From bee5dd259a4438d45ecd1bcc26dfba12875236d6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Tue, 26 Jun 2018 11:03:48 +0200
Subject: initial commit
---
.gitignore | 12 +
eaaf_core/pom.xml | 133 +++
.../gv/egiz/eaaf/core/api/IDestroyableObject.java | 16 +
.../eaaf/core/api/IGarbageCollectorProcessing.java | 16 +
.../eaaf/core/api/IPostStartupInitializable.java | 21 +
.../java/at/gv/egiz/eaaf/core/api/IRequest.java | 234 ++++
.../at/gv/egiz/eaaf/core/api/IRequestStorage.java | 40 +
.../at/gv/egiz/eaaf/core/api/IStatusMessager.java | 49 +
.../eaaf/core/api/data/EAAFConfigConstants.java | 8 +
.../gv/egiz/eaaf/core/api/data/EAAFConstants.java | 42 +
.../eaaf/core/api/data/ExceptionContainer.java | 74 ++
.../egiz/eaaf/core/api/data/ILoALevelMapper.java | 22 +
.../core/api/data/PVPAttributeDefinitions.java | 251 ++++
.../eaaf/core/api/data/XMLNamespaceConstants.java | 474 ++++++++
.../core/api/gui/IGUIBuilderConfiguration.java | 54 +
.../api/gui/IGUIBuilderConfigurationFactory.java | 30 +
.../gv/egiz/eaaf/core/api/gui/IGUIFormBuilder.java | 70 ++
.../api/gui/ModifyableGuiBuilderConfiguration.java | 25 +
.../core/api/idp/EAAFAuthProcessDataConstants.java | 21 +
.../java/at/gv/egiz/eaaf/core/api/idp/IAction.java | 43 +
.../egiz/eaaf/core/api/idp/IAttributeBuilder.java | 32 +
.../eaaf/core/api/idp/IAttributeGenerator.java | 39 +
.../at/gv/egiz/eaaf/core/api/idp/IAuthData.java | 198 ++++
.../core/api/idp/IAuthenticationDataBuilder.java | 14 +
.../gv/egiz/eaaf/core/api/idp/IConfiguration.java | 108 ++
.../at/gv/egiz/eaaf/core/api/idp/IModulInfo.java | 75 ++
.../eaaf/core/api/idp/IPVPAttributeBuilder.java | 9 +
.../egiz/eaaf/core/api/idp/ISPConfiguration.java | 131 +++
.../core/api/idp/auth/IAuthenticationManager.java | 72 ++
.../egiz/eaaf/core/api/idp/auth/ISSOManager.java | 92 ++
.../idp/auth/data/IAuthProcessDataContainer.java | 144 +++
.../eaaf/core/api/idp/auth/data/IIdentityLink.java | 155 +++
.../eaaf/core/api/idp/auth/modules/AuthModule.java | 44 +
.../core/api/idp/process/ExecutionContext.java | 65 +
.../idp/process/ExpressionEvaluationContext.java | 25 +
.../core/api/idp/process/ExpressionEvaluator.java | 27 +
.../eaaf/core/api/idp/process/ProcessEngine.java | 114 ++
.../api/idp/process/ProcessInstanceStoreDAO.java | 47 +
.../at/gv/egiz/eaaf/core/api/idp/process/Task.java | 28 +
.../core/api/idp/slo/ISLOInformationContainer.java | 68 ++
.../core/api/idp/slo/SLOInformationInterface.java | 80 ++
.../eaaf/core/api/logging/IRevisionLogger.java | 38 +
.../eaaf/core/api/logging/IStatisticLogger.java | 20 +
.../eaaf/core/api/storage/ITransactionStorage.java | 114 ++
.../core/exceptions/AttributeBuilderException.java | 13 +
.../core/exceptions/AttributePolicyException.java | 20 +
.../exceptions/AuthnRequestValidatorException.java | 49 +
.../exceptions/EAAFAuthenticationException.java | 21 +
.../eaaf/core/exceptions/EAAFBuilderException.java | 20 +
.../exceptions/EAAFConfigurationException.java | 20 +
.../egiz/eaaf/core/exceptions/EAAFException.java | 45 +
.../eaaf/core/exceptions/EAAFIDPException.java | 17 +
.../core/exceptions/EAAFIllegalStateException.java | 15 +
.../eaaf/core/exceptions/EAAFParserException.java | 20 +
.../core/exceptions/EAAFProtocolException.java | 26 +
.../eaaf/core/exceptions/EAAFSSOException.java | 17 +
.../eaaf/core/exceptions/EAAFStorageException.java | 18 +
.../eaaf/core/exceptions/GUIBuildException.java | 26 +
.../InvalidDateFormatAttributeException.java | 15 +
.../InvalidProtocolRequestException.java | 23 +
.../NoPassivAuthenticationException.java | 18 +
.../core/exceptions/ProcessExecutionException.java | 38 +
.../exceptions/ProtocolNotActiveException.java | 20 +
.../gv/egiz/eaaf/core/exceptions/SLOException.java | 21 +
.../core/exceptions/TaskExecutionException.java | 55 +
.../exceptions/UnavailableAttributeException.java | 22 +
.../egiz/eaaf/core/exceptions/XPathException.java | 68 ++
.../java/at/gv/egiz/eaaf/core/impl/data/Pair.java | 25 +
.../eaaf/core/impl/data/SLOInformationImpl.java | 167 +++
.../at/gv/egiz/eaaf/core/impl/data/Trible.java | 31 +
.../gui/AbstractGUIFormBuilderConfiguration.java | 90 ++
.../core/impl/gui/AbstractGUIFormBuilderImpl.java | 192 +++
.../core/impl/gui/velocity/VelocityLogAdapter.java | 81 ++
.../core/impl/gui/velocity/VelocityProvider.java | 121 ++
.../eaaf/core/impl/idp/AuthenticationData.java | 416 +++++++
.../impl/idp/EAAFCoreSpringResourceProvider.java | 30 +
.../idp/auth/AbstractAuthenticationManager.java | 341 ++++++
.../eaaf/core/impl/idp/auth/RequestStorage.java | 119 ++
.../builder/AbstractAuthenticationDataBuilder.java | 467 ++++++++
.../core/impl/idp/auth/builder/BPKBuilder.java | 302 +++++
.../impl/idp/auth/data/AuthProcessDataWrapper.java | 219 ++++
.../eaaf/core/impl/idp/auth/data/IdentityLink.java | 312 +++++
.../data/SimpleIdentityLinkAssertionParser.java | 326 +++++
.../idp/auth/modules/AbstractAuthServletTask.java | 220 ++++
.../impl/idp/auth/modules/ModuleRegistration.java | 151 +++
.../builder/attributes/BPKAttributeBuilder.java | 55 +
.../attributes/BirthdateAttributeBuilder.java | 40 +
.../builder/attributes/EIDIdentityLinkBuilder.java | 54 +
.../EIDIssuingNationAttributeBuilder.java | 35 +
.../attributes/EIDSectorForIDAttributeBuilder.java | 36 +
.../impl/idp/builder/attributes/EIDSourcePIN.java | 39 +
.../idp/builder/attributes/EIDSourcePINType.java | 33 +
.../EIDeIDASQAALevelAttributeBuilder.java | 31 +
.../attributes/GivenNameAttributeBuilder.java | 26 +
.../attributes/PVPVersionAttributeBuilder.java | 26 +
.../attributes/PrincipalNameAttributeBuilder.java | 26 +
.../impl/idp/conf/AbstractConfigurationImpl.java | 185 +++
.../core/impl/idp/conf/SPConfigurationImpl.java | 163 +++
.../AbstractAuthProtocolModulController.java | 225 ++++
.../impl/idp/controller/AbstractController.java | 354 ++++++
.../AbstractProcessEngineSignalController.java | 97 ++
.../controller/ProtocolFinalizationController.java | 178 +++
.../impl/idp/controller/protocols/RequestImpl.java | 386 ++++++
.../tasks/FinalizeAuthenticationTask.java | 57 +
.../tasks/RestartAuthProzessManagement.java | 92 ++
.../impl/idp/process/ExecutionContextImpl.java | 81 ++
.../process/ExpressionEvaluationContextImpl.java | 46 +
.../impl/idp/process/ProcessDefinitionParser.java | 226 ++++
.../process/ProcessDefinitionParserException.java | 37 +
.../core/impl/idp/process/ProcessEngineImpl.java | 424 +++++++
.../core/impl/idp/process/ProcessInstance.java | 166 +++
.../impl/idp/process/ProcessInstanceState.java | 32 +
.../impl/idp/process/dao/ProcessInstanceStore.java | 75 ++
.../process/dao/ProcessInstanceStoreDAOImpl.java | 73 ++
.../eaaf/core/impl/idp/process/model/EndEvent.java | 44 +
.../impl/idp/process/model/ProcessDefinition.java | 160 +++
.../core/impl/idp/process/model/ProcessNode.java | 71 ++
.../core/impl/idp/process/model/StartEvent.java | 47 +
.../eaaf/core/impl/idp/process/model/TaskInfo.java | 96 ++
.../core/impl/idp/process/model/Transition.java | 138 +++
.../process/spring/SpringExpressionEvaluator.java | 63 +
.../springweb/AbstractAuthSourceServlet.java | 118 ++
.../impl/idp/process/springweb/AbstractTask.java | 101 ++
.../springweb/SpringWebExpressionEvaluator.java | 145 +++
.../idp/process/support/SecureRandomHolder.java | 37 +
.../core/impl/logging/DummyRevisionsLogger.java | 52 +
.../core/impl/logging/DummyStatisticLogger.java | 43 +
.../at/gv/egiz/eaaf/core/impl/utils/DOMUtils.java | 1243 ++++++++++++++++++++
.../egiz/eaaf/core/impl/utils/DataURLBuilder.java | 113 ++
.../core/impl/utils/EAAFDomEntityResolver.java | 104 ++
.../at/gv/egiz/eaaf/core/impl/utils/FileUtils.java | 142 +++
.../at/gv/egiz/eaaf/core/impl/utils/HTTPUtils.java | 178 +++
.../egiz/eaaf/core/impl/utils/KeyStoreUtils.java | 175 +++
.../egiz/eaaf/core/impl/utils/KeyValueUtils.java | 319 +++++
.../eaaf/core/impl/utils/NodeIteratorAdapter.java | 89 ++
.../egiz/eaaf/core/impl/utils/NodeListAdapter.java | 46 +
.../at/gv/egiz/eaaf/core/impl/utils/Random.java | 205 ++++
.../gv/egiz/eaaf/core/impl/utils/ServletUtils.java | 69 ++
.../gv/egiz/eaaf/core/impl/utils/StreamUtils.java | 177 +++
.../eaaf/core/impl/utils/TransactionIDUtils.java | 85 ++
.../gv/egiz/eaaf/core/impl/utils/XPathUtils.java | 523 ++++++++
...iz.components.spring.api.SpringResourceProvider | 1 +
.../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 11 +
eaaf_core/src/main/resources/eaaf_core.beans.xml | 40 +
.../main/resources/process/ProcessDefinition.xsd | 53 +
eaaf_core/src/main/resources/schemas/Core-1.2.xsd | 881 ++++++++++++++
.../src/main/resources/schemas/Core.20020225.xsd | 399 +++++++
.../src/main/resources/schemas/Core.20020831.xsd | 153 +++
.../resources/schemas/ECDSAKeyValue.ancient.xsd | 122 ++
.../main/resources/schemas/ECDSAKeyValue.wrong.xsd | 122 ++
.../src/main/resources/schemas/ECDSAKeyValue.xsd | 122 ++
.../resources/schemas/MOA-ID-Configuration-1.2.xsd | 350 ++++++
.../resources/schemas/MOA-ID-Configuration-1.3.xsd | 424 +++++++
.../schemas/MOA-ID-Configuration-1.4.2.xsd | 616 ++++++++++
.../schemas/MOA-ID-Configuration-1.4.3.xsd | 612 ++++++++++
.../schemas/MOA-ID-Configuration-1.4.7.xsd | 625 ++++++++++
.../resources/schemas/MOA-ID-Configuration-1.4.xsd | 505 ++++++++
.../schemas/MOA-ID-Configuration-1.5.0.xsd | 665 +++++++++++
.../schemas/MOA-ID-Configuration-1.5.1.xsd | 659 +++++++++++
.../schemas/MOA-ID-Configuration-1.5.2.xsd | 757 ++++++++++++
.../src/main/resources/schemas/MOA-SPSS-1.3.xsd | 469 ++++++++
.../src/main/resources/schemas/MOA-SPSS-1.4.7.xsd | 471 ++++++++
.../src/main/resources/schemas/MOA-SPSS-2.0.0.xsd | 572 +++++++++
.../main/resources/schemas/MOA-SPSS-config-1.3.xsd | 253 ++++
.../resources/schemas/MOA-SPSS-config-1.4.3.xsd | 312 +++++
.../resources/schemas/MOA-SPSS-config-1.4.5.xsd | 268 +++++
.../resources/schemas/MOA-SPSS-config-1.4.7.xsd | 268 +++++
.../resources/schemas/MOA-SPSS-config-1.5.1.xsd | 282 +++++
.../resources/schemas/MOA-SPSS-config-2.0.0.xsd | 353 ++++++
.../src/main/resources/schemas/MOAIdentities.xsd | 51 +
.../src/main/resources/schemas/PersonData.xsd | 426 +++++++
.../resources/schemas/PersonData_20_en_moaWID.xsd | 1229 +++++++++++++++++++
.../src/main/resources/schemas/PersonName-1_2.xsd | 115 ++
.../main/resources/schemas/PostalAddress-1_2.xsd | 95 ++
.../main/resources/schemas/TelcomNumber-1_0.xsd | 89 ++
.../src/main/resources/schemas/XAdES-1.1.1.xsd | 545 +++++++++
.../src/main/resources/schemas/XAdES-1.2.2.xsd | 551 +++++++++
.../src/main/resources/schemas/XAdES-1.3.2.xsd | 466 ++++++++
.../src/main/resources/schemas/XAdES-1.4.1.xsd | 15 +
.../main/resources/schemas/XMLSchema-instance.xsd | 37 +
eaaf_core/src/main/resources/schemas/XMLSchema.dtd | 402 +++++++
.../schemas/cs-sstc-schema-assertion-01.xsd | 194 +++
.../schemas/cs-sstc-schema-protocol-01.xsd | 127 ++
eaaf_core/src/main/resources/schemas/datatypes.dtd | 203 ++++
.../resources/schemas/eIDAS_saml_extensions.xsd | 31 +
.../schemas/exclusive-canonicalization.xsd | 22 +
.../schemas/saml-schema-assertion-2.0.xsd | 290 +++++
.../resources/schemas/saml-schema-metadata-2.0.xsd | 323 +++++
.../resources/schemas/saml-schema-protocol-2.0.xsd | 306 +++++
.../main/resources/schemas/sstc-metadata-attr.xsd | 35 +
.../schemas/stork-schema-assertion-1.0.xsd | 80 ++
.../schemas/stork-schema-protocol-1.0.xsd | 73 ++
