(entityDescriptor, document); + + } + + //sign metadata + Signer.signObject(signature); + + //transform metadata object to XML string + Transformer transformer = TransformerFactory.newInstance() + .newTransformer(); + + StringWriter sw = new StringWriter(); + StreamResult sr = new StreamResult(sw); + DOMSource source = new DOMSource(document); + transformer.transform(source, sr); + sw.close(); + + return sw.toString(); + } + + + private RoleDescriptor generateSPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, SecurityException, EAAFException { + SPSSODescriptor spSSODescriptor = SAML2Utils.createSAMLObject(SPSSODescriptor.class); + spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + spSSODescriptor.setAuthnRequestsSigned(config.wantAuthnRequestSigned()); + spSSODescriptor.setWantAssertionsSigned(config.wantAssertionSigned()); + + KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); + + //Set AuthRequest Signing certificate + Credential authcredential = config.getRequestorResponseSigningCredentials(); + if (authcredential == null) { + log.warn("SP Metadata generation FAILED! --> Builder has NO request signing-credential. "); + return null; + + } else { + KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); + spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + } + + //Set assertion encryption credentials + Credential authEncCredential = config.getEncryptionCredentials(); + + if (authEncCredential != null) { + KeyDescriptor encryKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + encryKeyDescriptor.setUse(UsageType.ENCRYPTION); + encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); + spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); + + } else { + log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + + } + + //check nameID formates + if (config.getSPAllowedNameITTypes() == null || config.getSPAllowedNameITTypes().size() == 0) { + log.warn("SP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. "); + return null; + + } else { + for (String format : config.getSPAllowedNameITTypes()) { + NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + nameIDFormat.setFormat(format); + spSSODescriptor.getNameIDFormats().add(nameIDFormat); + + } + } + + + //add POST-Binding assertion consumer services + if (StringUtils.isNotEmpty(config.getSPAssertionConsumerServicePostBindingURL())) { + AssertionConsumerService postassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); + postassertionConsumerService.setIndex(0); + postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + postassertionConsumerService.setLocation(config.getSPAssertionConsumerServicePostBindingURL()); + postassertionConsumerService.setIsDefault(true); + spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); + + } + + //add POST-Binding assertion consumer services + if (StringUtils.isNotEmpty(config.getSPAssertionConsumerServiceRedirectBindingURL())) { + AssertionConsumerService redirectassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); + redirectassertionConsumerService.setIndex(1); + redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + redirectassertionConsumerService.setLocation(config.getSPAssertionConsumerServiceRedirectBindingURL()); + spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); + + } + + //validate WebSSO endpoints + if (spSSODescriptor.getAssertionConsumerServices().size() == 0) { + log.warn("SP Metadata generation FAILED! --> NO SAML2 AssertionConsumerService endpoint found. "); + return null; + + } + + //add POST-Binding SLO descriptor + if (StringUtils.isNotEmpty(config.getSPSLOPostBindingURL())) { + SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + postSLOService.setLocation(config.getSPSLOPostBindingURL()); + postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + spSSODescriptor.getSingleLogoutServices().add(postSLOService); + + } + + //add POST-Binding SLO descriptor + if (StringUtils.isNotEmpty(config.getSPSLORedirectBindingURL())) { + SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + redirectSLOService.setLocation(config.getSPSLORedirectBindingURL()); + redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + spSSODescriptor.getSingleLogoutServices().add(redirectSLOService); + + } + + //add POST-Binding SLO descriptor + if (StringUtils.isNotEmpty(config.getSPSLOSOAPBindingURL())) { + SingleLogoutService soapSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + soapSLOService.setLocation(config.getSPSLOSOAPBindingURL()); + soapSLOService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + spSSODescriptor.getSingleLogoutServices().add(soapSLOService); + + } + + + //add required attributes + List reqSPAttr = config.getSPRequiredAttributes(); + AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class); + + attributeService.setIndex(0); + attributeService.setIsDefault(true); + ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); + serviceName.setName(new LocalizedString("Default Service", "en")); + attributeService.getNames().add(serviceName); + + if (reqSPAttr != null && reqSPAttr.size() > 0) { + log.debug("Add " + reqSPAttr.size() + " attributes to SP metadata"); + attributeService.getRequestAttributes().addAll(reqSPAttr); + + } else { + log.debug("SP metadata contains NO requested attributes."); + + } + + spSSODescriptor.getAttributeConsumingServices().add(attributeService); + + return spSSODescriptor; + } + + private IDPSSODescriptor generateIDPMetadata(IPVPMetadataBuilderConfiguration config) throws EAAFException, CredentialsNotAvailableException, SecurityException { + //check response signing credential + Credential responseSignCred = config.getRequestorResponseSigningCredentials(); + if (responseSignCred == null) { + log.warn("IDP Metadata generation FAILED! --> Builder has NO Response signing credential. "); + return null; + + } + + //check nameID formates + if (config.getIDPPossibleNameITTypes() == null || config.getIDPPossibleNameITTypes().size() == 0) { + log.warn("IDP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. "); + return null; + + } + + // build SAML2 IDP-SSO descriptor element + IDPSSODescriptor idpSSODescriptor = SAML2Utils + .createSAMLObject(IDPSSODescriptor.class); + + idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + //set ass default value, because PVP 2.x specification defines this feature as MUST + idpSSODescriptor.setWantAuthnRequestsSigned(config.wantAuthnRequestSigned()); + + // add WebSSO descriptor for POST-Binding + if (StringUtils.isNotEmpty(config.getIDPWebSSOPostBindingURL())) { + SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class); + postSingleSignOnService.setLocation(config.getIDPWebSSOPostBindingURL()); + postSingleSignOnService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService); + + } + + // add WebSSO descriptor for Redirect-Binding + if (StringUtils.isNotEmpty(config.getIDPWebSSORedirectBindingURL())) { + SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class); + postSingleSignOnService.setLocation(config.getIDPWebSSORedirectBindingURL()); + postSingleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService); + + } + + //add Single LogOut POST-Binding endpoing + if (StringUtils.isNotEmpty(config.getIDPSLOPostBindingURL())) { + SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + postSLOService.setLocation(config.getIDPSLOPostBindingURL()); + postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + idpSSODescriptor.getSingleLogoutServices().add(postSLOService); + + } + + //add Single LogOut Redirect-Binding endpoing + if (StringUtils.isNotEmpty(config.getIDPSLORedirectBindingURL())) { + SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + redirectSLOService.setLocation(config.getIDPSLORedirectBindingURL()); + redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService); + + } + + //validate WebSSO endpoints + if (idpSSODescriptor.getSingleSignOnServices().size() == 0) { + log.warn("IDP Metadata generation FAILED! --> NO SAML2 SingleSignOnService endpoint found. "); + return null; + + } + + //set assertion signing key + KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(config.getRequestorResponseSigningCredentials())); + idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + //set IDP attribute set + idpSSODescriptor.getAttributes().addAll(config.getIDPPossibleAttributes()); + + //set providable nameID formats + for (String format : config.getIDPPossibleNameITTypes()) { + NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + nameIDFormat.setFormat(format); + idpSSODescriptor.getNameIDFormats().add(nameIDFormat); + + } + + return idpSSODescriptor; + + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java new file mode 100644 index 00000000..cb36f202 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java @@ -0,0 +1,68 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.builder; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeValue; +import org.opensaml.xml.Configuration; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.schema.XSInteger; +import org.opensaml.xml.schema.XSString; +import org.opensaml.xml.schema.impl.XSIntegerBuilder; +import org.opensaml.xml.schema.impl.XSStringBuilder; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; + +public class SamlAttributeGenerator implements IAttributeGenerator { + + private XMLObject buildAttributeStringValue(String value) { + XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME); + XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME); + stringValue.setValue(value); + return stringValue; + } + + private XMLObject buildAttributeIntegerValue(int value) { + XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME); + XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME); + integerValue.setValue(value); + return integerValue; + } + + public Attribute buildStringAttribute(final String friendlyName, final String name, final String value) { + Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.setNameFormat(Attribute.URI_REFERENCE); + attribute.getAttributeValues().add(buildAttributeStringValue(value)); + return attribute; + } + + public Attribute buildIntegerAttribute(final String friendlyName, final String name, final int value) { + Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.setNameFormat(Attribute.URI_REFERENCE); + attribute.getAttributeValues().add(buildAttributeIntegerValue(value)); + return attribute; + } + + public Attribute buildEmptyAttribute(final String friendlyName, final String name) { + Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.setNameFormat(Attribute.URI_REFERENCE); + return attribute; + } + + public Attribute buildLongAttribute(String friendlyName, String name, long value) { + Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.setNameFormat(Attribute.URI_REFERENCE); + attribute.getAttributeValues().add(buildAttributeIntegerValue((int) value)); + return attribute; + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java new file mode 100644 index 00000000..adc2b516 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java @@ -0,0 +1,99 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.message; + +import java.io.Serializable; + +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException; + +/** + * @author tlenz + * + */ +public class InboundMessage implements InboundMessageInterface, Serializable{ + private static final Logger log = LoggerFactory.getLogger(InboundMessage.class); + + private static final long serialVersionUID = 2395131650841669663L; + + private Element samlMessage = null; + private boolean verified = false; + private String entityID = null; + private String relayState = null; + + + public EntityDescriptor getEntityMetadata(IPVPMetadataProvider metadataProvider) throws NoMetadataInformationException { + try { + if (metadataProvider == null) + throw new NullPointerException("No PVP MetadataProvider found."); + + return metadataProvider.getEntityDescriptor(this.entityID); + + } catch (MetadataProviderException e) { + log.warn("No Metadata for EntitiyID " + entityID); + throw new NoMetadataInformationException(); + } + } + + /** + * @param entitiyID the entitiyID to set + */ + public void setEntityID(String entitiyID) { + this.entityID = entitiyID; + } + + public void setVerified(boolean verified) { + this.verified = verified; + } + + /** + * @param relayState the relayState to set + */ + public void setRelayState(String relayState) { + this.relayState = relayState; + } + + public void setSAMLMessage(Element msg) { + this.samlMessage = msg; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState() + */ + @Override + public String getRelayState() { + return relayState; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID() + */ + @Override + public String getEntityID() { + return entityID; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified() + */ + @Override + public boolean isVerified() { + return verified; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage() + */ + @Override + public Element getInboundMessage() { + return samlMessage; + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileRequest.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileRequest.java new file mode 100644 index 00000000..0a9a0c5b --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileRequest.java @@ -0,0 +1,45 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.message; + + +import org.opensaml.Configuration; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.opensaml.xml.io.UnmarshallingException; +import org.opensaml.xml.signature.SignableXMLObject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class PVPSProfileRequest extends InboundMessage{ + private static final Logger log = LoggerFactory.getLogger(PVPSProfileRequest.class); + + private static final long serialVersionUID = 8613921176727607896L; + + private String binding = null; + + public PVPSProfileRequest(SignableXMLObject inboundMessage, String binding) { + setSAMLMessage(inboundMessage.getDOM()); + this.binding = binding; + + } + + public String getRequestBinding() { + return binding; + } + + public SignableXMLObject getSamlRequest() { + UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); + Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage()); + + try { + return (SignableXMLObject) unmashaller.unmarshall(getInboundMessage()); + + } catch (UnmarshallingException e) { + log.warn("AuthnRequest Unmarshaller error", e); + return null; + } + + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileResponse.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileResponse.java new file mode 100644 index 00000000..6102e1c8 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileResponse.java @@ -0,0 +1,37 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.message; + +import org.opensaml.Configuration; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.opensaml.xml.io.UnmarshallingException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class PVPSProfileResponse extends InboundMessage { + + private static final Logger log = LoggerFactory.getLogger(PVPSProfileResponse.class); + + private static final long serialVersionUID = -1133012928130138501L; + + public PVPSProfileResponse(StatusResponseType response) { + setSAMLMessage(response.getDOM()); + } + + public StatusResponseType getResponse() { + UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); + Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage()); + + try { + return (StatusResponseType) unmashaller.unmarshall(getInboundMessage()); + + } catch (UnmarshallingException e) { + log.warn("AuthnResponse Unmarshaller error", e); + return null; + } + + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java new file mode 100644 index 00000000..c3eaa9a3 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java @@ -0,0 +1,446 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.metadata; + +import java.io.IOException; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Timer; + +import javax.xml.namespace.QName; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider; +import org.opensaml.xml.XMLObject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; + +public abstract class AbstractChainingMetadataProvider extends SimpleMetadataProvider + implements ObservableMetadataProvider, IGarbageCollectorProcessing, + IRefreshableMetadataProvider, IDestroyableObject, IPVPMetadataProvider { + + private static final Logger log = LoggerFactory.getLogger(AbstractChainingMetadataProvider.class); + + private MetadataProvider internalProvider = null; + private static Object mutex = new Object(); + private Timer timer = null; + + + public AbstractChainingMetadataProvider() { + internalProvider = new ChainingMetadataProvider(); + + } + + public final Timer getTimer() { + return this.timer; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector() + */ + @Override + public void runGarbageCollector() { + synchronized (mutex) { + /**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/ + try { + log.trace("Check consistence of PVP2X metadata"); + addAndRemoveMetadataProvider(); + + } catch (EAAFConfigurationException e) { + log.error("Access to MOA-ID configuration FAILED.", e); + + } + } + + } + + public void fullyDestroy() { + internalDestroy(); + + } + + @Override + public synchronized boolean refreshMetadataProvider(String entityID) { + try { + //check if metadata provider is already loaded + try { + if (internalProvider.getEntityDescriptor(entityID) != null) + return true; + + } catch (MetadataProviderException e) {} + + + //reload metadata provider + String metadataURL = getMetadataURL(entityID); + if (StringUtils.isNotEmpty(metadataURL)) { + Map actuallyLoadedProviders = getAllActuallyLoadedProviders(); + + // check if MetadataProvider is actually loaded + if (actuallyLoadedProviders.containsKey(metadataURL)) { + actuallyLoadedProviders.get(metadataURL).refresh(); + log.info("SAML2 metadata for service provider: " + + entityID + " is refreshed."); + return true; + + } else { + //load new Metadata Provider + if (timer == null) + timer = new Timer(true); + + ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; + chainProvider.addMetadataProvider(createNewMetadataProvider(entityID)); + + emitChangeEvent(); + log.info("SAML2 metadata for service provider: " + + entityID + " is added."); + return true; + + } + + } else + log.debug("Can not refresh SAML2 metadata: NO SAML2 metadata URL for SP with Id: " + entityID); + + } catch (MetadataProviderException e) { + log.warn("Refresh SAML2 metadata for service provider: " + + entityID + " FAILED.", e); + + } catch (IOException e) { + log.warn("Refresh SAML2 metadata for service provider: " + + entityID + " FAILED.", e); + + } catch (EAAFConfigurationException e) { + log.warn("Refresh SAML2 metadata for service provider: " + + entityID + " FAILED.", e); + + } catch (CertificateException e) { + log.warn("Refresh SAML2 metadata for service provider: " + + entityID + " FAILED.", e); + + } + + return false; + + } + + public void internalDestroy() { + if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) { + log.info("Destrorying PVP-Authentication MetaDataProvider."); + ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; + + List providers = chainProvider.getProviders(); + for (MetadataProvider provider : providers) { + if (provider instanceof HTTPMetadataProvider) { + HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider; + log.debug("Destroy HTTPMetadataProvider +" + httpprovider.getMetadataURI()); + httpprovider.destroy(); + + } else { + log.warn("MetadataProvider can not be destroyed."); + } + } + + internalProvider = new ChainingMetadataProvider(); + + if (timer != null) + timer.cancel(); + + } else { + log.