.../ts_102231v030102_additionaltypes_xsd.xsd | 35 +
.../resources/schemas/ts_102231v030102_sie_xsd.xsd | 81 ++
.../resources/schemas/ts_102231v030102_xsd.xsd | 331 ++++++
.../ts_119612v010201_additionaltypes_xsd.xsd | 35 +
.../resources/schemas/ts_119612v010201_sie_xsd.xsd | 81 ++
.../resources/schemas/ts_119612v010201_xsd.xsd | 337 ++++++
.../src/main/resources/schemas/xenc-schema.xsd | 150 +++
eaaf_core/src/main/resources/schemas/xml.xsd | 83 ++
.../main/resources/schemas/xmldsig-core-schema.xsd | 264 +++++
.../src/main/resources/schemas/xmldsig-filter2.xsd | 38 +
.../core/impl/idp/module/test/TestRequestImpl.java | 257 ++++
.../spring/test/DummyTransactionStorage.java | 165 +++
.../spring/test/ExpressionContextAdapter.java | 54 +
.../impl/idp/process/spring/test/SimplePojo.java | 43 +
.../SpringExpressionAwareProcessEngineTest.java | 153 +++
.../spring/test/SpringExpressionEvaluatorTest.java | 56 +
.../spring/test/task/CreateSAML1AssertionTask.java | 63 +
.../spring/test/task/GetIdentityLinkTask.java | 60 +
.../process/spring/test/task/SelectBKUTask.java | 39 +
.../spring/test/task/SignAuthBlockTask.java | 62 +
.../spring/test/task/ValidateIdentityLinkTask.java | 48 +
.../test/task/ValidateSignedAuthBlockTask.java | 53 +
.../test/BooleanStringExpressionEvaluator.java | 26 +
.../core/impl/idp/process/test/HalloWeltTask.java | 26 +
.../core/impl/idp/process/test/HelloWorldTask.java | 26 +
.../process/test/ProcessDefinitionParserTest.java | 139 +++
.../impl/idp/process/test/ProcessEngineTest.java | 145 +++
eaaf_core/src/test/resources/log4j.xml | 16 +
.../hibernate.configuration.test.properties | 12 +
...mpleProcessDefinitionForSAML1Authentication.xml | 58 +
.../SampleProcessDefinitionWithExpression1.xml | 19 +
...ingExpressionAwareProcessEngineTest-context.xml | 48 +
.../test/SpringExpressionEvaluatorTest-context.xml | 14 +
.../test/task/IdentityLink_Max_Mustermann.xml | 52 +
.../process/spring/test/task/SAML1Assertion.xml | 487 ++++++++
.../process/spring/test/task/SignedAuthBlock.xml | 179 +++
...nvalidProcessDefinition_MultipleStartEvents.xml | 22 +
.../InvalidProcessDefinition_NoStartEvents.xml | 16 +
.../InvalidProcessDefinition_TransitionLoop.xml | 21 +
...dProcessDefinition_TransitionRefsTransition.xml | 19 +
...cessDefinition_TransitionStartsFromEndEvent.xml | 19 +
.../process/test/SampleProcessDefinition1.xml | 18 +
.../process/test/SampleProcessDefinition2.xml | 21 +
eaaf_modules/eaaf_module_pvp2_core/pom.xml | 94 ++
.../PVP2SProfileCoreSpringResourceProvider.java | 30 +
.../at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java | 107 ++
.../egiz/eaaf/modules/pvp2/PVPEventConstants.java | 11 +
.../modules/pvp2/api/IPVP2BasicConfiguration.java | 26 +
.../eaaf/modules/pvp2/api/binding/IDecoder.java | 25 +
.../eaaf/modules/pvp2/api/binding/IEncoder.java | 51 +
.../pvp2/api/message/InboundMessageInterface.java | 18 +
.../metadata/IPVPMetadataBuilderConfiguration.java | 218 ++++
.../metadata/IPVPMetadataConfigurationFactory.java | 11 +
.../pvp2/api/metadata/IPVPMetadataProvider.java | 37 +
.../api/metadata/IRefreshableMetadataProvider.java | 18 +
.../pvp2/api/validation/ISAMLValidator.java | 11 +
.../pvp2/exception/AttributQueryException.java | 24 +
.../exception/BindingNotSupportedException.java | 21 +
.../CredentialsNotAvailableException.java | 24 +
.../pvp2/exception/InvalidDateFormatException.java | 19 +
.../pvp2/exception/InvalidPVPRequestException.java | 16 +
.../NameIDFormatNotSupportedException.java | 22 +
.../exception/NoMetadataInformationException.java | 19 +
.../eaaf/modules/pvp2/exception/PVP2Exception.java | 42 +
.../pvp2/exception/PVP2MetadataException.java | 17 +
.../pvp2/exception/QAANotAllowedException.java | 20 +
.../pvp2/exception/QAANotSupportedException.java | 20 +
.../pvp2/exception/SchemaValidationException.java | 32 +
.../exception/SignatureValidationException.java | 38 +
.../modules/pvp2/impl/binding/PostBinding.java | 211 ++++
.../modules/pvp2/impl/binding/RedirectBinding.java | 215 ++++
.../modules/pvp2/impl/binding/SoapBinding.java | 148 +++
.../pvp2/impl/builder/CitizenTokenBuilder.java | 97 ++
.../pvp2/impl/builder/PVPAttributeBuilder.java | 186 +++
.../pvp2/impl/builder/PVPMetadataBuilder.java | 425 +++++++
.../pvp2/impl/builder/SamlAttributeGenerator.java | 68 ++
.../modules/pvp2/impl/message/InboundMessage.java | 99 ++
.../pvp2/impl/message/PVPSProfileRequest.java | 45 +
.../pvp2/impl/message/PVPSProfileResponse.java | 37 +
.../metadata/AbstractChainingMetadataProvider.java | 446 +++++++
.../pvp2/impl/metadata/MetadataFilterChain.java | 56 +
.../pvp2/impl/metadata/SimpleMetadataProvider.java | 212 ++++
.../opensaml/HTTPPostEncoderWithOwnTemplate.java | 97 ++
.../opensaml/KeyStoreX509CredentialAdapter.java | 32 +
.../opensaml/StringRedirectDeflateEncoder.java | 57 +
.../initialize/EAAFDefaultSAML2Bootstrap.java | 42 +
.../EAAFDefaultSecurityConfigurationBootstrap.java | 132 +++
.../impl/utils/AbstractCredentialProvider.java | 201 ++++
.../modules/pvp2/impl/utils/QAALevelVerifier.java | 41 +
.../eaaf/modules/pvp2/impl/utils/SAML2Utils.java | 125 ++
.../pvp2/impl/validation/EAAFURICompare.java | 36 +
.../pvp2/impl/validation/TrustEngineFactory.java | 41 +
.../metadata/AbstractMetadataSignatureFilter.java | 128 ++
.../metadata/PVPEntityCategoryFilter.java | 211 ++++
.../metadata/SchemaValidationFilter.java | 81 ++
.../AbstractRequestSignedSecurityPolicyRule.java | 171 +++
.../impl/verification/AuthnRequestValidator.java | 45 +
.../verification/PVPAuthRequestSignedRole.java | 29 +
.../verification/PVPSignedRequestPolicyRule.java | 60 +
.../impl/verification/SAMLVerificationEngine.java | 183 +++
...iz.components.spring.api.SpringResourceProvider | 1 +
.../src/main/resources/eaaf_pvp.beans.xml | 30 +
eaaf_modules/eaaf_module_pvp2_idp/pom.xml | 71 ++
.../src/main/java/META-INF/MANIFEST.MF | 3 +
.../idp/PVP2SProfileIDPSpringResourceProvider.java | 30 +
.../idp/api/builder/ISubjectNameIdGenerator.java | 21 +
.../InvalidAssertionConsumerServiceException.java | 30 +
.../InvalidAssertionEncryptionException.java | 18 +
.../pvp2/idp/exception/RequestDeniedException.java | 21 +
.../idp/exception/ResponderErrorException.java | 26 +
.../exception/SAMLRequestNotSignedException.java | 26 +
.../idp/exception/SAMLRequestNotSupported.java | 22 +
.../exception/UnprovideableAttributeException.java | 19 +
.../pvp2/idp/impl/AbstractPVP2XProtocol.java | 537 +++++++++
.../pvp2/idp/impl/AuthenticationAction.java | 154 +++
.../eaaf/modules/pvp2/idp/impl/MetadataAction.java | 99 ++
.../pvp2/idp/impl/PVPSProfilePendingRequest.java | 103 ++
.../pvp2/idp/impl/builder/AuthResponseBuilder.java | 129 ++
.../idp/impl/builder/PVP2AssertionBuilder.java | 448 +++++++
...iz.components.spring.api.SpringResourceProvider | 1 +
.../src/main/resources/eaaf_pvp_idp.beans.xml | 19 +
eaaf_modules/eaaf_module_pvp2_sp/pom.xml | 71 ++
.../src/main/java/META-INF/MANIFEST.MF | 3 +
.../api/IPVPAuthnRequestBuilderConfiguruation.java | 142 +++
.../AssertionAttributeExtractorExeption.java | 32 +
.../sp/exception/AssertionValidationExeption.java | 29 +
.../sp/exception/AuthnRequestBuildException.java | 29 +
.../AuthnResponseValidationException.java | 30 +
.../pvp2/sp/impl/PVPAuthnRequestBuilder.java | 205 ++++
.../sp/impl/utils/AssertionAttributeExtractor.java | 275 +++++
eaaf_modules/pom.xml | 23 +
pom.xml | 200 ++++
324 files changed, 43188 insertions(+)
create mode 100644 .gitignore
create mode 100644 eaaf_core/pom.xml
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IDestroyableObject.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IGarbageCollectorProcessing.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IPostStartupInitializable.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequestStorage.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IStatusMessager.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/EAAFConfigConstants.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/EAAFConstants.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExceptionContainer.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/XMLNamespaceConstants.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIBuilderConfiguration.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIBuilderConfigurationFactory.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIFormBuilder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/ModifyableGuiBuilderConfiguration.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAction.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthenticationDataBuilder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IModulInfo.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IPVPAttributeBuilder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISPConfiguration.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExecutionContext.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluationContext.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluator.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessEngine.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessInstanceStoreDAO.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/Task.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/ISLOInformationContainer.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/SLOInformationInterface.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/logging/IRevisionLogger.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/logging/IStatisticLogger.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributePolicyException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AuthnRequestValidatorException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFAuthenticationException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFConfigurationException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIllegalStateException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFParserException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFProtocolException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFSSOException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFStorageException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/GUIBuildException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/InvalidDateFormatAttributeException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/InvalidProtocolRequestException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/NoPassivAuthenticationException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProcessExecutionException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProtocolNotActiveException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/SLOException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/TaskExecutionException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/XPathException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/Pair.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/SLOInformationImpl.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/Trible.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderImpl.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityLogAdapter.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityProvider.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EAAFCoreSpringResourceProvider.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BPKBuilder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/AbstractAuthServletTask.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/ModuleRegistration.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BPKAttributeBuilder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BirthdateAttributeBuilder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDIdentityLinkBuilder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDIssuingNationAttributeBuilder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSectorForIDAttributeBuilder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePIN.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePINType.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDeIDASQAALevelAttributeBuilder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/GivenNameAttributeBuilder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PVPVersionAttributeBuilder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PrincipalNameAttributeBuilder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SPConfigurationImpl.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractAuthProtocolModulController.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/FinalizeAuthenticationTask.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/RestartAuthProzessManagement.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExpressionEvaluationContextImpl.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessDefinitionParser.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessDefinitionParserException.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessEngineImpl.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessInstance.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessInstanceState.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/dao/ProcessInstanceStore.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/dao/ProcessInstanceStoreDAOImpl.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/EndEvent.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/ProcessDefinition.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/ProcessNode.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/StartEvent.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/TaskInfo.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/model/Transition.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/SpringExpressionEvaluator.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/AbstractAuthSourceServlet.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/AbstractTask.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/DummyRevisionsLogger.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/DummyStatisticLogger.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DOMUtils.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataURLBuilder.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EAAFDomEntityResolver.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HTTPUtils.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ServletUtils.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIDUtils.java
create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/XPathUtils.java
create mode 100644 eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
create mode 100644 eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
create mode 100644 eaaf_core/src/main/resources/eaaf_core.beans.xml
create mode 100644 eaaf_core/src/main/resources/process/ProcessDefinition.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/Core-1.2.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/Core.20020225.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/Core.20020831.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/ECDSAKeyValue.ancient.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/ECDSAKeyValue.wrong.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/ECDSAKeyValue.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.2.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.3.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.2.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.3.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.7.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.1.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.2.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-1.3.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-1.4.7.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-2.0.0.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.3.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.3.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.5.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.7.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.5.1.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOA-SPSS-config-2.0.0.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/MOAIdentities.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/PersonData.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/PersonData_20_en_moaWID.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/PersonName-1_2.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/PostalAddress-1_2.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/TelcomNumber-1_0.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/XAdES-1.1.1.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/XAdES-1.2.2.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/XAdES-1.3.2.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/XAdES-1.4.1.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/XMLSchema-instance.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/XMLSchema.dtd
create mode 100644 eaaf_core/src/main/resources/schemas/cs-sstc-schema-assertion-01.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/cs-sstc-schema-protocol-01.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/datatypes.dtd
create mode 100644 eaaf_core/src/main/resources/schemas/eIDAS_saml_extensions.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/exclusive-canonicalization.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/saml-schema-assertion-2.0.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/saml-schema-metadata-2.0.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/saml-schema-protocol-2.0.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/sstc-metadata-attr.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/stork-schema-assertion-1.0.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/stork-schema-protocol-1.0.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/ts_102231v030102_additionaltypes_xsd.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/ts_102231v030102_sie_xsd.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/ts_102231v030102_xsd.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/ts_119612v010201_sie_xsd.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/ts_119612v010201_xsd.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/xenc-schema.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/xml.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/xmldsig-core-schema.xsd
create mode 100644 eaaf_core/src/main/resources/schemas/xmldsig-filter2.xsd
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/DummyTransactionStorage.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/ExpressionContextAdapter.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SimplePojo.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionAwareProcessEngineTest.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/CreateSAML1AssertionTask.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/GetIdentityLinkTask.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/SelectBKUTask.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/SignAuthBlockTask.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/ValidateIdentityLinkTask.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/task/ValidateSignedAuthBlockTask.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/BooleanStringExpressionEvaluator.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/HalloWeltTask.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/HelloWorldTask.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/ProcessDefinitionParserTest.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/test/ProcessEngineTest.java
create mode 100644 eaaf_core/src/test/resources/log4j.xml
create mode 100644 eaaf_core/src/test/resources/process/hibernate.configuration.test.properties
create mode 100644 eaaf_core/src/test/resources/process/spring/test/SampleProcessDefinitionForSAML1Authentication.xml
create mode 100644 eaaf_core/src/test/resources/process/spring/test/SampleProcessDefinitionWithExpression1.xml
create mode 100644 eaaf_core/src/test/resources/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
create mode 100644 eaaf_core/src/test/resources/process/spring/test/SpringExpressionEvaluatorTest-context.xml
create mode 100644 eaaf_core/src/test/resources/process/spring/test/task/IdentityLink_Max_Mustermann.xml
create mode 100644 eaaf_core/src/test/resources/process/spring/test/task/SAML1Assertion.xml
create mode 100644 eaaf_core/src/test/resources/process/spring/test/task/SignedAuthBlock.xml
create mode 100644 eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_MultipleStartEvents.xml
create mode 100644 eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_NoStartEvents.xml
create mode 100644 eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionLoop.xml
create mode 100644 eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionRefsTransition.xml
create mode 100644 eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionStartsFromEndEvent.xml
create mode 100644 eaaf_core/src/test/resources/process/test/SampleProcessDefinition1.xml
create mode 100644 eaaf_core/src/test/resources/process/test/SampleProcessDefinition2.xml
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/pom.xml
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVP2SProfileCoreSpringResourceProvider.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPEventConstants.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidPVPRequestException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIDFormatNotSupportedException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2Exception.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2MetadataException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotAllowedException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotSupportedException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPMetadataBuilder.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileRequest.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileResponse.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HTTPPostEncoderWithOwnTemplate.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSAML2Bootstrap.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSecurityConfigurationBootstrap.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/SAML2Utils.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EAAFURICompare.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PVPEntityCategoryFilter.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AuthnRequestValidator.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPAuthRequestSignedRole.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPSignedRequestPolicyRule.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SAMLVerificationEngine.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/pom.xml