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy"); + } + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#requireValidMetadata() + */ + @Override + public boolean requireValidMetadata() { + return internalProvider.requireValidMetadata(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setRequireValidMetadata(boolean) + */ + @Override + public void setRequireValidMetadata(boolean requireValidMetadata) { + internalProvider.setRequireValidMetadata(requireValidMetadata); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadataFilter() + */ + @Override + public MetadataFilter getMetadataFilter() { + return internalProvider.getMetadataFilter(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setMetadataFilter(org.opensaml.saml2.metadata.provider.MetadataFilter) + */ + @Override + public void setMetadataFilter(MetadataFilter newFilter) + throws MetadataProviderException { + internalProvider.setMetadataFilter(newFilter); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadata() + */ + @Override + public XMLObject getMetadata() throws MetadataProviderException { + return internalProvider.getMetadata(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntitiesDescriptor(java.lang.String) + */ + @Override + public EntitiesDescriptor getEntitiesDescriptor(String entitiesID) + throws MetadataProviderException { + EntitiesDescriptor entitiesDesc = null; + try { + entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID); + + if (entitiesDesc == null) { + log.debug("Can not find PVP metadata for entityID: " + entitiesID + + " Start refreshing process ..."); + if (refreshMetadataProvider(entitiesID)) + return internalProvider.getEntitiesDescriptor(entitiesID); + + } + + } catch (MetadataProviderException e) { + log.debug("Can not find PVP metadata for entityID: " + entitiesID + + " Start refreshing process ..."); + if (refreshMetadataProvider(entitiesID)) + return internalProvider.getEntitiesDescriptor(entitiesID); + + } + + return entitiesDesc; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntityDescriptor(java.lang.String) + */ + @Override + public EntityDescriptor getEntityDescriptor(String entityID) + throws MetadataProviderException { + EntityDescriptor entityDesc = null; + try { + entityDesc = internalProvider.getEntityDescriptor(entityID); + if (entityDesc == null) { + log.debug("Can not find PVP metadata for entityID: " + entityID + + " Start refreshing process ..."); + if (refreshMetadataProvider(entityID)) + return internalProvider.getEntityDescriptor(entityID); + + } + + } catch (MetadataProviderException e) { + log.debug("Can not find PVP metadata for entityID: " + entityID + + " Start refreshing process ..."); + if (refreshMetadataProvider(entityID)) + return internalProvider.getEntityDescriptor(entityID); + + } + +// if (entityDesc != null) +// lastAccess.put(entityID, new Date()); + + return entityDesc; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName) + */ + @Override + public List getRole(String entityID, QName roleName) + throws MetadataProviderException { + List result = internalProvider.getRole(entityID, roleName); + +// if (result != null) +// lastAccess.put(entityID, new Date()); + + return result; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName, java.lang.String) + */ + @Override + public RoleDescriptor getRole(String entityID, QName roleName, + String supportedProtocol) throws MetadataProviderException { + RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol); + +// if (result != null) +// lastAccess.put(entityID, new Date()); + + return result; + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers() + */ + @Override + public List getObservers() { + return ((ChainingMetadataProvider) internalProvider).getObservers(); + } + + + /** + * Get the URL to metadata for a specific entityID + * + * @param entityId + * @return + * @throws EAAFConfigurationException + */ + protected abstract String getMetadataURL(String entityId) throws EAAFConfigurationException; + + /** + * Creates a new implementation specific SAML2 metadata provider + * + * @param entityId + * @return + * @throws EAAFConfigurationException + * @throws IOException + * @throws CertificateException + * @throws ConfigurationException + */ + protected abstract MetadataProvider createNewMetadataProvider(String entityId) throws EAAFConfigurationException, IOException, CertificateException; + + /** + * Get a List of metadata URLs for all SAML2 SPs from configuration + * + * @throws EAAFConfigurationException + */ + protected abstract List getAllMetadataURLsFromConfiguration() throws EAAFConfigurationException; + + + protected void emitChangeEvent() { + if ((getObservers() == null) || (getObservers().size() == 0)) { + return; + } + + List tempObserverList = new ArrayList(getObservers()); + for (ObservableMetadataProvider.Observer observer : tempObserverList) + if (observer != null) + observer.onEvent(this); + } + + private Map getAllActuallyLoadedProviders() { + Map loadedproviders = new HashMap(); + ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; + + //make a Map of all actually loaded HTTPMetadataProvider + List providers = chainProvider.getProviders(); + for (MetadataProvider provider : providers) { + if (provider instanceof HTTPMetadataProvider) { + HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider; + loadedproviders.put(httpprovider.getMetadataURI(), httpprovider); + + } + } + + return loadedproviders; + } + + private void addAndRemoveMetadataProvider() throws EAAFConfigurationException { + if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) { + log.info("Reload MOAMetaDataProvider."); + + /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException) + *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/ + Map providersinuse = new HashMap(); + ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; + + //get all actually loaded metadata providers + Map loadedproviders = getAllActuallyLoadedProviders(); + + /* TODO: maybe add metadata provider destroy after timeout. + * But could be a problem if one Metadataprovider load an EntitiesDescriptor + * with more the multiple EntityDescriptors. If one of this EntityDesciptors + * are expired the full EntitiesDescriptor is removed. + * + * Timeout requires a better solution in this case! + */ + + //load all SAML2 SPs form configuration and + //compare actually loaded Providers with configured SAML2 SPs + List allMetadataURLs = getAllMetadataURLsFromConfiguration(); + + if (allMetadataURLs != null) { + Iterator metadataURLInterator = allMetadataURLs.iterator(); + while (metadataURLInterator.hasNext()) { + String metadataurl = metadataURLInterator.next(); + try { + if (StringUtils.isNotEmpty(metadataurl)) { + if (loadedproviders.containsKey(metadataurl)) { + // SAML2 SP is actually loaded, to nothing + providersinuse.put(metadataurl, loadedproviders.get(metadataurl)); + loadedproviders.remove(metadataurl); + + } + } + } catch (Throwable e) { + log.error( + "Failed to add Metadata (unhandled reason: " + e.getMessage(), e); + + } + } + } + + //remove all actually loaded MetadataProviders with are not in ConfigurationDB any more + Collection notusedproviders = loadedproviders.values(); + for (HTTPMetadataProvider provider : notusedproviders) { + String metadataurl = provider.getMetadataURI(); + try { + provider.destroy(); + + /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException) + *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/ + //chainProvider.removeMetadataProvider(provider); + log.info("Remove not used MetadataProvider with MetadataURL " + metadataurl); + + } catch (Throwable e) { + log.error("HTTPMetadataProvider with URL " + metadataurl + + " can not be removed from the list of actually loaded Providers.", e); + + } + + } + + try { + chainProvider.setProviders(new ArrayList(providersinuse.values())); + emitChangeEvent(); + + } catch (MetadataProviderException e) { + log.warn("ReInitalize AbstractMetaDataProvider is not possible! Service has to be restarted manualy", e); + + } + + } else + log.warn("ReInitalize AbstractMetaDataProvider is not possible! Service has to be restarted manualy"); + + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java new file mode 100644 index 00000000..37204520 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java @@ -0,0 +1,56 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.metadata; + +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + + +/** + * @author tlenz + * + */ +public class MetadataFilterChain implements MetadataFilter { + private static final Logger log = LoggerFactory.getLogger(MetadataFilterChain.class); + + + private List filters = new ArrayList(); + + /** + * Return all actually used Metadata filters + * + * @return List of Metadata filters + */ + public List getFilters() { + return filters; + } + + /** + * Add a new Metadata filter to filterchain + * + * @param filter + */ + public void addFilter(MetadataFilter filter) { + filters.add(filter); + } + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + */ + @Override + public void doFilter(XMLObject arg0) throws FilterException { + for (MetadataFilter filter : filters) { + log.trace("Use EAAFMetadataFilter " + filter.getClass().getName()); + filter.doFilter(arg0); + } + + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java new file mode 100644 index 00000000..0c6ffb49 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java @@ -0,0 +1,212 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.metadata; + +import java.io.File; +import java.net.MalformedURLException; +import java.util.Timer; + +import javax.net.ssl.SSLHandshakeException; + +import org.apache.commons.httpclient.HttpClient; +import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.xml.parse.ParserPool; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; + +/** + * @author tlenz + * + */ +public abstract class SimpleMetadataProvider implements MetadataProvider{ + private static final Logger log = LoggerFactory.getLogger(SimpleMetadataProvider.class); + + private static final String URI_PREFIX_HTTP = "http:"; + private static final String URI_PREFIX_HTTPS = "https:"; + private static final String URI_PREFIX_FILE = "file:"; + + + @Autowired + protected IConfiguration authConfig; + + + /** + * Create a single SAML2 metadata provider + * + * @param metadataLocation where the metadata should be loaded, but never null. If the location starts with http(s):, than a http + * based metadata provider is used. If the location starts with file:, than a filesystem based metadata provider is used + * @param filter Filters, which should be used to validate the metadata + * @param IdForLogging Id, which is used for Logging + * @param timer {@link Timer} which is used to schedule metadata refresh operations + * @param httpClient Apache commons 3.x http client + * + * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized + */ + protected MetadataProvider createNewSimpleMetadataProvider(String metadataLocation, MetadataFilter filter, + String IdForLogging, Timer timer, ParserPool pool, HttpClient httpClient) { + if (metadataLocation.startsWith(URI_PREFIX_HTTP) || metadataLocation.startsWith(URI_PREFIX_HTTPS)) { + if (httpClient != null) + return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool, httpClient); + + else { + log.warn("Can not load http(s) based SAML2 metadata without a HTTP client"); + return null; + } + + } else { + String absoluteMetadataLocation; + try { + absoluteMetadataLocation = FileUtils.makeAbsoluteURL( + metadataLocation, + authConfig.getConfigurationRootDirectory()); + + if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) { + File metadataFile = new File(absoluteMetadataLocation); + if (metadataFile.exists()) + return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool); + + else { + log.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist"); + return null; + } + + } + + + } catch (MalformedURLException e) { + log.warn("SAML2 metadata URL is invalid: " + metadataLocation, e); + + } + + } + + log.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation); + return null; + + } + + + /** + * Create a single SAML2 filesystem based metadata provider + * + * @param metadataFile File, where the metadata should be loaded + * @param filter Filters, which should be used to validate the metadata + * @param IdForLogging Id, which is used for Logging + * @param timer {@link Timer} which is used to schedule metadata refresh operations + * @param pool + * + * @return SAML2 Metadata Provider + */ + private MetadataProvider createNewFileSystemMetaDataProvider(File metadataFile, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) { + FilesystemMetadataProvider fileSystemProvider = null; + try { + fileSystemProvider = new FilesystemMetadataProvider(timer, metadataFile); + fileSystemProvider.setParserPool(pool); + fileSystemProvider.setRequireValidMetadata(true); + fileSystemProvider.setMinRefreshDelay(1000*60*15); //15 minutes + fileSystemProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours + //httpProvider.setRefreshDelayFactor(0.1F); + + fileSystemProvider.setMetadataFilter(filter); + fileSystemProvider.initialize(); + + fileSystemProvider.setRequireValidMetadata(true); + + return fileSystemProvider; + + } catch (Exception e) { + log.warn( + "Failed to load Metadata file for " + + IdForLogging + "[ " + + "File: " + metadataFile.getAbsolutePath() + + " Msg: " + e.getMessage() + " ]", e); + + + log.warn("Can not initialize SAML2 metadata provider from filesystem: " + metadataFile.getAbsolutePath() + + " Reason: " + e.getMessage(), e); + + if (fileSystemProvider != null) + fileSystemProvider.destroy(); + + } + + return null; + + } + + + + /** + * Create a single SAML2 HTTP metadata provider + * + * @param metadataURL URL, where the metadata should be loaded + * @param filter Filters, which should be used to validate the metadata + * @param IdForLogging Id, which is used for Logging + * @param timer {@link Timer} which is used to schedule metadata refresh operations + * @param pool + * + * @return SAML2 Metadata Provider + */ + private MetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool, HttpClient httpClient) { + HTTPMetadataProvider httpProvider = null; + try { + httpProvider = new HTTPMetadataProvider(timer, httpClient, + metadataURL); + httpProvider.setParserPool(pool); + httpProvider.setRequireValidMetadata(true); + httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes + httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours + //httpProvider.setRefreshDelayFactor(0.1F); + + httpProvider.setMetadataFilter(filter); + httpProvider.initialize(); + + httpProvider.setRequireValidMetadata(true); + + return httpProvider; + + } catch (Throwable e) { + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + log.warn("SSL-Server certificate for metadata " + + metadataURL + " not trusted.", e); + + } if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { + log.warn("Signature verification for metadata" + + metadataURL + " FAILED.", e); + + } if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { + log.warn("Schema validation for metadata " + + metadataURL + " FAILED.", e); + } + + log.warn( + "Failed to load Metadata file for " + + IdForLogging + "[ " + + e.getMessage() + " ]", e); + + if (httpProvider != null) { + log.debug("Destroy failed Metadata provider"); + httpProvider.destroy(); + } + +// if (timer != null) { +// log.debug("Destroy Timer."); +// timer.cancel(); +// } + + + } + + return null; + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HTTPPostEncoderWithOwnTemplate.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HTTPPostEncoderWithOwnTemplate.java new file mode 100644 index 00000000..d7491a88 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HTTPPostEncoderWithOwnTemplate.java @@ -0,0 +1,97 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStreamWriter; +import java.io.Writer; + +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.opensaml.common.binding.SAMLMessageContext; +import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.transport.http.HTTPOutTransport; +import org.opensaml.ws.transport.http.HTTPTransportUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; + +/** + * @author tlenz + * + */ +public class HTTPPostEncoderWithOwnTemplate extends HTTPPostEncoder { + private static final Logger log = LoggerFactory.getLogger(HTTPPostEncoderWithOwnTemplate.class); + + + private VelocityEngine velocityEngine; + private IGUIBuilderConfiguration guiConfig; + private IGUIFormBuilder guiBuilder; + + /** + * @param engine + * @param templateId + */ + public HTTPPostEncoderWithOwnTemplate(IGUIBuilderConfiguration guiConfig, IGUIFormBuilder guiBuilder, VelocityEngine engine) { + super(engine, null); + this.velocityEngine = engine; + this.guiConfig = guiConfig; + this.guiBuilder = guiBuilder; + + } + + /** + * Base64 and POST encodes the outbound message and writes it to the outbound transport. + * + * @param messageContext current message context + * @param endpointURL endpoint URL to which to encode message + * + * @throws MessageEncodingException thrown if there is a problem encoding the message + */ + protected void postEncode(SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException { + log.debug("Invoking Velocity template to create POST body"); + InputStream is = null; + try { + //build Velocity Context from GUI input paramters + VelocityContext context = guiBuilder.generateVelocityContextFromConfiguration(guiConfig); + + //load template + is = guiBuilder.getTemplateInputStream(guiConfig); + + //populate velocity context with SAML2 parameters + populateVelocityContext(context, messageContext, endpointURL); + + //populate transport parameter + HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport(); + HTTPTransportUtils.addNoCacheHeaders(outTransport); + HTTPTransportUtils.setUTF8Encoding(outTransport); + HTTPTransportUtils.setContentType(outTransport, "text/html"); + + //evaluate template and write content to response + Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8"); + velocityEngine.evaluate(context, out, "SAML2_POST_BINDING", new BufferedReader(new InputStreamReader(is))); + out.flush(); + + } catch (Exception e) { + log.error("Error invoking Velocity template", e); + throw new MessageEncodingException("Error creating output document", e); + + } finally { + if (is != null) { + try { + is.close(); + + } catch (IOException e) { + log.error("Can NOT close GUI-Template InputStream.", e); + } + } + + } + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java new file mode 100644 index 00000000..854a291e --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java @@ -0,0 +1,32 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml; + +import java.security.KeyStore; + +import org.opensaml.xml.security.x509.X509Credential; + + +/** + * @author tlenz + * + */ +public class KeyStoreX509CredentialAdapter extends + org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter { + + /** + * @param store + * @param alias + * @param password + */ + public KeyStoreX509CredentialAdapter(KeyStore store, String alias, + char[] password) { + super(store, alias, password); + } + + public Class getCredentialType() { + return X509Credential.class; + } + + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java new file mode 100644 index 00000000..8d0634fb --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java @@ -0,0 +1,57 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml; + +import org.opensaml.common.binding.SAMLMessageContext; +import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; +import org.opensaml.ws.message.MessageContext; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap; + +/** + * @author tlenz + * + */ +public class StringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder { + private static final Logger log = LoggerFactory.getLogger(StringRedirectDeflateEncoder.class); + + private String redirectURL = null; + + public void encode(MessageContext messageContext) + throws MessageEncodingException { + if (!(messageContext instanceof SAMLMessageContext)) { + log.error("Invalid message context type, this encoder only support SAMLMessageContext"); + throw new MessageEncodingException( + "Invalid message context type, this encoder only support SAMLMessageContext"); + } + + //load default PVP security configurations + EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration(); + + SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; + + String endpointURL = getEndpointURL(samlMsgCtx).buildURL(); + + setResponseDestination(samlMsgCtx.getOutboundSAMLMessage(), endpointURL); + + removeSignature(samlMsgCtx); + + String encodedMessage = deflateAndBase64Encode(samlMsgCtx + .getOutboundSAMLMessage()); + + redirectURL = buildRedirectURL(samlMsgCtx, endpointURL, + encodedMessage); + } + + /** + * @return the redirectURL + */ + public String getRedirectURL() { + return redirectURL; + } + + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSAML2Bootstrap.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSAML2Bootstrap.java new file mode 100644 index 00000000..7b9bef88 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSAML2Bootstrap.java @@ -0,0 +1,42 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize; + +import org.opensaml.Configuration; +import org.opensaml.DefaultBootstrap; +import org.opensaml.xml.ConfigurationException; + +/** + * @author tlenz + * + */ +public class EAAFDefaultSAML2Bootstrap extends DefaultBootstrap { + + public static synchronized void bootstrap() throws ConfigurationException { + + initializeXMLSecurity(); + + initializeXMLTooling(); + + initializeArtifactBuilderFactories(); + + initializeGlobalSecurityConfiguration(); + + initializeParserPool(); + + initializeESAPI(); + + } + + public static void initializeDefaultPVPConfiguration() { + initializeGlobalSecurityConfiguration(); + + } + + /** + * Initializes the default global security configuration. + */ + protected static void initializeGlobalSecurityConfiguration() { + Configuration.setGlobalSecurityConfiguration(EAAFDefaultSecurityConfigurationBootstrap.buildDefaultConfig()); + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSecurityConfigurationBootstrap.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSecurityConfigurationBootstrap.java new file mode 100644 index 00000000..0008ac87 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSecurityConfigurationBootstrap.java @@ -0,0 +1,132 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize; + +import org.opensaml.xml.encryption.EncryptionConstants; +import org.opensaml.xml.security.BasicSecurityConfiguration; +import org.opensaml.xml.security.DefaultSecurityConfigurationBootstrap; +import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory; +import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager; +import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager; +import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; +import org.opensaml.xml.signature.SignatureConstants; + +/** + * @author tlenz + * + */ +public class EAAFDefaultSecurityConfigurationBootstrap extends + DefaultSecurityConfigurationBootstrap { + + public static BasicSecurityConfiguration buildDefaultConfig() { + BasicSecurityConfiguration config = new BasicSecurityConfiguration(); + + populateSignatureParams(config); + populateEncryptionParams(config); + populateKeyInfoCredentialResolverParams(config); + populateKeyInfoGeneratorManager(config); + populateKeyParams(config); + + return config; + } + + protected static void populateKeyInfoGeneratorManager( + BasicSecurityConfiguration config) { + NamedKeyInfoGeneratorManager namedManager = new NamedKeyInfoGeneratorManager(); + config.setKeyInfoGeneratorManager(namedManager); + + namedManager.setUseDefaultManager(true); + KeyInfoGeneratorManager defaultManager = namedManager + .getDefaultManager(); + + BasicKeyInfoGeneratorFactory basicFactory = new BasicKeyInfoGeneratorFactory(); + basicFactory.setEmitPublicKeyValue(true); + + X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory(); + x509Factory.setEmitEntityCertificate(true); + + defaultManager.registerFactory(basicFactory); + defaultManager.registerFactory(x509Factory); + } + + protected static void populateSignatureParams( + BasicSecurityConfiguration config) { + + //use SHA256 instead of SHA1 + config.registerSignatureAlgorithmURI("RSA", + SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + + config.registerSignatureAlgorithmURI("DSA", + "http://www.w3.org/2000/09/xmldsig#dsa-sha1"); + + //use SHA256 instead of SHA1 + config.registerSignatureAlgorithmURI("EC", + SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256); + + //use SHA256 instead of SHA1 + config.registerSignatureAlgorithmURI("AES", + SignatureConstants.ALGO_ID_MAC_HMAC_SHA256); + + + config.registerSignatureAlgorithmURI("DESede", + SignatureConstants.ALGO_ID_MAC_HMAC_SHA256); + + config.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#"); + config.setSignatureHMACOutputLength(null); + + //use SHA256 instead of SHA1 + config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256); + } + + protected static void populateEncryptionParams( + BasicSecurityConfiguration config) { + config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128), + "http://www.w3.org/2001/04/xmlenc#aes128-cbc"); + config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192), + "http://www.w3.org/2001/04/xmlenc#aes192-cbc"); + config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256), + "http://www.w3.org/2001/04/xmlenc#aes256-cbc"); + + //support GCM mode + config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128), + EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM); + + config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192), + EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM); + + config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256), + EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM); + + + config.registerDataEncryptionAlgorithmURI("DESede", + Integer.valueOf(168), + "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"); + config.registerDataEncryptionAlgorithmURI("DESede", + Integer.valueOf(192), + "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"); + + config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "AES", + "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"); + + config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, + "DESede", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"); + + config.registerKeyTransportEncryptionAlgorithmURI("AES", + Integer.valueOf(128), null, + "http://www.w3.org/2001/04/xmlenc#kw-aes128"); + config.registerKeyTransportEncryptionAlgorithmURI("AES", + Integer.valueOf(192), null, + "http://www.w3.org/2001/04/xmlenc#kw-aes192"); + config.registerKeyTransportEncryptionAlgorithmURI("AES", + Integer.valueOf(256), null, + "http://www.w3.org/2001/04/xmlenc#kw-aes256"); + config.registerKeyTransportEncryptionAlgorithmURI("DESede", + Integer.valueOf(168), null, + "http://www.w3.org/2001/04/xmlenc#kw-tripledes"); + config.registerKeyTransportEncryptionAlgorithmURI("DESede", + Integer.valueOf(192), null, + "http://www.w3.org/2001/04/xmlenc#kw-tripledes"); + + config.setAutoGeneratedDataEncryptionKeyAlgorithmURI("http://www.w3.org/2001/04/xmlenc#aes128-cbc"); + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java new file mode 100644 index 00000000..40ad8a82 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java @@ -0,0 +1,201 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.utils; + +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.RSAPrivateKey; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.KeyStoreX509CredentialAdapter; + +public abstract class AbstractCredentialProvider { + + private static final Logger log = LoggerFactory.getLogger(AbstractCredentialProvider.class); + + private KeyStore keyStore = null; + + /** + * Get a friendlyName for this keyStore implementation + * This friendlyName is used for logging + * + * @return keyStore friendlyName + */ + public abstract String getFriendlyName(); + + /** + * Get KeyStore + * + * @return URL to the keyStore + * @throws EAAFException + */ + public abstract String getKeyStoreFilePath() throws EAAFException; + + /** + * Get keyStore password + * + * @return Password of the keyStore + */ + public abstract String getKeyStorePassword(); + + /** + * Get alias of key for metadata signing + * + * @return key alias + */ + public abstract String getMetadataKeyAlias(); + + /** + * Get password of key for metadata signing + * + * @return key password + */ + public abstract String getMetadataKeyPassword(); + + /** + * Get alias of key for request/response signing + * + * @return key alias + */ + public abstract String getSignatureKeyAlias(); + + /** + * Get password of key for request/response signing + * + * @return key password + */ + public abstract String getSignatureKeyPassword(); + + /** + * Get alias of key for IDP response encryption + * + * @return key alias + */ + public abstract String getEncryptionKeyAlias(); + + /** + * Get password of key for IDP response encryption + * + * @return key password + */ + public abstract String getEncryptionKeyPassword(); + + + public X509Credential getIDPMetaDataSigningCredential() + throws CredentialsNotAvailableException { + try { + + if (keyStore == null) + keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), + getKeyStorePassword()); + + KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter( + keyStore, getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray()); + + credentials.setUsageType(UsageType.SIGNING); + if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { + log.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey."); + throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: " + + getMetadataKeyAlias() + ") is not found or contains no PrivateKey."}); + + } + return credentials; + } catch (Exception e) { + log.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials"); + e.printStackTrace(); + throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e); + } + } + + public X509Credential getIDPAssertionSigningCredential() + throws CredentialsNotAvailableException { + try { + if (keyStore == null) + keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), + getKeyStorePassword()); + + KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter( + keyStore, getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray()); + + credentials.setUsageType(UsageType.SIGNING); + if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { + log.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey."); + throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: " + + getSignatureKeyAlias() + ") is not found or contains no PrivateKey."}); + + } + + return (X509Credential) credentials; + } catch (Exception e) { + log.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials"); + e.printStackTrace(); + throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e); + } + } + + public X509Credential getIDPAssertionEncryptionCredential() + throws CredentialsNotAvailableException { + try { + if (keyStore == null) + keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), + getKeyStorePassword()); + + //if no encryption key is configured return null + if (StringUtils.isEmpty(getEncryptionKeyAlias())) + return null; + + KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter( + keyStore, getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray()); + + credentials.setUsageType(UsageType.ENCRYPTION); + + if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { + log.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey."); + throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Encryption credentials (Alias: " + + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."}); + + } + + return (X509Credential) credentials; + + } catch (Exception e) { + log.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials"); + e.printStackTrace(); + throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e); + } + } + + public static Signature getIDPSignature(Credential credentials) { + PrivateKey privatekey = credentials.getPrivateKey(); + Signature signer = SAML2Utils.createSAMLObject(Signature.class); + + if (privatekey instanceof RSAPrivateKey) { + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + + } else if (privatekey instanceof ECPrivateKey) { + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256); + + } else { + log.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential."); + + + } + + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(credentials); + return signer; + + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java new file mode 100644 index 00000000..707f12e2 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java @@ -0,0 +1,41 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.utils; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.modules.pvp2.exception.QAANotAllowedException; + +/** + * @author tlenz + * + */ +public class QAALevelVerifier { + + private static final Logger log = LoggerFactory.getLogger(QAALevelVerifier.class); + + public static void verifyQAALevel(String qaaAuth, String qaaRequest) throws QAANotAllowedException { + + if (EAAFConstants.EIDAS_QAA_LOW.equals(qaaRequest) && + (EAAFConstants.EIDAS_QAA_LOW.equals(qaaAuth) || + EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) || + EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth)) + ) + log.debug("Requesed LoA fits LoA from authentication. Continue auth process ... "); + + else if (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaRequest) && + (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) || + EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth)) + ) + log.debug("Requesed LoA fits LoA from authentication. Continue auth process ... "); + + else if (EAAFConstants.EIDAS_QAA_HIGH.equals(qaaRequest) && EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth)) + log.debug("Requesed LoA fits LoA from authentication. Continue auth process ... "); + + else + throw new QAANotAllowedException(qaaAuth, qaaRequest); + + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/SAML2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/SAML2Utils.java new file mode 100644 index 00000000..1da3fea3 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/SAML2Utils.java @@ -0,0 +1,125 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.utils; + +import java.io.IOException; +import java.security.NoSuchAlgorithmException; +import java.util.List; + +import javax.xml.namespace.QName; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.opensaml.Configuration; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.saml2.core.Status; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.ws.soap.soap11.Body; +import org.opensaml.ws.soap.soap11.Envelope; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.XMLObjectBuilderFactory; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.w3c.dom.Document; + +import at.gv.egiz.eaaf.core.impl.utils.Random; + +public class SAML2Utils { + + public static T createSAMLObject(final Class clazz) { + try { + XMLObjectBuilderFactory builderFactory = Configuration + .getBuilderFactory(); + + QName defaultElementName = (QName) clazz.getDeclaredField( + "DEFAULT_ELEMENT_NAME").get(null); + @SuppressWarnings("unchecked") + T object = (T) builderFactory.getBuilder(defaultElementName) + .buildObject(defaultElementName); + return object; + } catch (Throwable e) { + e.printStackTrace(); + return null; + } + } + + public static String getSecureIdentifier() { + return "_".concat(Random.nextHexRandom16()); + + /*Bug-Fix: There are open problems with RandomNumberGenerator via Java SPI and Java JDK 8.121 + * Generation of a 16bit Random identifier FAILES with an Caused by: java.lang.ArrayIndexOutOfBoundsException + * Caused by: java.lang.ArrayIndexOutOfBoundsException + at iaik.security.random.o.engineNextBytes(Unknown Source) + at iaik.security.random.SecRandomSpi.engineNextBytes(Unknown Source) + at java.security.SecureRandom.nextBytes(SecureRandom.java:468) + at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:62) + at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:56) + at at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils.getSecureIdentifier(SAML2Utils.java:69) + */ + //return idGenerator.generateIdentifier(); + } + + private static SecureRandomIdentifierGenerator idGenerator; + + private static DocumentBuilder builder; + static { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + try { + builder = factory.newDocumentBuilder(); + } catch (ParserConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + try { + idGenerator = new SecureRandomIdentifierGenerator(); + } catch(NoSuchAlgorithmException e) { + e.printStackTrace(); + } + } + + public static Document asDOMDocument(XMLObject object) throws IOException, + MarshallingException, TransformerException { + Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory().getMarshaller( + object); + out.marshall(object, document); + return document; + } + + public static Status getSuccessStatus() { + Status status = SAML2Utils.createSAMLObject(Status.class); + StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + statusCode.setValue(StatusCode.SUCCESS_URI); + status.setStatusCode(statusCode); + return status; + } + + public static int getDefaultAssertionConsumerServiceIndex(SPSSODescriptor spSSODescriptor) { + + List assertionConsumerList = spSSODescriptor.getAssertionConsumerServices(); + + for (AssertionConsumerService el : assertionConsumerList) { + if (el.isDefault()) + return el.getIndex(); + + } + + return 0; + } + + public static Envelope buildSOAP11Envelope(XMLObject payload) { + XMLObjectBuilderFactory bf = Configuration.getBuilderFactory(); + Envelope envelope = (Envelope) bf.getBuilder(Envelope.DEFAULT_ELEMENT_NAME).buildObject(Envelope.DEFAULT_ELEMENT_NAME); + Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME).buildObject(Body.DEFAULT_ELEMENT_NAME); + + body.getUnknownXMLObjects().add(payload); + envelope.setBody(body); + + return envelope; + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EAAFURICompare.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EAAFURICompare.java new file mode 100644 index 00000000..4d0963cb --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EAAFURICompare.java @@ -0,0 +1,36 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.validation; + +import org.opensaml.common.binding.decoding.URIComparator; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + + +public class EAAFURICompare implements URIComparator { + private static final Logger log = LoggerFactory.getLogger(EAAFURICompare.class); + + private String serviceURL = ""; + + /** + * + * + * @param serviceURL public URL of the PVP S-Profile endpoint + */ + public EAAFURICompare(String serviceURL) { + this.serviceURL = serviceURL; + } + + public boolean compare(String uri1, String uri2) { + if (this.serviceURL.equals(uri1)) + return true; + + else { + log.warn("PVP request destination-endpoint: " + uri1 + + " does not match to IDP endpoint:" + serviceURL); + return false; + + } + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java new file mode 100644 index 00000000..529f1ab6 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java @@ -0,0 +1,41 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.validation; + +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.security.MetadataCredentialResolver; +import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver; +import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver; +import org.opensaml.xml.security.keyinfo.KeyInfoProvider; +import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider; +import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider; +import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider; +import org.opensaml.xml.signature.SignatureTrustEngine; +import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine; + +public class TrustEngineFactory { + + public static SignatureTrustEngine getSignatureKnownKeysTrustEngine(MetadataProvider provider) { + MetadataCredentialResolver resolver; + + resolver = new MetadataCredentialResolver(provider); + + List keyInfoProvider = new ArrayList(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + + KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + + ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine( + resolver, keyInfoResolver); + + return engine; + + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java new file mode 100644 index 00000000..286c1999 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java @@ -0,0 +1,128 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; + +public abstract class AbstractMetadataSignatureFilter implements MetadataFilter { + private static final Logger log = LoggerFactory.getLogger(AbstractMetadataSignatureFilter.class); + + public void doFilter(XMLObject metadata) throws SignatureValidationException { + try { + if (metadata instanceof EntitiesDescriptor) { + EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; + if(entitiesDescriptor.getSignature() == null) { + throw new PVP2MetadataException("Root element of metadata file has to be signed", null); + } + processEntitiesDescriptor(entitiesDescriptor); + + + if (entitiesDescriptor.getEntityDescriptors().size() == 0) { + throw new PVP2MetadataException("No valid entity in metadata " + + entitiesDescriptor.getName() + ". Metadata is not loaded.", null); + } + + + } else if (metadata instanceof EntityDescriptor) { + EntityDescriptor entityDescriptor = (EntityDescriptor) metadata; + processEntityDescriptorr(entityDescriptor); + + } else { + throw new PVP2MetadataException("Invalid Metadata file Root element is no EntitiesDescriptor", null); + } + + + + log.info("Metadata signature policy check done OK"); + } catch (EAAFException e) { + log.warn("Metadata signature policy check FAILED.", e); + throw new SignatureValidationException(e); + } + } + + /** + * Signature verification of a SAML2 EntityDescriptor element + * + * @param desc + * @throws PVP2MetadataException if the signature is not valid or can not verified + */ + protected abstract void verify(EntityDescriptor desc) throws PVP2MetadataException; + + /** + * Signature verification of a SAML2 EntitiesDescriptor element + * + * @param desc + * @throws PVP2MetadataException if the signature is not valid or can not verified + */ + protected