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/META-INF/MANIFEST.MF
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/PVP2SProfileIDPSpringResourceProvider.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionEncryptionException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/RequestDeniedException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/ResponderErrorException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SAMLRequestNotSignedException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SAMLRequestNotSupported.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/PVPSProfilePendingRequest.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/resources/eaaf_pvp_idp.beans.xml
create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/pom.xml
create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/src/main/java/META-INF/MANIFEST.MF
create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionAttributeExtractorExeption.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java
create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
create mode 100644 eaaf_modules/pom.xml
create mode 100644 pom.xml
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 00000000..16a0a262
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,12 @@
+bin
+gen
+target
+*~
+*.orig
+*.log
+.settings
+.project
+.classpath
+.directory
+.checkstyle
+/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/version.txt
diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml
new file mode 100644
index 00000000..719a1989
--- /dev/null
+++ b/eaaf_core/pom.xml
@@ -0,0 +1,133 @@
+
+ 4.0.0
+
+ at.gv.egiz
+ eaaf
+ 1.x
+
+
+ at.gv.egiz.eaaf
+ eaaf-core
+ ${egiz.eaaf.version}
+ EAAF core components
+ Core components for identity managment implementations
+
+
+ 2.20.1
+ 1.7.25
+
+
+
+
+
+ at.gv.egiz.components
+ eventlog-api
+
+
+ at.gv.egiz.components
+ egiz-spring-api
+
+
+ javax.annotation
+ javax.annotation-api
+
+
+ org.springframework
+ spring-webmvc
+
+
+ org.slf4j
+ slf4j-api
+
+
+ org.slf4j
+ slf4j-log4j12
+
+
+ commons-codec
+ commons-codec
+
+
+ org.apache.commons
+ commons-lang3
+
+
+ org.apache.commons
+ commons-collections4
+
+
+ org.apache.commons
+ commons-text
+
+
+ commons-fileupload
+ commons-fileupload
+
+
+ javax.servlet
+ javax.servlet-api
+
+
+ org.apache.velocity
+ velocity
+
+
+ jaxen
+ jaxen
+
+
+ xerces
+ xercesImpl
+
+
+ xalan
+ xalan
+
+
+
+ junit
+ junit
+ test
+
+
+ org.springframework
+ spring-test
+ test
+
+
+
+
+ eaaf_core
+
+
+
+ org.apache.maven.plugins
+ maven-compiler-plugin
+ 3.7.0
+
+ 1.8
+ 1.8
+
+
+
+
+
+ maven-surefire-plugin
+ ${surefire.version}
+
+ 1
+ --add-modules java.xml.bind
+
+
+
+ org.apache.maven.surefire
+ surefire-junit47
+ ${surefire.version}
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IDestroyableObject.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IDestroyableObject.java
new file mode 100644
index 00000000..52979cd2
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IDestroyableObject.java
@@ -0,0 +1,16 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IDestroyableObject {
+ /**
+ * Manually deep destroy a Java object with all child objects like timers and threads
+ *
+ */
+ public void fullyDestroy();
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IGarbageCollectorProcessing.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IGarbageCollectorProcessing.java
new file mode 100644
index 00000000..7b153b2e
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IGarbageCollectorProcessing.java
@@ -0,0 +1,16 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IGarbageCollectorProcessing {
+
+ /**
+ * This method gets executed by the MOA garbage collector at regular intervals.
+ *
+ */
+ public void runGarbageCollector();
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IPostStartupInitializable.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IPostStartupInitializable.java
new file mode 100644
index 00000000..f2fae3af
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IPostStartupInitializable.java
@@ -0,0 +1,21 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api;
+
+
+/**
+ *
+ * @author tlenz
+ *
+ * Interface initialize a Object when the MOA-ID-Auth start-up process is fully completed
+ *
+ */
+public interface IPostStartupInitializable {
+
+ /**
+ * This method is called once when MOA-ID-Auth start-up process is fully completed
+ *
+ */
+ public void executeAfterStartup();
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java
new file mode 100644
index 00000000..02070ee1
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java
@@ -0,0 +1,234 @@
+/*******************************************************************************
+ *******************************************************************************/
+/*******************************************************************************
+*
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api;
+
+import java.util.Map;
+
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+
+public interface IRequest {
+
+ /**
+ * Indicates the module, which implements this authentication protocol.
+ * The class, which is referenced, had to implement the 'IModulInfo' interface.
+ *
+ * @return Full-qualified name of the class which implements this protocol
+ */
+ public String requestedModule();
+
+ /**
+ * Indicates the protocol specific action, which should executed if the request is processed.
+ * The class, which is referenced, had to implement the 'IAction' interface.
+ *
+ * @return Full-qualified name of the class which implements the action
+ */
+ public String requestedAction();
+
+ /**
+ * Unique identifier, which indicates the service provider.
+ *
+ * @return Unique identifier for the service provider
+ */
+ public String getSPEntityId();
+
+ /**
+ * Indicates the passive flag in authentication requests.
+ * If the passive flag is set, the identification and authentication process
+ * failed if no active SSO session is found.
+ *
+ * @return true, if the is passive flag is set in authentication request, otherwise false
+ */
+ public boolean isPassiv();
+
+ /**
+ * Indicates the force authentication flag in authentication request
+ * If this flag is set, a new identification and authentication process
+ * is carried out in any case.
+ *
+ * @return true, if the force authentication flag is set, otherwise false
+ */
+ public boolean forceAuth();
+
+
+ /**
+ * Returns a generic request-data object with is stored with a specific identifier
+ *
+ * @param key The specific identifier of the request-data object
+ * @return The request-data object or null if no data is found with this key
+ */
+ public Object getGenericData(String key);
+
+ /**
+ * Returns a generic request-data object with is stored with a specific identifier
+ *
+ * @param key The specific identifier of the request-data object
+ * @param clazz The class type which is stored with this key
+ * @return The request-data object or null if no data is found with this key
+ */
+ public T getGenericData(String key, final Class clazz);
+
+ /**
+ * Store a generic data-object into pending request with a specific identifier
+ *
+ * @param key Identifier for this data-object
+ * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+ * @throws SessionDataStorageException Error message if the data-object can not stored to generic request-data storage
+ */
+ public void setGenericDataToSession(String key, Object object) throws EAAFStorageException;
+
+ /**
+ * Store generic data-objects into pending request with specific identifiers
+ *
+ * @param map Map with Identifiers and values
+ * @throws SessionDataStorageException Error message if the data-object can not stored to generic request-data storage
+ */
+ public void setGenericDataToSession(Map map) throws EAAFStorageException;
+
+
+
+ /**
+ * Get the internal dataStorage map
+ *
+ * @return read-only map of data stored to this pending request
+ */
+ public Map genericFullDataStorage();
+
+ /**
+ * Hold the identifier of this request object.
+ * This identifier can be used to load the request from request storage
+ *
+ * @return Request identifier
+ */
+ public String getPendingRequestId();
+
+
+ /**
+ * Hold the identifier of the SSO-Session which is associated with this request
+ *
+ * @return SSO session-identifier if a associated session exists, otherwise null
+ */
+ public String getSSOSessionIdentifier();
+
+ /**
+ * Set the in SSO session identifier, if an active SSO session exists
+ *
+ * @param internalSSOSessionId
+ */
+ public void setSSOSessionIdentifier(String internalSSOSessionId);
+
+ /**
+ * Holds a unique transaction identifier, which could be used for looging
+ * This transaction identifier is unique for a single identification and authentication process
+ *
+ * @return Unique transaction identifier.
+ */
+ public String getUniqueTransactionIdentifier();
+
+ /**
+ * Holds a unique session identifier, which could be used for logging
+ * This session identifier is unique for the full Single Sign-On session time
+ *
+ * @return Unique session identifier
+ */
+ public String getUniqueSessionIdentifier();
+
+
+ /**
+ * Hold the identifier if the process instance, which is associated with this request
+ *
+ * @return ProcessInstanceID if this request is associated with a authentication process, otherwise null
+ */
+ public String getProcessInstanceId();
+
+
+ /**
+ * get the IDP URL PreFix, which was used for authentication request
+ *
+ * @return IDP URL PreFix . The URL prefix always ends without /
+ */
+ public String getAuthURL();
+ public String getAuthURLWithOutSlash();
+
+ /**
+ * Indicates if this pending request needs authentication
+ *
+ * @return true if this request needs authentication, otherwise false
+ */
+ public boolean isNeedAuthentication();
+
+ /**
+ * Indicates, if this pending request needs Single Sign-On (SSO) functionality
+ *
+ * @return true if this request needs SSO, otherwise false
+ */
+ public boolean needSingleSignOnFunctionality();
+ public void setNeedSingleSignOnFunctionality(boolean needSSO);
+
+
+ /**
+ * Indicates, if this pending request needs an additional user consent
+ *
+ * @return true if this request needs additional user consent, otherwise false
+ */
+ public boolean isNeedUserConsent();
+ public void setNeedUserConsent(boolean needConsent);
+
+ /**
+ * Indicates, if this pending request is already authenticated
+ *
+ * @return true if this request is already authenticated, otherwise false
+ */
+ public boolean isAuthenticated();
+ public void setAuthenticated(boolean isAuthenticated);
+
+ /**
+ * Get get Service-Provider configuration which is associated with this request.
+ *
+ * @return Service-Provider configuration
+ */
+ public ISPConfiguration getServiceProviderConfiguration();
+
+
+ /**
+ * Get get Service-Provider configuration which is associated with this request.