abstract void verify(EntitiesDescriptor desc) throws PVP2MetadataException; + + /** + * Verify a EntityDescriptor element of an EntitiesDescriptor + * + * @param entity EntityDescriptor to verify + * @param desc Full EntitiesDescriptor that contains the EntityDescriptor + * @throws PVP2MetadataException + */ + protected abstract void verify(EntityDescriptor entity, EntitiesDescriptor desc) throws PVP2MetadataException; + + + private void processEntityDescriptorr(EntityDescriptor desc) throws EAAFException { + verify(desc); + + } + + private void processEntitiesDescriptor(EntitiesDescriptor desc) throws EAAFException { + Iterator entID = desc.getEntitiesDescriptors().iterator(); + + if(desc.getSignature() != null) { + verify(desc); + + } + + while(entID.hasNext()) { + processEntitiesDescriptor(entID.next()); + } + + Iterator entIT = desc.getEntityDescriptors().iterator(); + List verifiedEntIT = new ArrayList(); + + //check every Entity + while(entIT.hasNext()) { + EntityDescriptor entity = entIT.next(); + log.debug("Validate metadata for entityID: " + entity.getEntityID() + " ..... "); + try { + verify(entity, desc); + + //add entity to verified entity-list + verifiedEntIT.add(entity); + log.debug("Metadata for entityID: " + entity.getEntityID() + " valid"); + + + } catch (Exception e) { + //remove entity of signature can not be verified. + log.info("Entity " + entity.getEntityID() + " is removed from metadata " + + desc.getName() + ". Entity verification error: " + e.getMessage()); + + } + + } + + //set only verified entity elements + desc.getEntityDescriptors().clear(); + desc.getEntityDescriptors().addAll(verifiedEntIT); + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PVPEntityCategoryFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PVPEntityCategoryFilter.java new file mode 100644 index 00000000..e29fb145 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PVPEntityCategoryFilter.java @@ -0,0 +1,211 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata; + +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.common.Extensions; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.LocalizedString; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.ServiceName; +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.samlext.saml2mdattr.EntityAttributes; +import org.opensaml.xml.XMLObject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.modules.pvp2.PVPConstants; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; + +/** + * @author tlenz + * + */ +public class PVPEntityCategoryFilter implements MetadataFilter { + private static final Logger log = LoggerFactory.getLogger(PVPEntityCategoryFilter.class); + + private boolean isUsed = false; + + /** + * Filter to map PVP EntityCategories into a set of single PVP attributes + * + * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored + * + */ + public PVPEntityCategoryFilter(boolean isUsed) { + this.isUsed = isUsed; + } + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + */ + @Override + public void doFilter(XMLObject metadata) throws FilterException { + + if (isUsed) { + log.trace("Map PVP EntityCategory to single PVP Attributes ... "); + String entityId = null; + try { + if (metadata instanceof EntitiesDescriptor) { + log.trace("Find EnitiesDescriptor ... "); + EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata; + if (entitiesDesc.getEntityDescriptors() != null) { + for (EntityDescriptor el : entitiesDesc.getEntityDescriptors()) + resolveEntityCategoriesToAttributes(el); + + } + + } else if (metadata instanceof EntityDescriptor) { + log.trace("Find EntityDescriptor"); + resolveEntityCategoriesToAttributes((EntityDescriptor)metadata); + + + } else + throw new PVP2MetadataException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null); + + + + } catch (Exception e) { + log.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e); + + } + + } else + log.trace("Filter to map PVP EntityCategory to single PVP Attributes is deactivated"); + + } + + private void resolveEntityCategoriesToAttributes(EntityDescriptor metadata) { + log.debug("Resolving EntityCategorie for Entity: " + metadata.getEntityID() + " ..."); + Extensions extensions = metadata.getExtensions(); + if (extensions != null) { + List listOfExt = extensions.getUnknownXMLObjects(); + if (listOfExt != null && !listOfExt.isEmpty()) { + log.trace("Find #" + listOfExt.size() + " 'Extension' elements "); + for (XMLObject el : listOfExt) { + log.trace("Find ExtensionElement: " + el.getElementQName().toString()); + if (el instanceof EntityAttributes) { + EntityAttributes entityAttrElem = (EntityAttributes)el; + if (entityAttrElem.getAttributes() != null) { + log.trace("Find EntityAttributes. Start attribute processing ..."); + for (Attribute entityAttr : entityAttrElem.getAttributes()) { + if (entityAttr.getName().equals(PVPConstants.ENTITY_CATEGORY_ATTRIBITE)) { + if (!entityAttr.getAttributeValues().isEmpty()) { + String entityAttrValue = entityAttr.getAttributeValues().get(0).getDOM().getTextContent(); + if (PVPConstants.EGOVTOKEN.equals(entityAttrValue)) { + log.debug("Find 'EGOVTOKEN' EntityAttribute. Adding single pvp attributes ... "); + addAttributesToEntityDescriptor(metadata, + buildAttributeList(PVPConstants.EGOVTOKEN_PVP_ATTRIBUTES), + entityAttrValue); + + + } else if (PVPConstants.CITIZENTOKEN.equals(entityAttrValue)) { + log.debug("Find 'CITIZENTOKEN' EntityAttribute. Adding single pvp attributes ... "); + addAttributesToEntityDescriptor(metadata, + buildAttributeList(PVPConstants.CITIZENTOKEN_PVP_ATTRIBUTES), + entityAttrValue); + + } else + log.info("EntityAttributeValue: " + entityAttrValue + " is UNKNOWN!"); + + } else + log.info("EntityAttribute: No attribute value"); + + } else + log.info("EntityAttribute: " + entityAttr.getName() + " is NOT supported"); + + } + + } else + log.info("Can NOT resolve EntityAttributes! Reason: Only EntityAttributes are supported!"); + + } + } + + } else + log.trace("'Extension' element is 'null' or empty"); + + } else + log.trace("No 'Extension' element found"); + + } + + /** + * @param metadata + * @param attrList + */ + private void addAttributesToEntityDescriptor(EntityDescriptor metadata, List attrList, String entityAttr) { + SPSSODescriptor spSSODesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); + if (spSSODesc != null) { + if (spSSODesc.getAttributeConsumingServices() == null || + spSSODesc.getAttributeConsumingServices().isEmpty()) { + log.trace("No 'AttributeConsumingServices' found. Added it ..."); + + AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class); + attributeService.setIndex(0); + attributeService.setIsDefault(true); + ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); + serviceName.setName(new LocalizedString("Default Service", "en")); + attributeService.getNames().add(serviceName); + + if (attrList != null && !attrList.isEmpty()) { + attributeService.getRequestAttributes().addAll(attrList); + log.info("Add " + attrList.size() + " attributes for 'EntityAttribute': " + entityAttr); + + } + + spSSODesc.getAttributeConsumingServices().add(attributeService); + + } else { + log.debug("Find 'AttributeConsumingServices'. Starting updating process ... "); + for (AttributeConsumingService el : spSSODesc.getAttributeConsumingServices()) { + log.debug("Update 'AttributeConsumingService' with Index: " + el.getIndex()); + + //load currently requested attributes + List currentlyReqAttr = new ArrayList(); + for (RequestedAttribute reqAttr : el.getRequestAttributes()) + currentlyReqAttr.add(reqAttr.getName()); + + + //check against EntityAttribute List + for (RequestedAttribute entityAttrListEl : attrList) { + if (!currentlyReqAttr.contains(entityAttrListEl.getName())) { + el.getRequestAttributes().add(entityAttrListEl); + + } else + log.debug("'AttributeConsumingService' already contains attr: " + entityAttrListEl.getName()); + + } + + } + + } + + } else + log.info("Can ONLY add 'EntityAttributes' to 'SPSSODescriptor'"); + + } + + private List buildAttributeList(List> attrSet) { + List requestedAttributes = new ArrayList(); + for (Trible el : attrSet) + requestedAttributes.add(PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird())); + + return requestedAttributes; + + + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java new file mode 100644 index 00000000..a7dddd32 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java @@ -0,0 +1,81 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata; + +import javax.xml.transform.dom.DOMSource; +import javax.xml.validation.Schema; +import javax.xml.validation.Validator; + +import org.opensaml.common.xml.SAMLSchemaBuilder; +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.xml.sax.SAXException; + +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; + +/** + * @author tlenz + * + */ +public class SchemaValidationFilter implements MetadataFilter { + private static final Logger log = LoggerFactory.getLogger(SchemaValidationFilter.class); + private boolean isActive = true; + + public SchemaValidationFilter() { + } + + /** + * + */ + public SchemaValidationFilter(boolean useSchemaValidation) { + this.isActive = useSchemaValidation; + } + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + */ + @Override + public void doFilter(XMLObject arg0) throws FilterException { + + String errString = null; + + if (isActive) { + try { + Schema test = SAMLSchemaBuilder.getSAML11Schema(); + Validator val = test.newValidator(); + DOMSource source = new DOMSource(arg0.getDOM()); + val.validate(source); + log.info("Metadata Schema validation check done OK"); + return; + + } catch (SAXException e) { + if (log.isDebugEnabled() || log.isTraceEnabled()) + log.warn("Metadata Schema validation FAILED with exception:", e); + else + log.warn("Metadata Schema validation FAILED with message: "+ e.getMessage()); + + errString = e.getMessage(); + + } catch (Exception e) { + if (log.isDebugEnabled() || log.isTraceEnabled()) + log.warn("Metadata Schema validation FAILED with exception:", e); + else + log.warn("Metadata Schema validation FAILED with message: "+ e.getMessage()); + + errString = e.getMessage(); + + } + + throw new FilterException( + new SchemaValidationException("Metadata Schema validation FAILED with message: "+ errString, null)); + + } else + log.info("Metadata Schema validation check is DEACTIVATED!"); + + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java new file mode 100644 index 00000000..32615d64 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java @@ -0,0 +1,171 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.verification; + +import javax.xml.namespace.QName; +import javax.xml.transform.dom.DOMSource; +import javax.xml.validation.Schema; +import javax.xml.validation.Validator; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.common.SignableSAMLObject; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.common.xml.SAMLSchemaBuilder; +import org.opensaml.security.MetadataCriteria; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.ws.message.MessageContext; +import org.opensaml.ws.security.SecurityPolicyException; +import org.opensaml.ws.security.SecurityPolicyRule; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.criteria.EntityIDCriteria; +import org.opensaml.xml.security.criteria.UsageCriteria; +import org.opensaml.xml.signature.SignatureTrustEngine; +import org.opensaml.xml.validation.ValidationException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; + +/** + * @author tlenz + * + */ +public abstract class AbstractRequestSignedSecurityPolicyRule implements SecurityPolicyRule { + + private static final Logger log = LoggerFactory.getLogger(AbstractRequestSignedSecurityPolicyRule.class); + + + private SignatureTrustEngine trustEngine = null; + private QName peerEntityRole = null; + /** + * @param peerEntityRole + * + */ + public AbstractRequestSignedSecurityPolicyRule(SignatureTrustEngine trustEngine, QName peerEntityRole) { + this.trustEngine = trustEngine; + this.peerEntityRole = peerEntityRole; + + } + + + /** + * Reload the PVP metadata for a given entity + * + * @param entityID for which the metadata should be refreshed. + * @return true if the refresh was successful, otherwise false + */ + protected abstract boolean refreshMetadataProvider(String entityID); + + + protected abstract SignableSAMLObject getSignedSAMLObject(XMLObject inboundData); + + /* (non-Javadoc) + * @see org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.MessageContext) + */ + @Override + public void evaluate(MessageContext context) throws SecurityPolicyException { + try { + verifySignature(context); + + } catch (SecurityPolicyException e) { + if (StringUtils.isEmpty(context.getInboundMessageIssuer())) { + throw e; + + } + log.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + context.getInboundMessageIssuer()); + if (!refreshMetadataProvider(context.getInboundMessageIssuer())) + throw e; + + else { + log.trace("PVP2X metadata reload finished. Check validate message again."); + verifySignature(context); + + } + log.trace("Second PVP2X message validation finished"); + + } + + + } + + private void verifySignature(MessageContext context) throws SecurityPolicyException { + SignableSAMLObject samlObj = getSignedSAMLObject(context.getInboundMessage()); + if (samlObj != null && samlObj.getSignature() != null) { + + SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); + try { + profileValidator.validate(samlObj.getSignature()); + performSchemaValidation(samlObj.getDOM()); + + } catch (ValidationException e) { + log.warn("Signature is not conform to SAML signature profile", e); + throw new SecurityPolicyException("Signature is not conform to SAML signature profile"); + + } catch (SchemaValidationException e) { + log.warn("Signature is not conform to SAML signature profile", e); + throw new SecurityPolicyException("Signature is not conform to SAML signature profile"); + + } + + + + CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add( new EntityIDCriteria(context.getInboundMessageIssuer()) ); + criteriaSet.add( new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); + + try { + if (!trustEngine.validate(samlObj.getSignature(), criteriaSet)) { + throw new SecurityPolicyException("Signature validation FAILED."); + + } + log.debug("PVP message signature valid."); + + } catch (org.opensaml.xml.security.SecurityException e) { + log.info("PVP2x message signature validation FAILED. Message:" + e.getMessage()); + throw new SecurityPolicyException("Signature validation FAILED."); + + } + + } else { + throw new SecurityPolicyException("PVP Message is not signed."); + + } + + } + + private void performSchemaValidation(Element source) throws SchemaValidationException { + + String err = null; + try { + Schema test = SAMLSchemaBuilder.getSAML11Schema(); + Validator val = test.newValidator(); + val.validate(new DOMSource(source)); + log.debug("Schema validation check done OK"); + return; + + } catch (SAXException e) { + err = e.getMessage(); + if (log.isDebugEnabled() || log.isTraceEnabled()) + log.warn("Schema validation FAILED with exception:", e); + else + log.warn("Schema validation FAILED with message: "+ e.getMessage()); + + } catch (Exception e) { + err = e.getMessage(); + if (log.isDebugEnabled() || log.isTraceEnabled()) + log.warn("Schema validation FAILED with exception:", e); + else + log.warn("Schema validation FAILED with message: "+ e.getMessage()); + + } + + throw new SchemaValidationException("pvp2.22", new Object[]{err}); + + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AuthnRequestValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AuthnRequestValidator.java new file mode 100644 index 00000000..86c7f309 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AuthnRequestValidator.java @@ -0,0 +1,45 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.verification; + +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.NameIDPolicy; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; +import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException; + + +/** + * @author tlenz + * + */ +public class AuthnRequestValidator { + private static final Logger log = LoggerFactory.getLogger(AuthnRequestValidator.class); + + public static void validate(AuthnRequest req) throws AuthnRequestValidatorException{ + + //validate NameIDPolicy + NameIDPolicy nameIDPolicy = req.getNameIDPolicy(); + if (nameIDPolicy != null) { + String nameIDFormat = nameIDPolicy.getFormat(); + if (nameIDFormat != null) { + if ( !(NameID.TRANSIENT.equals(nameIDFormat) || + NameID.PERSISTENT.equals(nameIDFormat) || + NameID.UNSPECIFIED.equals(nameIDFormat)) ) { + + throw new NameIDFormatNotSupportedException(nameIDFormat); + + } + + } else + log.trace("Find NameIDPolicy, but NameIDFormat is 'null'"); + } else + log.trace("AuthnRequest includes no 'NameIDPolicy'"); + + + + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPAuthRequestSignedRole.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPAuthRequestSignedRole.java new file mode 100644 index 00000000..458d28c2 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPAuthRequestSignedRole.java @@ -0,0 +1,29 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.verification; + +import org.opensaml.common.binding.SAMLMessageContext; +import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule; +import org.opensaml.ws.transport.http.HTTPInTransport; +import org.opensaml.xml.util.DatatypeHelper; + +/** + * @author tlenz + * + */ +public class PVPAuthRequestSignedRole extends SAML2AuthnRequestsSignedRule { + + @Override + protected boolean isMessageSigned(SAMLMessageContext messageContext) { + // This handles HTTP-Redirect and HTTP-POST-SimpleSign bindings. + HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport(); + String sigParam = inTransport.getParameterValue("Signature"); + boolean isSigned = !DatatypeHelper.isEmpty(sigParam); + + String sigAlgParam = inTransport.getParameterValue("SigAlg"); + boolean isSigAlgExists = !DatatypeHelper.isEmpty(sigAlgParam); + + return isSigned && isSigAlgExists; + + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPSignedRequestPolicyRule.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPSignedRequestPolicyRule.java new file mode 100644 index 00000000..af6c864e --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPSignedRequestPolicyRule.java @@ -0,0 +1,60 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.verification; + +import javax.xml.namespace.QName; + +import org.opensaml.common.SignableSAMLObject; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.signature.SignatureTrustEngine; + +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; + +/** + * @author tlenz + * + */ +public class PVPSignedRequestPolicyRule extends + AbstractRequestSignedSecurityPolicyRule { + + private IRefreshableMetadataProvider metadataProvider = null; + + /** + * @param metadataProvider + * @param trustEngine + * @param peerEntityRole + */ + public PVPSignedRequestPolicyRule(MetadataProvider metadataProvider, SignatureTrustEngine trustEngine, + QName peerEntityRole) { + super(trustEngine, peerEntityRole); + if (metadataProvider instanceof IRefreshableMetadataProvider) + this.metadataProvider = (IRefreshableMetadataProvider) metadataProvider; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#refreshMetadataProvider(java.lang.String) + */ + @Override + protected boolean refreshMetadataProvider(String entityID) { + if (metadataProvider != null) + return metadataProvider.refreshMetadataProvider(entityID); + + return false; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#getSignedSAMLObject(org.opensaml.xml.XMLObject) + */ + @Override + protected SignableSAMLObject getSignedSAMLObject(XMLObject inboundData) { + if (inboundData instanceof SignableSAMLObject) + return (SignableSAMLObject) inboundData; + + else + return null; + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SAMLVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SAMLVerificationEngine.java new file mode 100644 index 00000000..fe147ea7 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SAMLVerificationEngine.java @@ -0,0 +1,183 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.impl.verification; + +import javax.xml.namespace.QName; +import javax.xml.transform.dom.DOMSource; +import javax.xml.validation.Schema; +import javax.xml.validation.Validator; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.common.xml.SAMLSchemaBuilder; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.security.MetadataCriteria; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.criteria.EntityIDCriteria; +import org.opensaml.xml.security.criteria.UsageCriteria; +import org.opensaml.xml.signature.SignatureTrustEngine; +import org.opensaml.xml.validation.ValidationException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; + +@Service("SAMLVerificationEngine") +public class SAMLVerificationEngine { + private static final Logger log = LoggerFactory.getLogger(SAMLVerificationEngine.class); + + + @Autowired(required=true) IPVPMetadataProvider metadataProvider; + + public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { + try { + if (msg instanceof PVPSProfileRequest && + ((PVPSProfileRequest)msg).getSamlRequest() instanceof RequestAbstractType) + verifyRequest(((RequestAbstractType)((PVPSProfileRequest)msg).getSamlRequest()), sigTrustEngine); + + else + verifyIDPResponse(((PVPSProfileResponse)msg).getResponse(), sigTrustEngine); + + } catch (InvalidProtocolRequestException e) { + if (StringUtils.isEmpty(msg.getEntityID())) { + throw e; + + } + log.