+ *
+ * @return Service-Provider configuration as object
+ */
+ public T getServiceProviderConfiguration(final Class decorator);
+
+
+ /**
+ * Indicates, if this pending-request is aborted by the user
+ *
+ * @return true, if it is aborted, otherwise false
+ */
+ public boolean isAbortedByUser();
+
+ /**
+ * Set the 'isAboredByUser' flag of this pending-request
+ *
+ * @param b true, if the user has abort the authentication process, otherwise false
+ */
+ public void setAbortedByUser(boolean isAborted);
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequestStorage.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequestStorage.java
new file mode 100644
index 00000000..ce526fa8
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequestStorage.java
@@ -0,0 +1,40 @@
+/*******************************************************************************
+ *******************************************************************************/
+/*
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egiz.eaaf.core.api;
+
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IRequestStorage {
+
+ public IRequest getPendingRequest(String pendingReqID);
+
+ public void storePendingRequest(IRequest pendingRequest) throws EAAFException;
+
+ public void removePendingRequest(String requestID);
+
+ public String changePendingRequestID(IRequest pendingRequest) throws EAAFException;
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IStatusMessager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IStatusMessager.java
new file mode 100644
index 00000000..40d86352
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IStatusMessager.java
@@ -0,0 +1,49 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api;
+
+public interface IStatusMessager {
+
+ //internal error codes defined in EAAFCore
+ public static final String CODES_INTERNAL_ERROR_GENERIC = "internal.00";
+ public static final String CODES_INTERNAL_ERROR_AUTH_NOSPCONFIG = "auth.00";
+ public static final String CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID = "auth.26";
+ public static final String CODES_INTERNAL_ERROR_AUTH_TIMEOUT = "auth.28";
+ public static final String CODES_INTERNAL_ERROR_AUTH_USERSTOP = "auth.21";
+ public static final String CODES_INTERNAL_ERROR_AUTH_REQUEST_INVALID = "auth.35";
+
+ public static final String CODES_INTERNAL_ILLEGAL_STATE = "process.03";
+
+ //external error codes defined in EAAFCore
+ public static final String CODES_EXTERNAL_ERROR_GENERIC = "9199";
+ public static final String CODES_EXTERNAL_ERROR_PROCESSENGINE = "1100";
+
+
+ /**
+ * Get the message corresponding to a given message ID.
+ *
+ * @param messageId The ID of the message.
+ * @param parameters The parameters to fill in into the message arguments.
+ * @return The formatted message.
+ */
+ public String getMessage(String messageId, Object[] parameters);
+
+
+ /**
+ * Get external errorCode from from Exception
+ *
+ * @param throwable
+ * @return
+ */
+ public String getResponseErrorCode(Throwable throwable);
+
+
+ /**
+ * Map internal to external errorCode
+ *
+ * @param intErrorCode
+ * @return
+ */
+ public String mapInternalErrorToExternalError(String intErrorCode);
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/EAAFConfigConstants.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/EAAFConfigConstants.java
new file mode 100644
index 00000000..4f35a681
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/EAAFConfigConstants.java
@@ -0,0 +1,8 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.data;
+
+public class EAAFConfigConstants {
+
+ public static final String SERVICE_UNIQUEIDENTIFIER = "uniqueID"; //publicURLPrefix
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/EAAFConstants.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/EAAFConstants.java
new file mode 100644
index 00000000..c9d1263a
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/EAAFConstants.java
@@ -0,0 +1,42 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.data;
+
+
+public class EAAFConstants {
+
+ public static final String CONTENTTYPE_HTML_UTF8 = "text/html; charset=UTF-8";
+
+ //http request parameters for process management
+ public static final String PARAM_HTTP_TARGET_PENDINGREQUESTID = "pendingid";
+ public static final String PARAM_HTTP_ERROR_CODE = "errorid";
+
+
+ public static final String EIDAS_QAA_PREFIX = "http://eidas.europa.eu/LoA/";
+ public static final String EIDAS_QAA_LOW = EIDAS_QAA_PREFIX + "low";
+ public static final String EIDAS_QAA_SUBSTANTIAL = EIDAS_QAA_PREFIX + "substantial";
+ public static final String EIDAS_QAA_HIGH = EIDAS_QAA_PREFIX + "high";
+
+
+ //Austrian specific prefixes for pseudonyms of users
+ public static final String URN_PREFIX = "urn:publicid:gv.at";
+ public static final String URN_PREFIX_BASEID = URN_PREFIX + ":baseid";
+ public static final String URN_PREFIX_CDID = URN_PREFIX + ":cdid+";
+ public static final String URN_PREFIX_BPK = URN_PREFIX_CDID + "bpk";
+ public static final String URN_PREFIX_WBPK = URN_PREFIX + ":wbpk+";
+ public static final String URN_PREFIX_EIDAS = URN_PREFIX + ":eidasid+";
+
+ //Authentication process data_constants
+ public static final String UNIQUESESSIONIDENTIFIER = "eaaf_uniqueSessionIdentifier";
+ public static final String AUTH_DATA_CREATED = "eaaf_authdata_created";
+
+
+ public static final String PROCESS_ENGINE_PREFIX = "PARAMS_";
+ public static final String PROCESS_ENGINE_PENDINGREQUESTID = PROCESS_ENGINE_PREFIX + PARAM_HTTP_TARGET_PENDINGREQUESTID;
+ public static final String PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID = PROCESS_ENGINE_PREFIX + "uniqueSPId";
+ public static final String PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE = PROCESS_ENGINE_PREFIX + "holderofkey_cert";
+
+ public static final int ALLOWED_TIME_JITTER = 5; //minutes
+ public static final String COUNTRYCODE_AUSTRIA = "AT";
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExceptionContainer.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExceptionContainer.java
new file mode 100644
index 00000000..1b16d4c2
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExceptionContainer.java
@@ -0,0 +1,74 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.data;
+
+import java.io.Serializable;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ExceptionContainer implements Serializable {
+
+ private static final long serialVersionUID = 5355860753609684995L;
+ private Throwable exceptionThrown = null;
+ private IRequest pendingReq = null;
+
+
+ /**
+ *
+ */
+ public ExceptionContainer(IRequest pendingReq, Throwable exception) {
+ this.pendingReq = pendingReq;
+ this.exceptionThrown = exception;
+
+ }
+
+ /**
+ * @return the exceptionThrown
+ */
+ public Throwable getExceptionThrown() {
+ return this.exceptionThrown;
+ }
+
+ public IRequest getPendingRequest() {
+ return this.pendingReq;
+
+ }
+
+ /**
+ * @return the uniqueSessionID
+ */
+ public String getUniqueSessionID() {
+ if (this.pendingReq != null)
+ return this.pendingReq.getUniqueSessionIdentifier();
+ else
+ return null;
+ }
+ /**
+ * @return the uniqueTransactionID
+ */
+ public String getUniqueTransactionID() {
+ if (this.pendingReq != null)
+ return this.pendingReq.getUniqueTransactionIdentifier();
+ else
+ return null;
+ }
+
+ /**
+ * @return the uniqueServiceProviderId
+ */
+ public String getUniqueServiceProviderId() {
+ if (this.pendingReq != null &&
+ this.pendingReq.getServiceProviderConfiguration() != null)
+ return this.pendingReq.getServiceProviderConfiguration().getUniqueIdentifier();
+ else
+ return null;
+ }
+
+
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java
new file mode 100644
index 00000000..d4f49916
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java
@@ -0,0 +1,22 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.data;
+
+public interface ILoALevelMapper {
+
+ /**
+ * Map an arbitrary QAA level to eIDAS LoA
+ *
+ * @param qaa, but not null
+ * @return An eIDAS LoA if there is a mapping, otherwise null
+ */
+ public String mapToeIDASLoA(String qaa);
+
+ /**
+ * Map an arbitrary QAA level to PVP SecClass
+ *
+ * @param qaa, but not null
+ * @return An PVP SecClass if there is a mapping, otherwise null
+ */
+ public String mapToSecClass(String qaa);
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java
new file mode 100644
index 00000000..9a439072
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java
@@ -0,0 +1,251 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.data;
+
+public interface PVPAttributeDefinitions {
+
+ public static final String URN_OID_PREFIX = "urn:oid:";
+
+ public static final String PVP_VERSION_OID = "1.2.40.0.10.2.1.1.261.10";
+ public static final String PVP_VERSION_NAME = URN_OID_PREFIX + PVP_VERSION_OID;
+ public static final String PVP_VERSION_FRIENDLY_NAME = "PVP-VERSION";
+ public static final String PVP_VERSION_2_1 = "2.1";
+
+
+ public static final String SECCLASS_OID = "1.2.40.0.10.2.1.1.261.110";
+ public static final String SECCLASS_FRIENDLY_NAME = "SECCLASS";
+ public static final String SECCLASS_NAME = URN_OID_PREFIX + SECCLASS_OID;
+ public static final int SECCLASS_MAX_LENGTH = 128;
+
+ public static final String PRINCIPAL_NAME_OID = "1.2.40.0.10.2.1.1.261.20";
+ public static final String PRINCIPAL_NAME_NAME = URN_OID_PREFIX + PRINCIPAL_NAME_OID;
+ public static final String PRINCIPAL_NAME_FRIENDLY_NAME = "PRINCIPAL-NAME";
+ public static final int PRINCIPAL_NAME_MAX_LENGTH = 128;
+
+ public static final String GIVEN_NAME_OID = "2.5.4.42";
+ public static final String GIVEN_NAME_NAME = URN_OID_PREFIX + GIVEN_NAME_OID;
+ public static final String GIVEN_NAME_FRIENDLY_NAME = "GIVEN-NAME";
+ public static final int GIVEN_NAME_MAX_LENGTH = 128;
+
+ public static final String BIRTHDATE_OID = "1.2.40.0.10.2.1.1.55";
+ public static final String BIRTHDATE_NAME = URN_OID_PREFIX + BIRTHDATE_OID;