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + msg.getEntityID()); + + if (metadataProvider == null || + !(metadataProvider instanceof IRefreshableMetadataProvider) || + !((IRefreshableMetadataProvider)metadataProvider).refreshMetadataProvider(msg.getEntityID())) + throw e; + + else { + log.trace("PVP2X metadata reload finished. Check validate message again."); + + if (msg instanceof PVPSProfileRequest && + ((PVPSProfileRequest)msg).getSamlRequest() instanceof RequestAbstractType) + verifyRequest(((RequestAbstractType)((PVPSProfileRequest)msg).getSamlRequest()), sigTrustEngine); + + else + verifyIDPResponse(((PVPSProfileResponse)msg).getResponse(), sigTrustEngine); + + } + log.trace("Second PVP2X message validation finished"); + } + } + + public void verifySLOResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException { + verifyResponse(samlObj, sigTrustEngine, SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + } + + public void verifyIDPResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine) throws InvalidProtocolRequestException{ + verifyResponse(samlObj, sigTrustEngine, IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + + } + + private void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine, QName defaultElementName) throws InvalidProtocolRequestException{ + SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); + try { + profileValidator.validate(samlObj.getSignature()); + performSchemaValidation(samlObj.getDOM()); + + } catch (ValidationException e) { + log.warn("Signature is not conform to SAML signature profile", e); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature is not conform to SAML signature profile"); + + } catch (SchemaValidationException e) { + throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "SAML response does not fit XML scheme"); + + } + + CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) ); + criteriaSet.add( new MetadataCriteria(defaultElementName, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); + + try { + if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) { + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response"); + } + } catch (org.opensaml.xml.security.SecurityException e) { + log.warn("PVP2x message signature validation FAILED.", e); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response"); + } + } + + private void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException { + SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); + try { + profileValidator.validate(samlObj.getSignature()); + performSchemaValidation(samlObj.getDOM()); + + } catch (ValidationException e) { + log.warn("Signature is not conform to SAML signature profile", e); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Scheme validation FAILED on SAML request"); + + } catch (SchemaValidationException e) { + throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "Scheme verification FAILED on SAML request"); + + } + + CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) ); + criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); + + try { + if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) { + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request"); + } + } catch (org.opensaml.xml.security.SecurityException e) { + log.warn("PVP2x message signature validation FAILED.", e); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request"); + } + } + + protected void performSchemaValidation(Element source) throws SchemaValidationException { + + String err = null; + try { + Schema test = SAMLSchemaBuilder.getSAML11Schema(); + Validator val = test.newValidator(); + val.validate(new DOMSource(source)); + log.debug("Schema validation check done OK"); + return; + + } catch (SAXException e) { + err = e.getMessage(); + if (log.isDebugEnabled() || log.isTraceEnabled()) + log.warn("Schema validation FAILED with exception:", e); + else + log.warn("Schema validation FAILED with message: "+ e.getMessage()); + + } catch (Exception e) { + err = e.getMessage(); + if (log.isDebugEnabled() || log.isTraceEnabled()) + log.warn("Schema validation FAILED with exception:", e); + else + log.warn("Schema validation FAILED with message: "+ e.getMessage()); + + } + + throw new SchemaValidationException("pvp2.22", new Object[]{err}); + + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 00000000..9c60d724 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egiz.eaaf.modules.pvp2.PVP2SProfileCoreSpringResourceProvider \ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml new file mode 100644 index 00000000..2c64b5f1 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml @@ -0,0 +1,30 @@ + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml new file mode 100644 index 00000000..90b38119 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml @@ -0,0 +1,71 @@ + + + 4.0.0 + + at.gv.egiz.eaaf + eaaf_modules + 1.x + + eaaf_module_pvp2_idp + ${egiz.eaaf.version} + eaaf_module_pvp2_core + http://maven.apache.org + + UTF-8 + + + + at.gv.egiz.eaaf + eaaf_module_pvp2_core + ${egiz.eaaf.version} + + + + javax.servlet + javax.servlet-api + provided + + + + + junit + junit + test + + + + + eaaf_module_pvp2_idp + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.7.0 + + 1.8 + 1.8 + + + + + + maven-surefire-plugin + ${surefire.version} + + 1 + --add-modules java.xml.bind + + + + org.apache.maven.surefire + surefire-junit47 + ${surefire.version} + + + + + + + diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/META-INF/MANIFEST.MF b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/META-INF/MANIFEST.MF new file mode 100644 index 00000000..254272e1 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/META-INF/MANIFEST.MF @@ -0,0 +1,3 @@ +Manifest-Version: 1.0 +Class-Path: + diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/PVP2SProfileIDPSpringResourceProvider.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/PVP2SProfileIDPSpringResourceProvider.java new file mode 100644 index 00000000..7a9ac92b --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/PVP2SProfileIDPSpringResourceProvider.java @@ -0,0 +1,30 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.idp; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +public class PVP2SProfileIDPSpringResourceProvider implements SpringResourceProvider { + + @Override + public String getName() { + return "EAAF PVP2 S-Profile IDP SpringResourceProvider"; + } + + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource sl20AuthConfig = new ClassPathResource("/eaaf_pvp_idp.beans.xml", PVP2SProfileIDPSpringResourceProvider.class); + + return new Resource[] {sl20AuthConfig}; + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java new file mode 100644 index 00000000..ac999ffc --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java @@ -0,0 +1,21 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.idp.api.builder; + +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + +public interface ISubjectNameIdGenerator { + + /** + * Generates a SAML2 subjectNameId from authentication data + * + * @param authData Authentication data for the current pending request + * @param spConfig Service provider configuration + * @return Pair of subjectNameId and NameIdFormat + * @throws PVP2Exception + */ + public Pair generateSubjectNameId(IAuthData authData, ISPConfiguration spConfig) throws PVP2Exception; +} diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java new file mode 100644 index 00000000..d9ffa2f2 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java @@ -0,0 +1,30 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.idp.exception; + +import org.opensaml.saml2.core.StatusCode; + +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + +public class InvalidAssertionConsumerServiceException extends PVP2Exception { + + public InvalidAssertionConsumerServiceException(int idx) { + super("pvp2.00", new Object[]{idx}); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + /** + * + */ + public InvalidAssertionConsumerServiceException(String wrongURL) { + super("pvp2.23", new Object[]{wrongURL}); + this.statusCodeValue = StatusCode.REQUESTER_URI; + + } + + /** + * + */ + private static final long serialVersionUID = 7861790149343943091L; + +} diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionEncryptionException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionEncryptionException.java new file mode 100644 index 00000000..d0b6feb9 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionEncryptionException.java @@ -0,0 +1,18 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.idp.exception; + +import org.opensaml.saml2.core.StatusCode; + +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + +public class InvalidAssertionEncryptionException extends PVP2Exception { + + private static final long serialVersionUID = 6513388841485355549L; + + public InvalidAssertionEncryptionException() { + super("pvp2.16", new Object[]{}); + this.statusCodeValue = StatusCode.RESPONDER_URI; + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/RequestDeniedException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/RequestDeniedException.java new file mode 100644 index 00000000..5abd6dbe --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/RequestDeniedException.java @@ -0,0 +1,21 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.idp.exception; + +import org.opensaml.saml2.core.StatusCode; + +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + +public class RequestDeniedException extends PVP2Exception { + + public RequestDeniedException() { + super("pvp2.14", null); + this.statusCodeValue = StatusCode.REQUEST_DENIED_URI; + } + + /** + * + */ + private static final long serialVersionUID = 4415896615794730553L; + +} diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/ResponderErrorException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/ResponderErrorException.java new file mode 100644 index 00000000..f7145458 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/ResponderErrorException.java @@ -0,0 +1,26 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.idp.exception; + +import org.opensaml.saml2.core.StatusCode; + +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + +public class ResponderErrorException extends PVP2Exception { + + /** + * + */ + private static final long serialVersionUID = -425416760138285446L; + + public ResponderErrorException(String messageId, Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + this.statusCodeValue = StatusCode.RESPONDER_URI; + } + + public ResponderErrorException(String messageId, Object[] parameters) { + super(messageId, parameters); + this.statusCodeValue = StatusCode.RESPONDER_URI; + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SAMLRequestNotSignedException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SAMLRequestNotSignedException.java new file mode 100644 index 00000000..364fdbf0 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SAMLRequestNotSignedException.java @@ -0,0 +1,26 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.idp.exception; + +import org.opensaml.saml2.core.StatusCode; + +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + +public class SAMLRequestNotSignedException extends PVP2Exception { + + public SAMLRequestNotSignedException() { + super("pvp2.07", null); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + public SAMLRequestNotSignedException(Throwable e) { + super("pvp2.07", null, e); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + /** + * + */ + private static final long serialVersionUID = 1L; + +} diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SAMLRequestNotSupported.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SAMLRequestNotSupported.java new file mode 100644 index 00000000..b370a7be --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SAMLRequestNotSupported.java @@ -0,0 +1,22 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.idp.exception; + +import org.opensaml.saml2.core.StatusCode; + +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + + +public class SAMLRequestNotSupported extends PVP2Exception { + + public SAMLRequestNotSupported() { + super("pvp2.09", null); + this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED_URI; + } + + /** + * + */ + private static final long serialVersionUID = 1244883178458802767L; + +} diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java new file mode 100644 index 00000000..5dea922c --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java @@ -0,0 +1,19 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.idp.exception; + +import org.opensaml.saml2.core.StatusCode; + +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + +public class UnprovideableAttributeException extends PVP2Exception { + /** + * + */ + private static final long serialVersionUID = 3972197758163647157L; + + public UnprovideableAttributeException(String attributeName) { + super("pvp2.10", new Object[] {attributeName}); + this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE_URI; + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java new file mode 100644 index 00000000..93ffa789 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java @@ -0,0 +1,537 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.idp.impl; + +import java.util.List; + +import javax.annotation.PostConstruct; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.Status; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.core.StatusMessage; +import org.opensaml.saml2.core.impl.AuthnRequestImpl; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.ws.security.SecurityPolicyException; +import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.signature.SignableXMLObject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.components.eventlog.api.EventConstants; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.SLOException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidPVPRequestException; +import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException; +import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; +import at.gv.egiz.eaaf.modules.pvp2.idp.exception.InvalidAssertionConsumerServiceException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.AuthnRequestValidator; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SAMLVerificationEngine; + +public abstract class AbstractPVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo { + private static final Logger log = LoggerFactory.getLogger(AbstractPVP2XProtocol.class); + + @Autowired(required=true) protected IPVP2BasicConfiguration pvpBasicConfiguration; + @Autowired(required=true) protected IPVPMetadataProvider metadataProvider; + @Autowired(required=true) protected SAMLVerificationEngine samlVerificationEngine; + + private AbstractCredentialProvider pvpIDPCredentials; + + /** + * Sets a specific credential provider for PVP S-Profile IDP component. + * @param pvpIDPCredentials credential provider + */ + public void setPvpIDPCredentials(AbstractCredentialProvider pvpIDPCredentials) { + this.pvpIDPCredentials = pvpIDPCredentials; + + } + + public boolean generateErrorMessage(Throwable e, + HttpServletRequest request, HttpServletResponse response, + IRequest protocolRequest) throws Throwable { + + if(protocolRequest == null) { + throw e; + } + + if(!(protocolRequest instanceof PVPSProfilePendingRequest) ) { + throw e; + } + PVPSProfilePendingRequest pvpRequest = (PVPSProfilePendingRequest)protocolRequest; + + Response samlResponse = + SAML2Utils.createSAMLObject(Response.class); + Status status = SAML2Utils.createSAMLObject(Status.class); + StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class); + + String moaError = null; + + if(e instanceof NoPassivAuthenticationException) { + statusCode.setValue(StatusCode.NO_PASSIVE_URI); + statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); + + } else if (e instanceof NameIDFormatNotSupportedException) { + statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI); + statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); + + } else if (e instanceof SLOException) { + //SLOExecpetions only occurs if session information is lost + return false; + + } else if(e instanceof PVP2Exception) { + PVP2Exception ex = (PVP2Exception) e; + statusCode.setValue(ex.getStatusCodeValue()); + String statusMessageValue = ex.getStatusMessageValue(); + if(statusMessageValue != null) { + statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue)); + } + moaError = statusMessager.mapInternalErrorToExternalError(ex.getErrorId()); + + } else { + statusCode.setValue(StatusCode.RESPONDER_URI); + statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); + moaError = statusMessager.getResponseErrorCode(e); + } + + + if (StringUtils.isNotEmpty(moaError)) { + StatusCode moaStatusCode = SAML2Utils.createSAMLObject(StatusCode.class); + moaStatusCode.setValue(moaError); + statusCode.setStatusCode(moaStatusCode); + } + + status.setStatusCode(statusCode); + if(statusMessage.getMessage() != null) { + status.setStatusMessage(statusMessage); + } + samlResponse.setStatus(status); + String remoteSessionID = SAML2Utils.getSecureIdentifier(); + samlResponse.setID(remoteSessionID); + + samlResponse.setIssueInstant(new DateTime()); + Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); + nissuer.setValue(pvpBasicConfiguration.getIDPEntityId(pvpRequest.getAuthURL())); + nissuer.setFormat(NameID.ENTITY); + samlResponse.setIssuer(nissuer); + + IEncoder encoder = null; + + if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class); + + } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class); + + } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) { + encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class); + } + + if(encoder == null) { + // default to redirect binding + encoder = new RedirectBinding(); + } + + String relayState = null; + if (pvpRequest.getRequest() != null) + relayState = pvpRequest.getRequest().getRelayState(); + + X509Credential signCred = pvpIDPCredentials.getIDPAssertionSigningCredential(); + + encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL(), + relayState, signCred, protocolRequest); + return true; + } + + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending) { + + return true; + } + + protected void pvpMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException { + //create pendingRequest object + PVPSProfilePendingRequest pendingReq = applicationContext.getBean(PVPSProfilePendingRequest.class); + pendingReq.initialize(req, authConfig); + pendingReq.setModule(getName()); + + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + EventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + MetadataAction metadataAction = applicationContext.getBean(MetadataAction.class); + metadataAction.processRequest(pendingReq, + req, resp, null); + + } + + protected void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException { + PVPSProfilePendingRequest pendingReq = null; + + try { + //create pendingRequest object + pendingReq = applicationContext.getBean(PVPSProfilePendingRequest.class); + pendingReq.initialize(req, authConfig); + pendingReq.setModule(getName()); + + revisionsLogger.logEvent(EventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); + revisionsLogger.logEvent(EventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + EventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + //get POST-Binding decoder implementation + InboundMessage msg = (InboundMessage) new PostBinding().decode( + req, resp, metadataProvider, false, + new EAAFURICompare(pvpBasicConfiguration.getIDPSSOPostService(pendingReq.getAuthURL()))); + pendingReq.setRequest(msg); + + //preProcess Message + preProcess(req, resp, pendingReq); + + } catch (SecurityPolicyException e) { + String samlRequest = req.getParameter("SAMLRequest"); + log.warn("Receive INVALID protocol request: " + samlRequest, e); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, EventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage()); + + } catch (SecurityException e) { + String samlRequest = req.getParameter("SAMLRequest"); + log.warn("Receive INVALID protocol request: " + samlRequest, e); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, EventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + + throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage()); + + } catch (EAAFException e) { + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, EventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + + throw e; + + } catch (Throwable e) { + String samlRequest = req.getParameter("SAMLRequest"); + log.warn("Receive INVALID protocol request: " + samlRequest, e); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, EventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + + throw new EAAFException("pvp2.24", new Object[] {e.getMessage()}, e.getMessage(), e); + } + } + + protected void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException { + PVPSProfilePendingRequest pendingReq = null; + try { + //create pendingRequest object + pendingReq = applicationContext.getBean(PVPSProfilePendingRequest.class); + pendingReq.initialize(req, authConfig); + pendingReq.setModule(getName()); + + revisionsLogger.logEvent(EventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); + revisionsLogger.logEvent(EventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + EventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + //get POST-Binding decoder implementation + InboundMessage msg = (InboundMessage) new RedirectBinding().decode( + req, resp, metadataProvider, false, + new EAAFURICompare(pvpBasicConfiguration.getIDPSSORedirectService(pendingReq.getAuthURL()))); + pendingReq.setRequest(msg); + + //preProcess Message + preProcess(req, resp, pendingReq); + + } catch (SecurityPolicyException e) { + String samlRequest = req.getParameter("SAMLRequest"); + log.warn("Receive INVALID protocol request: " + samlRequest, e); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, EventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage()); + + } catch (SecurityException e) { + String samlRequest = req.getParameter("SAMLRequest"); + log.warn("Receive INVALID protocol request: " + samlRequest, e); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, EventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + + throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage()); + + } catch (EAAFException e) { + String samlRequest = req.getParameter("SAMLRequest"); + log.info("Receive INVALID protocol request: " + samlRequest); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, EventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + + throw e; + + } catch (Throwable e) { + String samlRequest = req.getParameter("SAMLRequest"); + log.warn("Receive INVALID protocol request: " + samlRequest, e); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, EventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + + throw new EAAFException("pvp2.24", new Object[] {e.getMessage()}, e.getMessage(), e); + } + } + + + + /** + * + * + * @param request + * @param response + * @param msg + * @return true if preprocess can handle this request type, otherwise false + * @throws Throwable + */ + abstract protected boolean childPreProcess(HttpServletRequest request, + HttpServletResponse response, PVPSProfilePendingRequest pendingReq) throws Throwable; + + protected void preProcess(HttpServletRequest request, + HttpServletResponse response, PVPSProfilePendingRequest pendingReq) throws Throwable { + + InboundMessage msg = pendingReq.getRequest(); + + if (StringUtils.isEmpty(msg.getEntityID())) { + throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}, "EntityId is null or empty"); + + } + + if(!msg.isVerified()) { + samlVerificationEngine.verify(msg, + TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); + msg.setVerified(true); + + } + + + if (msg instanceof PVPSProfileRequest && + ((PVPSProfileRequest)msg).getSamlRequest() instanceof AuthnRequest) + preProcessAuthRequest(request, response, pendingReq); + + else if (childPreProcess(request, response, pendingReq)) + log.debug("Find protocol handler in child implementation"); + + else { + log.error("Receive unsupported PVP21 message"); + throw new InvalidPVPRequestException("Unsupported PVP21 message", new Object[] {}); + } + + revisionsLogger.logEvent(pendingReq, IRevisionLogger.AUTHPROTOCOL_TYPE, getAuthProtocolIdentifier()); + + //switch to session authentication + performAuthentication(request, response, pendingReq); + } + + + /** + * PreProcess Authn request + * @param request + * @param response + * @param pendingReq + * @throws Throwable + */ + private void preProcessAuthRequest(HttpServletRequest request, + HttpServletResponse response, PVPSProfilePendingRequest pendingReq) throws Throwable { + + PVPSProfileRequest moaRequest = ((PVPSProfileRequest)pendingReq.getRequest()); + SignableXMLObject samlReq = moaRequest.getSamlRequest(); + + if(!(samlReq instanceof AuthnRequest)) { + throw new InvalidPVPRequestException("Unsupported request", new Object[] {}); + } + + EntityDescriptor metadata = moaRequest.getEntityMetadata(metadataProvider); + if(metadata == null) { + throw new NoMetadataInformationException(); + } + SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); + + AuthnRequest authnRequest = (AuthnRequest)samlReq; + + if (authnRequest.getIssueInstant() == null) { + log.warn("Unsupported request: No IssueInstant Attribute found."); + throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {}, + "Unsupported request: No IssueInstant Attribute found", pendingReq); + + } + + if (authnRequest.getIssueInstant().minusMinutes(EAAFConstants.ALLOWED_TIME_JITTER).isAfterNow()) { + log.warn("Unsupported request: No IssueInstant DateTime is not valid anymore."); + throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {}, + "Unsupported request: No IssueInstant DateTime is not valid anymore.", pendingReq); + + } + + //parse AssertionConsumerService + AssertionConsumerService consumerService = null; + if (StringUtils.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) && + StringUtils.isNotEmpty(authnRequest.getProtocolBinding())) { + //use AssertionConsumerServiceURL from request + + //check requested AssertionConsumingService URL against metadata + List metadataAssertionServiceList = spSSODescriptor.getAssertionConsumerServices(); + for (AssertionConsumerService service : metadataAssertionServiceList) { + if (authnRequest.getProtocolBinding().equals(service.getBinding()) + && authnRequest.getAssertionConsumerServiceURL().equals(service.getLocation())) { + consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); + consumerService.setBinding(authnRequest.getProtocolBinding()); + consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL()); + log.debug("Requested AssertionConsumerServiceURL is valid."); + } + } + + if (consumerService == null) { + throw new InvalidAssertionConsumerServiceException(authnRequest.getAssertionConsumerServiceURL()); + + } + + + } else { + //use AssertionConsumerServiceIndex and select consumerService from metadata + Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); + int assertionidx = 0; + + if(aIdx != null) { + assertionidx = aIdx.intValue(); + + } else { + assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor); + + } + consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx); + + if (consumerService == null) { + throw new InvalidAssertionConsumerServiceException(aIdx); + + } + } + + + //select AttributeConsumingService from request + AttributeConsumingService attributeConsumer = null; + Integer aIdx = authnRequest.getAttributeConsumingServiceIndex(); + int attributeIdx = 0; + + if(aIdx != null) { + attributeIdx = aIdx.intValue(); + } + + if (spSSODescriptor.getAttributeConsumingServices() != null && + spSSODescriptor.getAttributeConsumingServices().size() > 0) { + attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx); + } + + //validate AuthnRequest + AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq; + AuthnRequestValidator.validate(authReq); + +// String useMandate = request.getParameter(PARAM_USEMANDATE); +// if(useMandate != null) { +// if(useMandate.equals("true") && attributeConsumer != null) { +// if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) { +// throw new MandateAttributesNotHandleAbleException(); +// } +// } +// } + + String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID(); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL); + + log.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding()); + + pendingReq.setSPEntityId(oaURL); + pendingReq.setOnlineApplicationConfiguration(oa); + pendingReq.setBinding(consumerService.getBinding()); + pendingReq.setRequest(moaRequest); + pendingReq.setConsumerURL(consumerService.getLocation()); + + //parse AuthRequest + pendingReq.setPassiv(authReq.isPassive()); + pendingReq.setForce(authReq.isForceAuthn()); + + //AuthnRequest needs authentication + pendingReq.setNeedAuthentication(true); + + //set protocol action, which should be executed after authentication + pendingReq.setAction(AuthenticationAction.class.getName()); + + //write revisionslog entry + revisionsLogger.logEvent(pendingReq, PVPEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST); + + } + + @PostConstruct + private void verifyInitialization() { + if (pvpIDPCredentials == null) { + log.error("No SAML2 credentialProvider injected!"); + throw new RuntimeException("No SAML2 credentialProvider injected!"); + + } + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java new file mode 100644 index 00000000..adcff465 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java @@ -0,0 +1,154 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.idp.impl; + +import javax.annotation.PostConstruct; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.joda.time.DateTime; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.SecurityException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException; +import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; + +@Service("PVPAuthenticationRequestAction") +public class AuthenticationAction implements IAction { + private static final Logger log = LoggerFactory.getLogger(AuthenticationAction.class); + + private static final String CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION = "protocols.pvp2.assertion.encryption.active"; + + @Autowired(required=true) private IPVPMetadataProvider metadataProvider; + @Autowired(required=true) ApplicationContext springContext; + @Autowired(required=true) IConfiguration authConfig; + @Autowired(required=true) PVP2AssertionBuilder assertionBuilder; + @Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration; + + private AbstractCredentialProvider pvpIDPCredentials; + + /** + * Sets a specific credential provider for PVP S-Profile IDP component. + * @param pvpIDPCredentials credential provider + */ + public void setPvpIDPCredentials(AbstractCredentialProvider pvpIDPCredentials) { + this.pvpIDPCredentials = pvpIDPCredentials; + + } + + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp, IAuthData authData) throws ResponderErrorException { + PVPSProfilePendingRequest pvpRequest = (PVPSProfilePendingRequest) req; + try { + //get basic information + PVPSProfileRequest moaRequest = (PVPSProfileRequest) pvpRequest.getRequest(); + AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest(); + EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider); + + AssertionConsumerService consumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + consumerService.setBinding(pvpRequest.getBinding()); + consumerService.setLocation(pvpRequest.getConsumerURL()); + + DateTime date = new DateTime(); + SLOInformationImpl sloInformation = new SLOInformationImpl(); + String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pvpRequest.getAuthURL()); + + //build Assertion + Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, + peerEntity, date, consumerService, sloInformation); + + Response authResponse = AuthResponseBuilder.buildResponse( + metadataProvider, issuerEntityID, authnRequest, + date, assertion, authConfig.getBasicMOAIDConfigurationBoolean( + CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION, true)); + + IEncoder binding = null; + + if (consumerService.getBinding().equals( + SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class); + + } else if (consumerService.getBinding().equals( + SAMLConstants.SAML2_POST_BINDING_URI)) { + binding = springContext.getBean("PVPPOSTBinding", PostBinding.class); + + } + + if (binding == null) { + throw new BindingNotSupportedException(consumerService.getBinding()); + } + + binding.encodeRespone(httpReq, httpResp, authResponse, + consumerService.getLocation(), moaRequest.getRelayState(), + pvpIDPCredentials.getIDPAssertionSigningCredential(), req); + + //set protocol type + sloInformation.setProtocolType(req.requestedModule()); + sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier()); + return sloInformation; + + } catch (MessageEncodingException e) { + log.error("Message Encoding exception", e); + throw new ResponderErrorException("pvp2.01", null, e); + + } catch (SecurityException e) { + log.error("Security exception", e); + throw new ResponderErrorException("pvp2.01", null, e); + + } catch (EAAFException e) { + log.error("Response generation error", e); + throw new ResponderErrorException("pvp2.01", null, e); + + } + + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return true; + } + + public String getDefaultActionName() { + return "PVPAuthenticationRequestAction"; + + } + + @PostConstruct + private void verifyInitialization() { + if (pvpIDPCredentials == null) { + log.error("No SAML2 credentialProvider injected!"); + throw new RuntimeException("No SAML2 credentialProvider injected!"); + + } + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java new file mode 100644 index 00000000..fa871597 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java @@ -0,0 +1,99 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.idp.impl; + +import javax.annotation.PostConstruct; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.MediaType; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataConfigurationFactory; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; + +@Service("pvpMetadataService") +public class MetadataAction implements IAction { + + private static final Logger log = LoggerFactory.getLogger(MetadataAction.class); + + @Autowired private IRevisionLogger revisionsLogger; + @Autowired private PVPMetadataBuilder metadatabuilder; + @Autowired private IPVPMetadataConfigurationFactory configFactory; + + private AbstractCredentialProvider pvpIDPCredentials; + + /** + * Sets a specific credential provider for PVP S-Profile IDP component. + * @param pvpIDPCredentials credential provider + */ + public void setPvpIDPCredentials(AbstractCredentialProvider pvpIDPCredentials) { + this.pvpIDPCredentials = pvpIDPCredentials; + + } + + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp, IAuthData authData) throws PVP2MetadataException { + try { + revisionsLogger.logEvent(req, PVPEventConstants.AUTHPROTOCOL_PVP_METADATA); + + //build metadata + IPVPMetadataBuilderConfiguration metadataConfig = + configFactory.generateMetadataBuilderConfiguration( + req.getAuthURLWithOutSlash(), + pvpIDPCredentials); + + ; + + String metadataXML = metadatabuilder.buildPVPMetadata(metadataConfig); + log.debug("METADATA: " + metadataXML); + + byte[] content = metadataXML.getBytes("UTF-8"); + httpResp.setStatus(HttpServletResponse.SC_OK); + httpResp.setContentLength(content.length); + httpResp.setContentType(MediaType.APPLICATION_XML_VALUE); + httpResp.getOutputStream().write(content); + return null; + + } catch (Exception e) { + log.error("Failed to generate metadata", e); + throw new PVP2MetadataException("pvp2.13", null); + } + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() + */ + @Override + public String getDefaultActionName() { + return "IDP - PVP Metadata action"; + } + + @PostConstruct + private void verifyInitialization() { + if (pvpIDPCredentials == null) { + log.error("No SAML2 credentialProvider injected!"); + throw new RuntimeException("No SAML2 credentialProvider injected!"); + + } + } + + +} diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/PVPSProfilePendingRequest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/PVPSProfilePendingRequest.java new file mode 100644 index 00000000..06c64b84 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/PVPSProfilePendingRequest.java @@ -0,0 +1,103 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.idp.impl; + +import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; + +@Component("PVPSProfilePendingRequest") +@Scope(value = BeanDefinition.SCOPE_PROTOTYPE) +public class PVPSProfilePendingRequest extends RequestImpl { + private static final long serialVersionUID = 4889919265919638188L; + + InboundMessage request; + String binding; + String consumerURL; + + public InboundMessage getRequest() { + return request; + } + + public void setRequest(InboundMessage request) { + this.request = request; + } + + public String getBinding() { + return binding; + } + + public void setBinding(String binding) { + this.binding = binding; + } + + public String getConsumerURL() { + return consumerURL; + } + + public void setConsumerURL(String consumerURL) { + this.consumerURL = consumerURL; + + } + +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection getRequestedAttributes(MetadataProvider metadataProvider) { +// +// Map reqAttr = new HashMap(); +// for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) +// reqAttr.put(el, ""); +// +// try { +// SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS); +// if (spSSODescriptor.getAttributeConsumingServices() != null && +// spSSODescriptor.getAttributeConsumingServices().size() > 0) { +// +// Integer aIdx = null; +// if (getRequest() instanceof MOARequest && +// ((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) { +// AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest(); +// aIdx = authnRequest.getAttributeConsumingServiceIndex(); +// +// } else { +// Logger.error("MOARequest is NOT of type AuthnRequest"); +// } +// +// int idx = 0; +// +// AttributeConsumingService attributeConsumingService = null; +// +// if (aIdx != null) { +// idx = aIdx.intValue(); +// attributeConsumingService = spSSODescriptor +// .getAttributeConsumingServices().get(idx); +// +// } else { +// List attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices(); +// for (AttributeConsumingService el : attrConsumingServiceList) { +// if (el.isDefault()) +// attributeConsumingService = el; +// } +// } +// +// for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes()) +// reqAttr.put(attr.getName(), ""); +// } +// +// //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); +// return reqAttr.keySet(); +// +// } catch (NoMetadataInformationException e) { +// Logger.warn("NO metadata found for Entity " + getRequest().getEntityID()); +// return null; +// +// } +// +// } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java new file mode 100644 index 00000000..34a28f72 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java @@ -0,0 +1,129 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder; + +import java.util.ArrayList; +import java.util.List; + +import org.joda.time.DateTime; +import org.opensaml.Configuration; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.EncryptedAssertion; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.encryption.Encrypter; +import org.opensaml.saml2.encryption.Encrypter.KeyPlacement; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.security.MetadataCredentialResolver; +import org.opensaml.security.MetadataCriteria; +import org.opensaml.xml.encryption.EncryptionException; +import org.opensaml.xml.encryption.EncryptionParameters; +import org.opensaml.xml.encryption.KeyEncryptionParameters; +import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.criteria.EntityIDCriteria; +import org.opensaml.xml.security.criteria.UsageCriteria; +import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; +import org.opensaml.xml.security.x509.X509Credential; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.modules.pvp2.PVPConstants; +import at.gv.egiz.eaaf.modules.pvp2.idp.exception.InvalidAssertionEncryptionException; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; + +/** + * @author tlenz + * + */ +public class AuthResponseBuilder { + + private static final Logger log = LoggerFactory.getLogger(AuthResponseBuilder.class); + + public static Response