+ public static final String BIRTHDATE_FRIENDLY_NAME = "BIRTHDATE";
+ public static final String BIRTHDATE_FORMAT_PATTERN = "yyyy-MM-dd";
+
+ public static final String USERID_OID = "0.9.2342.19200300.100.1.1";
+ public static final String USERID_NAME = URN_OID_PREFIX + USERID_OID;
+ public static final String USERID_FRIENDLY_NAME = "USERID";
+ public static final int USERID_MAX_LENGTH = 128;
+
+ public static final String GID_OID = "1.2.40.0.10.2.1.1.1";
+ public static final String GID_NAME = URN_OID_PREFIX + GID_OID;
+ public static final String GID_FRIENDLY_NAME = "GID";
+ public static final int GID_MAX_LENGTH = 128;
+
+ public static final String BPK_OID = "1.2.40.0.10.2.1.1.149";
+ public static final String BPK_NAME = URN_OID_PREFIX + BPK_OID;
+ public static final String BPK_FRIENDLY_NAME = "BPK";
+ public static final int BPK_MAX_LENGTH = 1024;
+
+ public static final String ENC_BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.22";
+ public static final String ENC_BPK_LIST_NAME = URN_OID_PREFIX+ENC_BPK_LIST_OID;
+ public static final String ENC_BPK_LIST_FRIENDLY_NAME = "ENC-BPK-LIST";
+ public static final int ENC_BPK_LIST_MAX_LENGTH = 32767;
+
+ public static final String MAIL_OID = "0.9.2342.19200300.100.1.3";
+ public static final String MAIL_NAME = URN_OID_PREFIX + MAIL_OID;
+ public static final String MAIL_FRIENDLY_NAME = "MAIL";
+ public static final int MAIL_MAX_LENGTH = 128;
+
+ public static final String TEL_OID = "2.5.4.20";
+ public static final String TEL_NAME = URN_OID_PREFIX + TEL_OID;
+ public static final String TEL_FRIENDLY_NAME = "TEL";
+ public static final int TEL_MAX_LENGTH = 32;
+
+ public static final String PARTICIPANT_ID_OID = "1.2.40.0.10.2.1.1.71";
+ public static final String PARTICIPANT_ID_NAME = URN_OID_PREFIX + PARTICIPANT_ID_OID;
+ public static final String PARTICIPANT_ID_FRIENDLY_NAME = "PARTICIPANT-ID";
+ public static final int PARTICIPANT_MAX_LENGTH = 39;
+
+ public static final String PARTICIPANT_OKZ_OID = "1.2.40.0.10.2.1.1.261.24";
+ public static final String PARTICIPANT_OKZ_NAME = URN_OID_PREFIX + PARTICIPANT_OKZ_OID;
+ public static final String PARTICIPANT_OKZ_FRIENDLY_NAME = "PARTICIPANT-OKZ";
+ public static final int PARTICIPANT_OKZ_MAX_LENGTH = 32;
+
+ public static final String OU_OKZ_OID = "1.2.40.0.10.2.1.1.153";
+ public static final String OU_OKZ_NAME = URN_OID_PREFIX + OU_OKZ_OID;
+ public static final int OU_OKZ_MAX_LENGTH = 32;
+
+ public static final String OU_GV_OU_ID_OID = "1.2.40.0.10.2.1.1.3";
+ public static final String OU_GV_OU_ID_NAME = URN_OID_PREFIX + OU_GV_OU_ID_OID;
+ public static final String OU_GV_OU_ID_FRIENDLY_NAME = "OU-GV-OU-ID";
+ public static final int OU_GV_OU_ID_MAX_LENGTH = 39;
+
+ public static final String OU_OID = "2.5.4.11";
+ public static final String OU_NAME = URN_OID_PREFIX + OU_OID;
+ public static final String OU_FRIENDLY_NAME = "OU";
+ public static final int OU_MAX_LENGTH = 64;
+
+ public static final String FUNCTION_OID = "1.2.40.0.10.2.1.1.33";
+ public static final String FUNCTION_NAME = URN_OID_PREFIX + FUNCTION_OID;
+ public static final String FUNCTION_FRIENDLY_NAME = "FUNCTION";
+ public static final int FUNCTION_MAX_LENGTH = 32;
+
+ public static final String ROLES_OID = "1.2.40.0.10.2.1.1.261.30";
+ public static final String ROLES_NAME = URN_OID_PREFIX + ROLES_OID;
+ public static final String ROLES_FRIENDLY_NAME = "ROLES";
+ public static final int ROLES_MAX_LENGTH = 32767;
+
+ @Deprecated public static final String EID_CITIZEN_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.94";
+ @Deprecated public static final String EID_CITIZEN_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_QAA_LEVEL_OID;
+ @Deprecated public static final String EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-LEVEL";
+
+ public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.108";
+ public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_EIDAS_QAA_LEVEL_OID;
+ public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-EIDAS-LEVEL";
+
+ public static final String EID_ISSUING_NATION_OID = "1.2.40.0.10.2.1.1.261.32";
+ public static final String EID_ISSUING_NATION_NAME = URN_OID_PREFIX + EID_ISSUING_NATION_OID;
+ public static final String EID_ISSUING_NATION_FRIENDLY_NAME = "EID-ISSUING-NATION";
+ public static final int EID_ISSUING_NATION_MAX_LENGTH = 2;
+
+ public static final String EID_SECTOR_FOR_IDENTIFIER_OID = "1.2.40.0.10.2.1.1.261.34";
+ public static final String EID_SECTOR_FOR_IDENTIFIER_NAME = URN_OID_PREFIX + EID_SECTOR_FOR_IDENTIFIER_OID;
+ public static final String EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME = "EID-SECTOR-FOR-IDENTIFIER";
+ public static final int EID_SECTOR_FOR_IDENTIFIER_MAX_LENGTH = 255;
+
+ public static final String EID_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.36";
+ public static final String EID_SOURCE_PIN_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_OID;
+ public static final String EID_SOURCE_PIN_FRIENDLY_NAME = "EID-SOURCE-PIN";
+ public static final int EID_SOURCE_PIN_MAX_LENGTH = 128;
+
+ public static final String EID_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.104";
+ public static final String EID_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_TYPE_OID;
+ public static final String EID_SOURCE_PIN_TYPE_FRIENDLY_NAME = "EID-SOURCE-PIN-TYPE";
+ public static final int EID_SOURCE_PIN_TYPE_MAX_LENGTH = 128;
+
+ public static final String EID_IDENTITY_LINK_OID = "1.2.40.0.10.2.1.1.261.38";
+ public static final String EID_IDENTITY_LINK_NAME = URN_OID_PREFIX + EID_IDENTITY_LINK_OID;
+ public static final String EID_IDENTITY_LINK_FRIENDLY_NAME = "EID-IDENTITY-LINK";
+ public static final int EID_IDENTITY_LINK_MAX_LENGTH = 32767;
+
+ public static final String EID_AUTH_BLOCK_OID = "1.2.40.0.10.2.1.1.261.62";
+ public static final String EID_AUTH_BLOCK_NAME = URN_OID_PREFIX + EID_AUTH_BLOCK_OID;
+ public static final String EID_AUTH_BLOCK_FRIENDLY_NAME = "EID-AUTH-BLOCK";
+ public static final int EID_AUTH_BLOCK_MAX_LENGTH = 32767;
+
+ public static final String EID_CCS_URL_OID = "1.2.40.0.10.2.1.1.261.64";
+ public static final String EID_CCS_URL_NAME = URN_OID_PREFIX + EID_CCS_URL_OID;
+ public static final String EID_CCS_URL_FRIENDLY_NAME = "EID-CCS-URL";
+ public static final int EID_CCS_URL_MAX_LENGTH = 1024;
+
+ public static final String EID_SIGNER_CERTIFICATE_OID = "1.2.40.0.10.2.1.1.261.66";
+ public static final String EID_SIGNER_CERTIFICATE_NAME = URN_OID_PREFIX + EID_SIGNER_CERTIFICATE_OID;
+ public static final String EID_SIGNER_CERTIFICATE_FRIENDLY_NAME = "EID-SIGNER-CERTIFICATE";
+ public static final int EID_SIGNER_CERTIFICATE_MAX_LENGTH = 32767;
+
+ public static final String EID_STORK_TOKEN_OID = "1.2.40.0.10.2.1.1.261.96";
+ public static final String EID_STORK_TOKEN_NAME = URN_OID_PREFIX + EID_STORK_TOKEN_OID;
+ public static final String EID_STORK_TOKEN_FRIENDLY_NAME = "EID-STORK-TOKEN";
+ public static final int EID_STORK_TOKEN_MAX_LENGTH = 32767;
+
+ public static final String MANDATE_TYPE_OID = "1.2.40.0.10.2.1.1.261.68";
+ public static final String MANDATE_TYPE_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID;
+ public static final String MANDATE_TYPE_FRIENDLY_NAME = "MANDATE-TYPE";
+ public static final int MANDATE_TYPE_MAX_LENGTH = 256;
+
+ public static final String MANDATE_TYPE_OID_OID = "1.2.40.0.10.2.1.1.261.106";
+ public static final String MANDATE_TYPE_OID_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID_OID;
+ public static final String MANDATE_TYPE_OID_FRIENDLY_NAME = "MANDATE-TYPE-OID";
+ public static final int MANDATE_TYPE_OID_MAX_LENGTH = 256;
+
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.70";
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_OID;
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN";
+ public static final int MANDATE_NAT_PER_SOURCE_PIN_MAX_LENGTH = 128;
+
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.100";
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_OID;
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN";
+ public static final int MANDATE_LEG_PER_SOURCE_PIN_MAX_LENGTH = 128;
+
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.102";
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID;
+ public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN-TYPE";
+ public static final int MANDATE_NAT_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128;
+
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.76";
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID;
+ public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE";
+ public static final int MANDATE_LEG_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128;
+
+ public static final String MANDATE_NAT_PER_BPK_OID = "1.2.40.0.10.2.1.1.261.98";
+ public static final String MANDATE_NAT_PER_BPK_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_BPK_OID;
+ public static final String MANDATE_NAT_PER_BPK_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-BPK";
+ public static final int MANDATE_NAT_PER_BPK_MAX_LENGTH = 1024;
+
+ public static final String MANDATE_NAT_PER_ENC_BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.72";
+ public static final String MANDATE_NAT_PER_ENC_BPK_LIST_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_ENC_BPK_LIST_OID;
+ public static final String MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-ENC-BPK-LIST";
+ public static final int MANDATE_NAT_PER_ENC_BPK_LIST_MAX_LENGTH = 32767;
+
+ public static final String MANDATE_NAT_PER_GIVEN_NAME_OID = "1.2.40.0.10.2.1.1.261.78";
+ public static final String MANDATE_NAT_PER_GIVEN_NAME_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_GIVEN_NAME_OID;
+ public static final String MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-GIVEN-NAME";
+ public static final int MANDATE_NAT_PER_GIVEN_NAME_MAX_LENGTH = 128;
+
+ public static final String MANDATE_NAT_PER_FAMILY_NAME_OID = "1.2.40.0.10.2.1.1.261.80";
+ public static final String MANDATE_NAT_PER_FAMILY_NAME_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_FAMILY_NAME_OID;
+ public static final String MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-FAMILY-NAME";
+ public static final int MANDATE_NAT_PER_FAMILY_NAME_MAX_LENGTH = 128;
+
+ public static final String MANDATE_NAT_PER_BIRTHDATE_OID = "1.2.40.0.10.2.1.1.261.82";
+ public static final String MANDATE_NAT_PER_BIRTHDATE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_BIRTHDATE_OID;
+ public static final String MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-BIRTHDATE";
+ public static final String MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN = BIRTHDATE_FORMAT_PATTERN;
+
+ public static final String MANDATE_LEG_PER_FULL_NAME_OID = "1.2.40.0.10.2.1.1.261.84";
+ public static final String MANDATE_LEG_PER_FULL_NAME_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_FULL_NAME_OID;
+ public static final String MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-FULL-NAME";
+ public static final int MANDATE_LEG_PER_FULL_NAME_MAX_LENGTH = 256;
+
+ public static final String MANDATE_PROF_REP_OID_OID = "1.2.40.0.10.2.1.1.261.86";
+ public static final String MANDATE_PROF_REP_OID_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_OID_OID;
+ public static final String MANDATE_PROF_REP_OID_FRIENDLY_NAME = "MANDATE-PROF-REP-OID";
+ public static final int MANDATE_PROF_REP_OID_MAX_LENGTH = 256;
+
+ public static final String MANDATE_PROF_REP_DESC_OID = "1.2.40.0.10.2.1.1.261.88";
+ public static final String MANDATE_PROF_REP_DESC_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_DESC_OID;
+ public static final String MANDATE_PROF_REP_DESC_FRIENDLY_NAME = "MANDATE-PROF-REP-DESCRIPTION";
+ public static final int MANDATE_PROF_REP_DESC_MAX_LENGTH = 1024;
+
+ public static final String MANDATE_REFERENCE_VALUE_OID = "1.2.40.0.10.2.1.1.261.90";
+ public static final String MANDATE_REFERENCE_VALUE_NAME = URN_OID_PREFIX + MANDATE_REFERENCE_VALUE_OID;
+ public static final String MANDATE_REFERENCE_VALUE_FRIENDLY_NAME = "MANDATE-REFERENCE-VALUE";
+ public static final int MANDATE_REFERENCE_VALUE_MAX_LENGTH = 100;
+
+ public static final String MANDATE_FULL_MANDATE_OID = "1.2.40.0.10.2.1.1.261.92";
+ public static final String MANDATE_FULL_MANDATE_NAME = URN_OID_PREFIX + MANDATE_FULL_MANDATE_OID;
+ public static final String MANDATE_FULL_MANDATE_FRIENDLY_NAME = "MANDATE-FULL-MANDATE";
+ public static final int MANDATE_FULL_MANDATE_MAX_LENGTH = 32767;
+
+ public static final String INVOICE_RECPT_ID_OID = "1.2.40.0.10.2.1.1.261.40";
+ public static final String INVOICE_RECPT_ID_NAME = URN_OID_PREFIX + INVOICE_RECPT_ID_OID;
+ public static final String INVOICE_RECPT_ID_FRIENDLY_NAME = "INVOICE-RECPT-ID";
+ public static final int INVOICE_RECPT_ID_MAX_LENGTH = 64;
+
+ public static final String COST_CENTER_ID_OID = "1.2.40.0.10.2.1.1.261.50";
+ public static final String COST_CENTER_ID_NAME = URN_OID_PREFIX + COST_CENTER_ID_OID;
+ public static final String COST_CENTER_ID_FRIENDLY_NAME = "COST-CENTER-ID";
+ public static final int COST_CENTER_ID_MAX_LENGTH = 32767;
+
+ public static final String CHARGE_CODE_OID = "1.2.40.0.10.2.1.1.261.60";
+ public static final String CHARGE_CODE_NAME = URN_OID_PREFIX + CHARGE_CODE_OID;
+ public static final String CHARGE_CODE_FRIENDLY_NAME = "CHARGE-CODE";
+ public static final int CHARGE_CODE_MAX_LENGTH = 32767;
+
+ public static final String PVP_HOLDEROFKEY_OID = "1.2.40.0.10.2.1.1.261.xx.xx";
+ public static final String PVP_HOLDEROFKEY_NAME = URN_OID_PREFIX + PVP_HOLDEROFKEY_OID;
+ public static final String PVP_HOLDEROFKEY_FRIENDLY_NAME = "HOLDER-OF-KEY-CERTIFICATE";
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/XMLNamespaceConstants.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/XMLNamespaceConstants.java
new file mode 100644
index 00000000..4ed321bd
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/XMLNamespaceConstants.java
@@ -0,0 +1,474 @@
+/*******************************************************************************
+ *******************************************************************************/
+
+
+package at.gv.egiz.eaaf.core.api.data;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+
+/**
+ * Contains various constants used throughout the system.
+
+ */
+public interface XMLNamespaceConstants {
+ /** Root location of the schema files. */
+ public static final String SCHEMA_ROOT = "/schemas/";
+
+ /** URI of the Widerrufregister XML namespace. */
+ public static final String WRR_NS_URI =
+ "http://reference.e-government.gv.at/namespace/moavv/20041223";
+
+ /** Prefix used for the Widerrufregister XML namespace */
+ public static final String WRR_PREFIX = "wrr";
+
+ /** URI of the StandardTextBlock XML namespace. */
+ public static final String STB_NS_URI =
+ "http://reference.e-government.gv.at/namespace/standardtextblock/20041105#";
+
+ /** Prefix used for the standard text block XML namespace */
+ public static final String STB_PREFIX = "stb";
+
+ /** URI of the MOA XML namespace. */
+ public static final String MOA_NS_URI =
+ "http://reference.e-government.gv.at/namespace/moa/20020822#";
+
+ /** Name of the mandates infobox */
+ public static final String INFOBOXIDENTIFIER_MANDATES = "Mandates";
+
+ /** Prefix used for the Mandate XML namespace */
+ public static final String MD_PREFIX = "md";
+
+ /** URI of the Mandate XML namespace. */
+ public static final String MD_NS_URI =
+ "http://reference.e-government.gv.at/namespace/mandates/20040701#";
+
+ /** Prefix used for the Mandate XML namespace */
+ public static final String MVV_PREFIX = "mvv";
+
+ /** URI of the Mandate XML namespace. */
+ public static final String MVV_NS_URI =
+ "http://reference.e-government.gv.at/namespace/moavv/app2mvv/20041125";
+
+ /** Prefix used for the MandateCheckProfile XML namespace */
+ public static final String MDP_PREFIX = "mdp";
+
+ /** URI of the Mandate XML namespace. */
+ public static final String MDP_NS_URI =
+ "http://reference.e-government.gv.at/namespace/mandateprofile/20041105#";
+
+ /** Prefix used for the MOA XML namespace */
+ public static final String MOA_PREFIX = "moa";
+
+ /** Local location of the MOA XML schema definition. */
+ public static final String MOA_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "MOA-SPSS-2.0.0.xsd";
+
+ /** URI of the MOA configuration XML namespace. */
+ public static final String MOA_CONFIG_NS_URI =
+ "http://reference.e-government.gv.at/namespace/moaconfig/20021122#";
+
+ /** URI of the MOA ID configuration XML namespace. */
+ public static final String MOA_ID_CONFIG_NS_URI =
+ "http://www.buergerkarte.at/namespaces/moaconfig#";
+
+ /** Prefix used for the MOA configuration XML namespace */
+ public static final String MOA_CONFIG_PREFIX = "conf";
+
+ /** Prefix used for the MOA configuration XML namespace */
+ public static final String MOA_ID_CONFIG_PREFIX = "confID";
+
+ /** Local location of the MOA configuration XML schema definition. */
+ public static final String MOA_CONFIG_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "MOA-SPSS-config-2.0.0.xsd";
+
+ /** Local location of the MOA ID configuration XML schema definition. */
+ public static final String MOA_ID_CONFIG_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "MOA-ID-Configuration-1.5.2.xsd";
+
+ /** URI of the Security Layer 1.0 namespace. */
+ public static final String SL10_NS_URI =
+ "http://www.buergerkarte.at/namespaces/securitylayer/20020225#";
+
+ /** Prefix used for the Security Layer 1.0 XML namespace */
+ public static final String SL10_PREFIX = "sl10";
+
+ /** Local location of the Security Layer 1.0 XML schema definition */
+ public static final String SL10_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "Core.20020225.xsd";
+
+ /** URI of the Security Layer 1.1 XML namespace */
+ public static final String SL11_NS_URI =
+ "http://www.buergerkarte.at/namespaces/securitylayer/20020831#";
+
+ /** Prefix used for the Security Layer 1.1 XML namespace */
+ public static final String SL11_PREFIX = "sl11";
+
+ /** Local location of the Security Layer 1.1 XML schema definition */
+ public static final String SL11_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "Core.20020831.xsd";
+
+ /** URI of the Security Layer 1.2 XML namespace */
+ public static final String SL12_NS_URI =
+ "http://www.buergerkarte.at/namespaces/securitylayer/1.2#";
+
+ /** Prefix used for the Security Layer 1.2 XML namespace */
+ public static final String SL12_PREFIX = "sl";
+
+ /** Local location of the Security Layer 1.2 XML schema definition */
+ public static final String SL12_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "Core-1.2.xsd";
+
+ /** URI of the ECDSA XML namespace */
+ public static final String ECDSA_NS_URI =
+ "http://www.w3.org/2001/04/xmldsig-more#";
+
+ /** Prefix used for ECDSA namespace */
+ public static final String ECDSA_PREFIX = "ecdsa";
+
+ /** Local location of ECDSA XML schema definition */
+ public static final String ECDSA_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "ECDSAKeyValue.xsd";
+
+ /** URI of the PersonData XML namespace. */
+ public static final String PD_NS_URI =
+ "http://reference.e-government.gv.at/namespace/persondata/20020228#";
+
+ /** Prefix used for the PersonData XML namespace */
+ public static final String PD_PREFIX = "pr";
+
+// /** Local location of the PersonData XML schema definition */
+// public static final String PD_SCHEMA_LOCATION =
+// SCHEMA_ROOT + "PersonData.xsd";
+
+ /** Local location of the PersonData XML schema definition */
+ public static final String PD_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "PersonData_20_en_moaWID.xsd";
+
+ /** URI of the SAML namespace. */
+ public static final String SAML_NS_URI =
+ "urn:oasis:names:tc:SAML:1.0:assertion";