buildResponse(MetadataProvider metadataProvider, String issuerEntityID, RequestAbstractType req, DateTime date, Assertion assertion, boolean enableEncryption) throws InvalidAssertionEncryptionException { + Response authResponse = SAML2Utils.createSAMLObject(Response.class); + + Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); + + nissuer.setValue(issuerEntityID); + nissuer.setFormat(NameID.ENTITY); + authResponse.setIssuer(nissuer); + authResponse.setInResponseTo(req.getID()); + + //set responseID + String remoteSessionID = SAML2Utils.getSecureIdentifier(); + authResponse.setID(remoteSessionID); + + + //SAML2 response required IssueInstant + authResponse.setIssueInstant(date); + + authResponse.setStatus(SAML2Utils.getSuccessStatus()); + + //check, if metadata includes an encryption key + MetadataCredentialResolver mdCredResolver = + new MetadataCredentialResolver(metadataProvider); + + CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add( new EntityIDCriteria(req.getIssuer().getValue()) ); + criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) ); + + X509Credential encryptionCredentials = null; + try { + encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet); + + } catch (SecurityException e2) { + log.warn("Can not extract the Assertion Encryption-Key from metadata", e2); + throw new InvalidAssertionEncryptionException(); + + } + + if (encryptionCredentials != null && enableEncryption) { + //encrypt SAML2 assertion + + try { + + EncryptionParameters dataEncParams = new EncryptionParameters(); + dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE); + + List keyEncParamList = new ArrayList(); + KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); + + keyEncParam.setEncryptionCredential(encryptionCredentials); + keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE); + KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration() + .getKeyInfoGeneratorManager().getDefaultManager() + .getFactory(encryptionCredentials); + keyEncParam.setKeyInfoGenerator(kigf.newInstance()); + keyEncParamList.add(keyEncParam); + + Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); + //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE); + samlEncrypter.setKeyPlacement(KeyPlacement.PEER); + + EncryptedAssertion encryptAssertion = null; + + encryptAssertion = samlEncrypter.encrypt(assertion); + + authResponse.getEncryptedAssertions().add(encryptAssertion); + + } catch (EncryptionException e1) { + log.warn("Can not encrypt the PVP2 assertion", e1); + throw new InvalidAssertionEncryptionException(); + + } + + } else { + authResponse.getAssertions().add(assertion); + + } + + return authResponse; + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java new file mode 100644 index 00000000..7369da15 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java @@ -0,0 +1,448 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder; + +import java.security.MessageDigest; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeQuery; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.Audience; +import org.opensaml.saml2.core.AudienceRestriction; +import org.opensaml.saml2.core.AuthnContext; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.AuthnStatement; +import org.opensaml.saml2.core.Conditions; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.core.SubjectConfirmation; +import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.core.impl.AuthnRequestImpl; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.NameIDFormat; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import org.springframework.util.Base64Utils; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.PVPConstants; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; +import at.gv.egiz.eaaf.modules.pvp2.exception.QAANotSupportedException; +import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator; +import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException; +import at.gv.egiz.eaaf.modules.pvp2.idp.exception.UnprovideableAttributeException; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.QAALevelVerifier; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; + +@Service("PVP2AssertionBuilder") +public class PVP2AssertionBuilder implements PVPConstants { + + private static final Logger log = LoggerFactory.getLogger(PVP2AssertionBuilder.class); + @Autowired private ILoALevelMapper loaLevelMapper; + @Autowired private ISubjectNameIdGenerator subjectNameIdGenerator; + + + /** + * Build a PVP assertion as response for a SAML2 AttributeQuery request + * + * @param issuerEntityID EnitiyID, which should be used for this IDP response + * @param attrQuery AttributeQuery request from Service-Provider + * @param attrList List of PVP response attributes + * @param now Current time + * @param validTo ValidTo time of the assertion + * @param qaaLevel QAA level of the authentication + * @param sessionIndex SAML2 SessionIndex, which should be included * + * @return PVP 2.1 Assertion + * @throws PVP2Exception + */ + public Assertion buildAssertion(String issuerEntityID, AttributeQuery attrQuery, + List attrList, DateTime now, DateTime validTo, String qaaLevel, String sessionIndex) throws PVP2Exception { + + AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + authnContextClassRef.setAuthnContextClassRef(qaaLevel); + + NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); + subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat()); + subjectNameID.setValue(attrQuery.getSubject().getNameID().getValue()); + + SubjectConfirmationData subjectConfirmationData = null; + + return buildGenericAssertion(issuerEntityID, attrQuery.getIssuer().getValue(), now, + authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, + validTo); + } + + + /** + * Build a PVP 2.1 assertion as response of a SAML2 AuthnRequest + * + * @param issuerEntityID EnitiyID, which should be used for this IDP response + * @param pendingReq Current processed pendingRequest DAO + * @param authnRequest Current processed PVP AuthnRequest + * @param authData AuthenticationData of the user, which is already authenticated + * @param peerEntity SAML2 EntityDescriptor of the service-provider, which receives the response + * @param date TimeStamp + * @param assertionConsumerService SAML2 endpoint of the service-provider, which should be used + * @param sloInformation Single LogOut information DAO + * @return + * @throws PVP2Exception + */ + public Assertion buildAssertion(String issuerEntityID, PVPSProfilePendingRequest pendingReq, AuthnRequest authnRequest, + IAuthData authData, EntityDescriptor peerEntity, DateTime date, + AssertionConsumerService assertionConsumerService, SLOInformationInterface sloInformation) + throws PVP2Exception { + + RequestedAuthnContext reqAuthnContext = authnRequest + .getRequestedAuthnContext(); + + AuthnContextClassRef authnContextClassRef = SAML2Utils + .createSAMLObject(AuthnContextClassRef.class); + + ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); + + if (reqAuthnContext == null) { + authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel()); + + } else { + + boolean eIDAS_qaa_found = false; + + List reqAuthnContextClassRefIt = reqAuthnContext + .getAuthnContextClassRefs(); + + if (reqAuthnContextClassRefIt.size() == 0) { + QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), EAAFConstants.EIDAS_QAA_HIGH); + + eIDAS_qaa_found = true; + authnContextClassRef.setAuthnContextClassRef(EAAFConstants.EIDAS_QAA_HIGH); + + } else { + for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { + String qaa_uri = authnClassRef.getAuthnContextClassRef(); + + if (!qaa_uri.trim().startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) { + if (loaLevelMapper != null) { + log.debug("Find no eIDAS LoA. Start mapping process ... " ); + qaa_uri = loaLevelMapper.mapToeIDASLoA(qaa_uri.trim()); + + } else + log.debug("AuthnRequest contains no eIDAS LoA. NO LoA mapper FOUND, ignore " + + "'" + qaa_uri.trim() + "'"); + + } + + if (qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_HIGH) + || qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_SUBSTANTIAL) + || qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_LOW)) { + + if (authData.isForeigner()) { + QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), oaParam.getMinimumLevelOfAssurence()); + + eIDAS_qaa_found = true; + authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel()); + + } else { + + QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), + qaa_uri.trim()); + + eIDAS_qaa_found = true; + authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel()); + + } + break; + } + } + } + + if (!eIDAS_qaa_found) + throw new QAANotSupportedException(EAAFConstants.EIDAS_QAA_HIGH); + + } + + + + SPSSODescriptor spSSODescriptor = peerEntity + .getSPSSODescriptor(SAMLConstants.SAML20P_NS); + + //add Attributes to Assertion + List attrList = new ArrayList(); + if (spSSODescriptor.getAttributeConsumingServices() != null && + spSSODescriptor.getAttributeConsumingServices().size() > 0) { + + Integer aIdx = authnRequest.getAttributeConsumingServiceIndex(); + int idx = 0; + + AttributeConsumingService attributeConsumingService = null; + if (aIdx != null) { + idx = aIdx.intValue(); + attributeConsumingService = spSSODescriptor + .getAttributeConsumingServices().get(idx); + + } else { + List attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices(); + for (AttributeConsumingService el : attrConsumingServiceList) { + if (el.isDefault()) + attributeConsumingService = el; + } + } + + /* + * TODO: maybe use first AttributeConsumingService if no is selected + * in request or on service is marked as default + * + */ + if (attributeConsumingService == null ) { + List attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices(); + if (attrConsumingServiceList != null && !attrConsumingServiceList.isEmpty()) + attributeConsumingService = attrConsumingServiceList.get(0); + + } + + + if (attributeConsumingService != null) { + Iterator it = attributeConsumingService + .getRequestAttributes().iterator(); + while (it.hasNext()) { + RequestedAttribute reqAttribut = it.next(); + try { + Attribute attr = PVPAttributeBuilder.buildAttribute( + reqAttribut.getName(), oaParam, authData); + if (attr == null) { + if (reqAttribut.isRequired()) { + throw new UnprovideableAttributeException( + reqAttribut.getName()); + } + } else { + attrList.add(attr); + } + + } catch (UnavailableAttributeException e) { + log.info( + "Attribute generation for " + + reqAttribut.getFriendlyName() + " not possible."); + if (reqAttribut.isRequired()) { + throw new UnprovideableAttributeException( + reqAttribut.getName()); + } + + + } catch (PVP2Exception e) { + log.info( + "Attribute generation failed! for " + + reqAttribut.getFriendlyName()); + if (reqAttribut.isRequired()) { + throw new UnprovideableAttributeException( + reqAttribut.getName()); + } + + } catch (Exception e) { + log.warn( + "General Attribute generation failed! for " + + reqAttribut.getFriendlyName(), e); + if (reqAttribut.isRequired()) { + throw new UnprovideableAttributeException( + reqAttribut.getName()); + } + + } + } + } + } + + //generate subjectNameId + NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); + Pair subjectNameIdPair = subjectNameIdGenerator.generateSubjectNameId(authData, oaParam); + subjectNameID.setValue(subjectNameIdPair.getFirst()); + subjectNameID.setNameQualifier(subjectNameIdPair.getSecond()); + + //get NameIDFormat from request + String nameIDFormat = NameID.TRANSIENT; + AuthnRequest authnReq = (AuthnRequestImpl) authnRequest; + if (authnReq.getNameIDPolicy() != null && + StringUtils.isNotEmpty(authnReq.getNameIDPolicy().getFormat())) { + nameIDFormat = authnReq.getNameIDPolicy().getFormat(); + + } else { + //get NameIDFormat from metadata + List metadataNameIDFormats = spSSODescriptor.getNameIDFormats(); + + if (metadataNameIDFormats != null) { + + for (NameIDFormat el : metadataNameIDFormats) { + if (NameID.PERSISTENT.equals(el.getFormat())) { + nameIDFormat = NameID.PERSISTENT; + break; + + } else if (NameID.TRANSIENT.equals(el.getFormat()) || + NameID.UNSPECIFIED.equals(el.getFormat())) + break; + + } + } + } + + if (NameID.TRANSIENT.equals(nameIDFormat) || NameID.UNSPECIFIED.equals(nameIDFormat)) { + String random = Random.nextHexRandom32(); + String nameID = subjectNameID.getValue(); + + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest((nameID + random).getBytes("ISO-8859-1")); + subjectNameID.setValue(Base64Utils.encodeToString(hash)); + subjectNameID.setNameQualifier(null); + subjectNameID.setFormat(NameID.TRANSIENT); + + } catch (Exception e) { + log.warn("PVP2 subjectNameID error", e); + throw new ResponderErrorException("pvp2.13", null, e); + } + + } else + subjectNameID.setFormat(nameIDFormat); + + + String sessionIndex = null; + + //if request is a reauthentication and NameIDFormat match reuse old session information + if (StringUtils.isNotEmpty(authData.getNameID()) && + StringUtils.isNotEmpty(authData.getNameIDFormat()) && + nameIDFormat.equals(authData.getNameIDFormat())) { + subjectNameID.setValue(authData.getNameID()); + sessionIndex = authData.getSessionIndex(); + + } + + // + if (StringUtils.isEmpty(sessionIndex)) + sessionIndex = SAML2Utils.getSecureIdentifier(); + + SubjectConfirmationData subjectConfirmationData = SAML2Utils + .createSAMLObject(SubjectConfirmationData.class); + subjectConfirmationData.setInResponseTo(authnRequest.getID()); + subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime())); +// subjectConfirmationData.setNotBefore(date); + + //set 'recipient' attribute in subjectConformationData + subjectConfirmationData.setRecipient(assertionConsumerService.getLocation()); + + //set IP address of the user machine as 'Address' attribute in subjectConformationData + String usersIPAddress = pendingReq.getGenericData( + RequestImpl.DATAID_REQUESTER_IP_ADDRESS, String.class); + if (StringUtils.isNotEmpty(usersIPAddress)) + subjectConfirmationData.setAddress(usersIPAddress); + + //set SLO information + sloInformation.setUserNameIdentifier(subjectNameID.getValue()); + sloInformation.setNameIDFormat(subjectNameID.getFormat()); + sloInformation.setSessionIndex(sessionIndex); + + return buildGenericAssertion(issuerEntityID, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter()); + } + + /** + * + * @param issuer IDP EntityID + * @param entityID Service Provider EntityID + * @param date + * @param authnContextClassRef + * @param attrList + * @param subjectNameID + * @param subjectConfirmationData + * @param sessionIndex + * @param isValidTo + * @return + * @throws ConfigurationException + */ + + public Assertion buildGenericAssertion(String issuer, String entityID, DateTime date, + AuthnContextClassRef authnContextClassRef, List attrList, + NameID subjectNameID, SubjectConfirmationData subjectConfirmationData, + String sessionIndex, DateTime isValidTo) throws ResponderErrorException { + Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class); + + AuthnContext authnContext = SAML2Utils + .createSAMLObject(AuthnContext.class); + authnContext.setAuthnContextClassRef(authnContextClassRef); + + AuthnStatement authnStatement = SAML2Utils + .createSAMLObject(AuthnStatement.class); + + authnStatement.setAuthnInstant(date); + authnStatement.setSessionIndex(sessionIndex); + authnStatement.setAuthnContext(authnContext); + + assertion.getAuthnStatements().add(authnStatement); + + AttributeStatement attributeStatement = SAML2Utils + .createSAMLObject(AttributeStatement.class); + attributeStatement.getAttributes().addAll(attrList); + if (attributeStatement.getAttributes().size() > 0) { + assertion.getAttributeStatements().add(attributeStatement); + } + + Subject subject = SAML2Utils.createSAMLObject(Subject.class); + subject.setNameID(subjectNameID); + + SubjectConfirmation subjectConfirmation = SAML2Utils + .createSAMLObject(SubjectConfirmation.class); + subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER); + subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData); + + subject.getSubjectConfirmations().add(subjectConfirmation); + + Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class); + AudienceRestriction audienceRestriction = SAML2Utils + .createSAMLObject(AudienceRestriction.class); + Audience audience = SAML2Utils.createSAMLObject(Audience.class); + + audience.setAudienceURI(entityID); + audienceRestriction.getAudiences().add(audience); + conditions.setNotBefore(date); + conditions.setNotOnOrAfter(isValidTo); + + conditions.getAudienceRestrictions().add(audienceRestriction); + + assertion.setConditions(conditions); + + Issuer issuerObj = SAML2Utils.createSAMLObject(Issuer.class); + + if (issuer.endsWith("/")) + issuer = issuer.substring(0, issuer.length()-1); + issuerObj.setValue(issuer); + issuerObj.setFormat(NameID.ENTITY); + + assertion.setIssuer(issuerObj); + assertion.setSubject(subject); + assertion.setID(SAML2Utils.getSecureIdentifier()); + assertion.setIssueInstant(date); + + return assertion; + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/eaaf_modules/eaaf_module_pvp2_idp/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 00000000..cda12a62 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egiz.eaaf.modules.pvp2.idp.PVP2SProfileIDPSpringResourceProvider \ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/resources/eaaf_pvp_idp.beans.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/main/resources/eaaf_pvp_idp.beans.xml new file mode 100644 index 00000000..a54482e9 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/resources/eaaf_pvp_idp.beans.xml @@ -0,0 +1,19 @@ + + + + + + + + \ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml new file mode 100644 index 00000000..0ec3895d --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml @@ -0,0 +1,71 @@ + + + 4.0.0 + + at.gv.egiz.eaaf + eaaf_modules + 1.x + + eaaf_module_pvp2_sp + ${egiz.eaaf.version} + eaaf_module_pvp2_sp + http://maven.apache.org + + UTF-8 + + + + at.gv.egiz.eaaf + eaaf_module_pvp2_core + ${egiz.eaaf.version} + + + + javax.servlet + javax.servlet-api + provided + + + + junit + junit + test + + + + + eaaf_module_pvp2_sp + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.7.0 + + 1.8 + 1.8 + + + + + + maven-surefire-plugin + ${surefire.version} + + 1 + --add-modules java.xml.bind + + + + org.apache.maven.surefire + surefire-junit47 + ${surefire.version} + + + + + + + + diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/META-INF/MANIFEST.MF b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/META-INF/MANIFEST.MF new file mode 100644 index 00000000..254272e1 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/META-INF/MANIFEST.MF @@ -0,0 +1,3 @@ +Manifest-Version: 1.0 +Class-Path: + diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java new file mode 100644 index 00000000..b0439775 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java @@ -0,0 +1,142 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.sp.api; + +import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.xml.security.credential.Credential; +import org.w3c.dom.Element; + +/** + * @author tlenz + * + */ +public interface IPVPAuthnRequestBuilderConfiguruation { + + /** + * Defines a unique name for this PVP Service-provider, which is used for logging + * + * @return + */ + public String getSPNameForLogging(); + + /** + * If true, the SAML2 isPassive flag is set in the AuthnRequest + * + * @return + */ + public Boolean isPassivRequest(); + + /** + * Define the ID of the AssertionConsumerService, + * which defines the required attributes in service-provider metadata. + * + * @return + */ + public Integer getAssertionConsumerServiceId(); + + /** + * Define the SAML2 EntityID of the service provider. + * + * @return + */ + public String getSPEntityID(); + + /** + * Define the SAML2 NameIDPolicy + * + * @return Service-Provider EntityID, but never null + */ + public String getNameIDPolicyFormat(); + + /** + * Define the AuthnContextClassRefernece of this request + * + * Example: + * http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3 + * http://www.stork.gov.eu/1.0/citizenQAALevel/4 + * + * + * @return + */ + public String getAuthnContextClassRef(); + + /** + * Define the AuthnContextComparison model, which should be used + * + * @return + */ + public AuthnContextComparisonTypeEnumeration getAuthnContextComparison(); + + + /** + * Define the credential, which should be used to sign the AuthnRequest + * + * @return + */ + public Credential getAuthnRequestSigningCredential(); + + + /** + * Define the SAML2 EntityDescriptor of the IDP, which should receive the AuthnRequest + * + * @return Credential, but never null. + */ + public EntityDescriptor getIDPEntityDescriptor(); + + /** + * Set the SAML2 NameIDPolicy allow-creation flag + * + * @return EntityDescriptor, but never null. + */ + public boolean getNameIDPolicyAllowCreation(); + + + /** + * Set the requested SubjectNameID + * + * @return SubjectNameID, or null if no SubjectNameID should be used + */ + public String getSubjectNameID(); + + /** + * Define the qualifier of the SubjectNameID + *

+ * Like: 'urn:publicid:gv.at:cdid+BF' + * + * @return qualifier, or null if no qualifier should be set + */ + public String getSubjectNameIDQualifier(); + + /** + * Define the format of the subjectNameID, which is included in authn-request + * + * + * @return nameIDFormat, of SAML2 'transient' if nothing is defined + */ + public String getSubjectNameIDFormat(); + + /** + * Define a SP specific SAML2 requestID + * + * @return requestID, or null if the requestID should be generated automatically + */ + public String getRequestID(); + + /** + * Defines the 'method' attribute in 'SubjectConformation' element + * + * @return method, or null if no method should set + */ + public String getSubjectConformationMethode(); + + /** + * Define the information, which should be added as 'subjectConformationDate' + * in 'SubjectConformation' element + * + * @return subjectConformation information or null if no subjectConformation should be set + */ + public Element getSubjectConformationDate(); + + +} diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionAttributeExtractorExeption.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionAttributeExtractorExeption.java new file mode 100644 index 00000000..dccb0b22 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionAttributeExtractorExeption.java @@ -0,0 +1,32 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.sp.exception; + +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + +/** + * @author tlenz + * + */ +public class AssertionAttributeExtractorExeption extends PVP2Exception { + + /** + * + */ + private static final long serialVersionUID = -6459000942830951492L; + + public AssertionAttributeExtractorExeption(String attributeName) { + super("Parse PVP2.1 assertion FAILED: Attribute " + attributeName + + " can not extract.", null); + } + + public AssertionAttributeExtractorExeption(String messageId, + Object[] parameters) { + super(messageId, parameters); + } + + public AssertionAttributeExtractorExeption() { + super("Parse PVP2.1 assertion FAILED. Interfederation not possible", null); + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java new file mode 100644 index 00000000..aec71501 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java @@ -0,0 +1,29 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.sp.exception; + +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + +/** + * @author tlenz + * + */ +public class AssertionValidationExeption extends PVP2Exception { + + private static final long serialVersionUID = -3987805399122286259L; + + public AssertionValidationExeption(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * @param string + * @param object + * @param e + */ + public AssertionValidationExeption(String string, Object[] parameters, + Throwable e) { + super(string, parameters, e); + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java new file mode 100644 index 00000000..bdb158b6 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java @@ -0,0 +1,29 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.sp.exception; + +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + +/** + * @author tlenz + * + */ +public class AuthnRequestBuildException extends PVP2Exception { + + /** + * + */ + private static final long serialVersionUID = -1375451065455859354L; + + /** + * @param messageId + * @param parameters + */ + public AuthnRequestBuildException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + public AuthnRequestBuildException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java new file mode 100644 index 00000000..6f11f1c2 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java @@ -0,0 +1,30 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.sp.exception; + +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; + +/** + * @author tlenz + * + */ +public class AuthnResponseValidationException extends PVP2Exception { + + /** + * + */ + private static final long serialVersionUID = 8023812861029406575L; + + /** + * @param messageId + * @param parameters + */ + public AuthnResponseValidationException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + public AuthnResponseValidationException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java new file mode 100644 index 00000000..9b02dc77 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java @@ -0,0 +1,205 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.sp.impl; + +import java.security.NoSuchAlgorithmException; + +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.NameIDPolicy; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.core.SubjectConfirmation; +import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.SecurityException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; + +/** + * @author tlenz + * + */ +@Service("PVPAuthnRequestBuilder") +public class PVPAuthnRequestBuilder { + private static final Logger log = LoggerFactory.getLogger(PVPAuthnRequestBuilder.class); + + + @Autowired(required=true) ApplicationContext springContext; + + + /** + * Build a PVP2.x specific authentication request + * + * @param pendingReq Currently processed pendingRequest + * @param config AuthnRequest builder configuration, never null + * @param idpEntity SAML2 EntityDescriptor of the IDP, which receive this AuthnRequest, never null + * @param httpResp + * @throws NoSuchAlgorithmException + * @throws SecurityException + * @throws PVP2Exception + * @throws MessageEncodingException + */ + public void buildAuthnRequest(IRequest pendingReq, IPVPAuthnRequestBuilderConfiguruation config, + HttpServletResponse httpResp) throws NoSuchAlgorithmException, MessageEncodingException, PVP2Exception, SecurityException { + //get IDP Entity element from config + EntityDescriptor idpEntity = config.getIDPEntityDescriptor(); + + AuthnRequest authReq = SAML2Utils + .createSAMLObject(AuthnRequest.class); + + //select SingleSignOn Service endpoint from IDP metadata + SingleSignOnService endpoint = null; + for (SingleSignOnService sss : + idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { + + // use POST binding as default if it exists + if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + endpoint = sss; + + } else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) + && endpoint == null ) + endpoint = sss; + + } + + if (endpoint == null) { + log.warn("Building AuthnRequest FAILED: > Requested IDP " + idpEntity.getEntityID() + + " does not support POST or Redirect Binding."); + throw new AuthnRequestBuildException("sp.pvp2.00", new Object[]{config.getSPNameForLogging(), idpEntity.getEntityID()}); + + } else + authReq.setDestination(endpoint.getLocation()); + + + //set basic AuthnRequest information + String reqID = config.getRequestID(); + if (StringUtils.isNotEmpty(reqID)) + authReq.setID(reqID); + + else { + SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authReq.setID(gen.generateIdentifier()); + + } + + authReq.setIssueInstant(new DateTime()); + + //set isPassive flag + if (config.isPassivRequest() == null) + authReq.setIsPassive(false); + else + authReq.setIsPassive(config.isPassivRequest()); + + //set EntityID of the service provider + Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + issuer.setFormat(NameIDType.ENTITY); + issuer.setValue(config.getSPEntityID()); + authReq.setIssuer(issuer); + + //set AssertionConsumerService ID + if (config.getAssertionConsumerServiceId() != null) + authReq.setAssertionConsumerServiceIndex(config.getAssertionConsumerServiceId()); + + //set NameIDPolicy + if (config.getNameIDPolicyFormat() != null) { + NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class); + policy.setAllowCreate(config.getNameIDPolicyAllowCreation()); + policy.setFormat(config.getNameIDPolicyFormat()); + authReq.setNameIDPolicy(policy); + } + + //set requested QAA level + if (config.getAuthnContextClassRef() != null) { + RequestedAuthnContext reqAuthContext = SAML2Utils.createSAMLObject(RequestedAuthnContext.class); + AuthnContextClassRef authnClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + + authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRef()); + + if (config.getAuthnContextComparison() == null) + reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); + else + reqAuthContext.setComparison(config.getAuthnContextComparison()); + + reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + authReq.setRequestedAuthnContext(reqAuthContext); + } + + //set request Subject element + if (StringUtils.isNotEmpty(config.getSubjectNameID())) { + Subject reqSubject = SAML2Utils.createSAMLObject(Subject.class); + NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); + + subjectNameID.setValue(config.getSubjectNameID()); + if (StringUtils.isNotEmpty(config.getSubjectNameIDQualifier())) + subjectNameID.setNameQualifier(config.getSubjectNameIDQualifier()); + + if (StringUtils.isNotEmpty(config.getSubjectNameIDFormat())) + subjectNameID.setFormat(config.getSubjectNameIDFormat()); + else + subjectNameID.setFormat(NameID.TRANSIENT); + + reqSubject.setNameID(subjectNameID); + + if (config.getSubjectConformationDate() != null) { + SubjectConfirmation subjectConformation = SAML2Utils.createSAMLObject(SubjectConfirmation.class); + SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class); + subjectConformation.setSubjectConfirmationData(subjectConformDate); + reqSubject.getSubjectConfirmations().add(subjectConformation ); + + if (config.getSubjectConformationMethode() != null) + subjectConformation.setMethod(config.getSubjectConformationMethode()); + + subjectConformDate.setDOM(config.getSubjectConformationDate()); + + } + + authReq.setSubject(reqSubject ); + + } + + //TODO: implement requested attributes + //maybe: config.getRequestedAttributes(); + + //select message encoder + IEncoder binding = null; + if (endpoint.getBinding().equals( + SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class); + + } else if (endpoint.getBinding().equals( + SAMLConstants.SAML2_POST_BINDING_URI)) { + binding = springContext.getBean("PVPPOSTBinding", PostBinding.class); + + } + + //encode message + binding.encodeRequest(null, httpResp, authReq, + endpoint.getLocation(), pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq); + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java new file mode 100644 index 00000000..1674e3fd --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java @@ -0,0 +1,275 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Date; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.AuthnStatement; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.core.Subject; +import org.opensaml.xml.XMLObject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.modules.pvp2.PVPConstants; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; + +public class AssertionAttributeExtractor { + + private static final Logger log = LoggerFactory.getLogger(AssertionAttributeExtractor.class); + + private Assertion assertion = null; + private Map> attributs = new HashMap>(); + //private PersonalAttributeList storkAttributes = new PersonalAttributeList(); + + private final List minimalMDSAttributeNamesList = Arrays.asList( + PVPConstants.PRINCIPAL_NAME_NAME, + PVPConstants.GIVEN_NAME_NAME, + PVPConstants.BIRTHDATE_NAME, + PVPConstants.BPK_NAME); + + private final List minimalIDLAttributeNamesList = Arrays.asList( + PVPConstants.EID_IDENTITY_LINK_NAME, + PVPConstants.EID_SOURCE_PIN_NAME, + PVPConstants.EID_SOURCE_PIN_TYPE_NAME); + + /** + * Parse the SAML2 Response element and extracts included information + *

+ * INFO: Actually, only the first SAML2 Assertion of the SAML2 Response is used! + * + * @param samlResponse SAML2 Response + * @throws AssertionAttributeExtractorExeption + */ + public AssertionAttributeExtractor(StatusResponseType samlResponse) throws AssertionAttributeExtractorExeption { + if (samlResponse != null && samlResponse instanceof Response) { + List assertions = ((Response) samlResponse).getAssertions(); + if (assertions.size() == 0) + throw new AssertionAttributeExtractorExeption("Assertion"); + + else if (assertions.size() > 1) + log.warn("Found more then ONE PVP2.1 assertions. Only the First is used."); + + assertion = assertions.get(0); + + if (assertion.getAttributeStatements() != null && + assertion.getAttributeStatements().size() > 0) { + AttributeStatement attrStat = assertion.getAttributeStatements().get(0); + for (Attribute attr : attrStat.getAttributes()) { + if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) { + List storkAttrValues = new ArrayList(); + for (XMLObject el : attr.getAttributeValues()) + storkAttrValues.add(el.getDOM().getTextContent()); + +// PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), +// false, storkAttrValues , "Available"); +// storkAttributes.put(attr.getName(), storkAttr ); + + } else { + List attrList = new ArrayList(); + for (XMLObject el : attr.getAttributeValues()) + attrList.add(el.getDOM().getTextContent()); + + attributs.put(attr.getName(), attrList); + + } + } + + } + + } else + throw new AssertionAttributeExtractorExeption(); + } + + /** + * Get all SAML2 attributes from first SAML2 AttributeStatement element + * + * @return List of SAML2 Attributes + */ + public List getAllResponseAttributesFromFirstAttributeStatement() { + return assertion.getAttributeStatements().get(0).getAttributes(); + + } + + /** + * Get all SAML2 attributes of specific SAML2 AttributeStatement element + * + * @param attrStatementID List ID of the AttributeStatement element + * @return List of SAML2 Attributes + */ + public List getAllResponseAttributes(int attrStatementID) { + return assertion.getAttributeStatements().get(attrStatementID).getAttributes(); + + } + + /** + * check attributes from assertion with minimal required attribute list + * @return + */ + public boolean containsAllRequiredAttributes() { + return containsAllRequiredAttributes(minimalMDSAttributeNamesList) + || containsAllRequiredAttributes(minimalIDLAttributeNamesList); + + } + + /** + * check attributes from assertion with attributeNameList + * bPK or enc_bPK are always needed + * + * @param List of attributes which are required + * + * @return + */ + public boolean containsAllRequiredAttributes(Collection attributeNameList) { + + //first check if a bPK or an encrypted bPK is available + boolean flag = true; + for (String attr : attributeNameList) { + if (!attributs.containsKey(attr)) { + flag = false; + log.debug("Assertion contains no Attribute " + attr); + + } + + } + + if (flag) + return flag; + + else { + log.debug("Assertion contains no all minimum attributes from: " + attributeNameList.toString()); + return false; + + } + } + + public boolean containsAttribute(String attributeName) { + return attributs.containsKey(attributeName); + + } + + public String getSingleAttributeValue(String attributeName) { + if (attributs.containsKey(attributeName) && attributs.get(attributeName).size() > 0) + return attributs.get(attributeName).get(0); + else + return null; + + } + + public List getAttributeValues(String attributeName) { + return attributs.get(attributeName); + + } + + /** + * Return all include PVP attribute names + * + * @return + */ + public Set getAllIncludeAttributeNames() { + return attributs.keySet(); + + } + +// public PersonalAttributeList getSTORKAttributes() { +// return storkAttributes; +// } + + + public String getNameID() throws AssertionAttributeExtractorExeption { + if (assertion.getSubject() != null) { + Subject subject = assertion.getSubject(); + + if (subject.getNameID() != null) { + if (StringUtils.isNotEmpty(subject.getNameID().getValue())) + return subject.getNameID().getValue(); + + else + log.error("SAML2 NameID Element is empty."); + } + } + + throw new AssertionAttributeExtractorExeption("nameID"); + } + + public String getSessionIndex() throws AssertionAttributeExtractorExeption { + AuthnStatement authn = getAuthnStatement(); + + if (StringUtils.isNotEmpty(authn.getSessionIndex())) + return authn.getSessionIndex(); + + else + throw new AssertionAttributeExtractorExeption("SessionIndex"); + } + + /** + * @return + * @throws AssertionAttributeExtractorExeption + */ + public String getQAALevel() throws AssertionAttributeExtractorExeption { + AuthnStatement authn = getAuthnStatement(); + if (authn.getAuthnContext() != null && authn.getAuthnContext().getAuthnContextClassRef() != null) { + AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef(); + + if (StringUtils.isNotEmpty(qaaClass.getAuthnContextClassRef())) + return qaaClass.getAuthnContextClassRef(); + + else + throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)"); + } + + throw new AssertionAttributeExtractorExeption("AuthnContextClassRef"); + } + + public Assertion getFullAssertion() { + return assertion; + } + + + /** + * Get the Assertion validTo period + * + * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment' element is used. + * If this is empty, this method returns value of SAML 'Conditions' element. + * + * @return Date, until this SAML2 assertion is valid + */ + public Date getAssertionNotOnOrAfter() { + if (getFullAssertion().getAuthnStatements() != null + && getFullAssertion().getAuthnStatements().size() > 0) { + for (AuthnStatement el : getFullAssertion().getAuthnStatements()) { + if (el.getSessionNotOnOrAfter() != null) + return (el.getSessionNotOnOrAfter().toDate()); + } + + } + + return getFullAssertion().getConditions().getNotOnOrAfter().toDate(); + + } + + private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption { + List authnList = assertion.getAuthnStatements(); + if (authnList.size() == 0) + throw new AssertionAttributeExtractorExeption("AuthnStatement"); + + else if (authnList.size() > 1) + log.warn("Found more then ONE AuthnStatements in PVP2.1 assertions. Only the First is used."); + + return authnList.get(0); + } + +} diff --git a/eaaf_modules/pom.xml b/eaaf_modules/pom.xml new file mode 100644 index 00000000..68bc60aa --- /dev/null +++ b/eaaf_modules/pom.xml @@ -0,0 +1,23 @@ + + + 4.0.0 + + at.gv.egiz + eaaf + 1.x + + + at.gv.egiz.eaaf + eaaf_modules + pom + + Modules for EAAF components + + + + eaaf_module_pvp2_core + eaaf_module_pvp2_idp + eaaf_module_pvp2_sp + + + \ No newline at end of file diff --git a/pom.xml b/pom.xml new file mode 100644 index 00000000..54d2fb42 --- /dev/null +++ b/pom.xml @@ -0,0 +1,200 @@ + + + 4.0.0 + at.gv.egiz + eaaf + 1.x + pom + + EGIZ EAAF components + + + + 1.0.0-SNAPSHOT + + + + 0.4 + 0.1 + + 4.3.17.RELEASE + 2.6.6 + 1.4.6 + 1.5.6 + 2.1.2 + 2.1.0.1 + 2.20.1 + 1.7.25 + 1.11 + 3.7 + 1.3 + 4.1 + 1.3.3 + 3.0.1 + 1.7 + 1.3.2 + 1.1.6 + 2.11.0 + 2.7.2 + + + + + + default + + true + + default + + + + + egiz-commons + http://demo.egiz.gv.at/int-repo/ + + true + + + + shibboleth.internet2.edu + Internet2 + https://build.shibboleth.net/nexus/content/groups/public/ + + + + + + + eaaf_core + eaaf_modules + + + + + + at.gv.egiz.components + eventlog-api + ${at.gv.egiz.components.eventlog-api.version} + + + at.gv.egiz.components + egiz-spring-api + ${at.gv.egiz.components.egiz-spring-api} + + + + javax.annotation + javax.annotation-api + ${javax.annotation-api} + + + org.apache.commons + commons-collections4 + ${org.apache.commons-collections4} + + + org.springframework + spring-webmvc + ${org.springframework.version} + + + org.slf4j + slf4j-api + ${org.slf4j.version} + + + org.slf4j + slf4j-log4j12 + ${org.slf4j.version} + + + commons-codec + commons-codec + ${commons-codec.version} + + + org.apache.commons + commons-lang3 + ${org.apache.commons-lang3.version} + + + org.apache.commons + commons-text + ${org.apache.commons-text.version} + + + commons-fileupload + commons-fileupload + ${commons-fileupload.version} + + + org.opensaml + opensaml + ${org.opensaml.version} + + + org.opensaml + xmltooling + ${org.opensaml.xmltooling.version} + + + org.opensaml + openws + ${org.opensaml.openws.version} + + + org.apache.santuario + xmlsec + ${org.apache.santuario.xmlsec.version} + + + org.owasp.esapi + esapi + ${org.owasp.esapi.version} + + + javax.servlet + javax.servlet-api + ${javax.servlet-api} + provided + + + org.apache.velocity + velocity + ${org.apache.velocity.version} + + + jaxen + jaxen + ${jaxen.verion} + + + xerces + xercesImpl + ${xerces.version} + + + xalan + xalan + ${xalan.version} + + + + + + junit + junit + 4.12 + test + + + org.springframework + spring-test + ${org.springframework.version} + test + + + + + \ No newline at end of file -- cgit v1.2.3