+
+ /** Prefix used for the SAML XML namespace */
+ public static final String SAML_PREFIX = "saml";
+
+ /** Local location of the SAML XML schema definition. */
+ public static final String SAML_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "cs-sstc-schema-assertion-01.xsd";
+
+ /** URI of the SAML request-response protocol namespace. */
+ public static final String SAMLP_NS_URI =
+ "urn:oasis:names:tc:SAML:1.0:protocol";
+
+ /** Prefix used for the SAML request-response protocol namespace */
+ public static final String SAMLP_PREFIX = "samlp";
+
+ /** Local location of the SAML request-response protocol schema definition. */
+ public static final String SAMLP_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "cs-sstc-schema-protocol-01.xsd";
+
+ /** URI of the XML namespace. */
+ public static final String XML_NS_URI =
+ "http://www.w3.org/XML/1998/namespace";
+
+ /** Prefix used for the XML namespace */
+ public static final String XML_PREFIX = "xml";
+
+ /** Local location of the XML schema definition. */
+ public static final String XML_SCHEMA_LOCATION = SCHEMA_ROOT + "xml.xsd";
+
+ /** URI of the XMLNS namespace */
+ public static final String XMLNS_NS_URI = "http://www.w3.org/2000/xmlns/";
+
+ /** Prefix used for the XSI namespace */
+ public static final String XSI_PREFIX = "xsi";
+
+ /** Local location of the XSI schema definition. */
+ public static final String XSI_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "XMLSchema-instance.xsd";
+
+ /** URI of the XSI XMLNS namespace */
+ public static final String XSI_NS_URI =
+ "http://www.w3.org/2001/XMLSchema-instance";
+
+ /** URI of the XSLT XML namespace */
+ public static final String XSLT_NS_URI =
+ "http://www.w3.org/1999/XSL/Transform";
+
+ /** Prefix used for the XSLT XML namespace */
+ public static final String XSLT_PREFIX = "xsl";
+
+ /** URI of the XMLDSig XML namespace. */
+ public static final String DSIG_NS_URI = "http://www.w3.org/2000/09/xmldsig#";
+
+ /** Prefix used for the XMLDSig XML namespace */
+ public static final String DSIG_PREFIX = "dsig";
+
+ /** Local location of the XMLDSig XML schema. */
+ public static final String DSIG_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "xmldsig-core-schema.xsd";
+
+ /** URI of the XMLDSig XPath Filter XML namespace. */
+ public static final String DSIG_FILTER2_NS_URI =
+ "http://www.w3.org/2002/06/xmldsig-filter2";
+
+ /** Prefix used for the XMLDSig XPath Filter XML namespace */
+ public static final String DSIG_FILTER2_PREFIX = "dsig-filter2";
+
+ /** Local location of the XMLDSig XPath Filter XML schema definition. */
+ public static final String DSIG_FILTER2_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "xmldsig-filter2.xsd";
+
+ /** URI of the Exclusive Canonicalization XML namespace */
+ public static final String DSIG_EC_NS_URI =
+ "http://www.w3.org/2001/10/xml-exc-c14n#";
+
+ /** Prefix used for the Exclusive Canonicalization XML namespace */
+ public static final String DSIG_EC_PREFIX = "ec";
+
+ /** Local location of the Exclusive Canonicalizaion XML schema definition */
+ public static final String DSIG_EC_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "exclusive-canonicalization.xsd";
+
+ /** URI of the XMLLoginParameterResolver Configuration XML namespace */
+ public static final String XMLLPR_NS_URI="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814";
+
+ /** Local location of the XMLLoginParameterResolver Configuration XML schema definition */
+ public static final String XMLLPR_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "MOAIdentities.xsd";
+
+ /** Local location of the XAdES v1.1.1 schema definition */
+ public static final String XADES_1_1_1_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "XAdES-1.1.1.xsd";
+
+ /** URI of the XAdES v1.1.1 namespace */
+ public static final String XADES_1_1_1_NS_URI = "http://uri.etsi.org/01903/v1.1.1#";
+
+ public static final String XADES_1_1_1_NS_PREFIX = "xades111";
+
+ /** Local location of the XAdES v1.2.2 schema definition */
+ public static final String XADES_1_2_2_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "XAdES-1.2.2.xsd";
+
+ /** URI of the XAdES v1.2.2 namespace */
+ public static final String XADES_1_2_2_NS_URI = "http://uri.etsi.org/01903/v1.2.2#";
+
+ public static final String XADES_1_2_2_NS_PREFIX = "xades122";
+
+ /** Local location of the XAdES v1.1.1 schema definition */
+ public static final String XADES_1_3_2_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "XAdES-1.3.2.xsd";
+
+ /** URI of the XAdES v1.3.2 namespace */
+ public static final String XADES_1_3_2_NS_URI = "http://uri.etsi.org/01903/v1.3.2#";
+
+ public static final String XADES_1_3_2_NS_PREFIX = "xades132";
+
+ /** Local location of the XAdES v1.4.1 schema definition */
+ public static final String XADES_1_4_1_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "XAdES-1.4.1.xsd";
+
+ /** URI of the XAdES v1.4.1 namespace */
+ public static final String XADES_1_4_1_NS_URI = "http://uri.etsi.org/01903/v1.4.1#";
+
+ public static final String XADES_1_4_1_NS_PREFIX = "xades141";
+ /** URI of the SAML 2.0 namespace. */
+ public static final String SAML2_NS_URI =
+ "urn:oasis:names:tc:SAML:2.0:assertion";
+
+ /** Prefix used for the SAML 2.0 XML namespace */
+ public static final String SAML2_PREFIX = "saml2";
+
+ /** Local location of the SAML 2.0 XML schema definition. */
+ public static final String SAML2_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "saml-schema-assertion-2.0.xsd";
+
+ /** URI of the SAML 2.0 protocol namespace. */
+ public static final String SAML2P_NS_URI =
+ "urn:oasis:names:tc:SAML:2.0:protocol";
+
+ /** Prefix used for the SAML 2.0 protocol XML namespace */
+ public static final String SAML2P_PREFIX = "saml2p";
+
+ /** Local location of the SAML 2.0 protocol XML schema definition. */
+ public static final String SAML2P_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "saml-schema-protocol-2.0.xsd";
+
+ /** URI of the STORK namespace. */
+ public static final String STORK_NS_URI =
+ "urn:eu:stork:names:tc:STORK:1.0:assertion";
+
+ /** Prefix used for the STORK XML namespace */
+ public static final String STORK_PREFIX = "stork";
+
+ /** Local location of the STORK XML schema definition. */
+ public static final String STORK_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "stork-schema-assertion-1.0.xsd";
+
+ /** URI of the STORK protocol namespace. */
+ public static final String STORKP_NS_URI =
+ "urn:eu:stork:names:tc:STORK:1.0:protocol";
+
+ /** Prefix used for the STORK protocol XML namespace */
+ public static final String STORKP_PREFIX = "storkp";
+
+ /** Local location of the STORK protocol XML schema definition. */
+ public static final String STORKP_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "stork-schema-protocol-1.0.xsd";
+
+ /** URI of the TSL namespace. */
+ public static final String TSL_NS_URI =
+ "http://uri.etsi.org/02231/v2#";
+
+ /** Prefix used for the TSL namespace */
+ public static final String TSL_PREFIX = "tsl1";
+
+ /** Local location of the TSL schema definition. */
+ public static final String TSL_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "ts_119612v010201_xsd.xsd";
+
+ /** URI of the TSL SIE namespace. */
+ public static final String TSL_SIE_NS_URI =
+ "http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#";
+
+ /** Prefix used for the TSL SIE namespace */
+ public static final String TSL_SIE_PREFIX = "tslsie";
+
+ /** Local location of the TSL SIE schema definition. */
+ public static final String TSL_SIE_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "ts_119612v010201_sie_xsd.xsd";
+
+ /** URI of the TSL additional types namespace. */
+ public static final String TSL_ADDTYPES_NS_URI =
+ "http://uri.etsi.org/02231/v2/additionaltypes#";
+
+ /** Prefix used for the TSL additional types namespace */
+ public static final String TSL_ADDTYPES_PREFIX = "tsltype";
+
+ /** Local location of the TSL additional types schema definition. */
+ public static final String TSL_ADDTYPES_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "ts_ts_119612v010201_additionaltypes_xsd.xsd";
+
+ /** URI of the XML Encryption namespace. */
+ public static final String XENC_NS_URI =
+ "http://www.w3.org/2001/04/xmlenc#";
+
+ /** Prefix used for the XML Encryption XML namespace */
+ public static final String XENC_PREFIX = "xenc";
+
+ /** Local location of the XML Encryption XML schema definition. */
+ public static final String XENC_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "xenc-schema.xsd";
+
+ /** Prefix used for the XML Encryption XML namespace */
+ public static final String SAML2_METADATA_PREFIX = "md";
+
+ /** Prefix used for the XML Encryption XML namespace */
+ public static final String SAML2_METADATA_URI = "urn:oasis:names:tc:SAML:2.0:metadata";
+
+ /** Local location of the XML Encryption XML schema definition. */
+ public static final String SAML2_METADATA_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "saml-schema-metadata-2.0.xsd";
+
+
+ /* Prefix and Schema definition for eIDAS specific SAML2 extensions*/
+ public static final String SAML2_eIDAS_EXTENSIONS_PREFIX = "eidas";
+ public static final String SAML2_eIDAS_EXTENSIONS = "http://eidas.europa.eu/saml-extensions";
+ public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd";
+
+
+ /* Prefix and Schema for SAML2 Entity Attributes */
+ public static final String SAML2_MDATTR_EXTENSIONS_PREFIX = "mdattr";
+ public static final String SAML2_MDATTR_EXTENSIONS = "urn:oasis:names:tc:SAML:metadata:attribute";
+ public static final String SAML2_MDATTR_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "sstc-metadata-attr.xsd";
+
+ /**
+ * Contains all namespaces and local schema locations for XML schema
+ * definitions relevant for MOA. For use in validating XML parsers.
+ */
+ public static final String ALL_SCHEMA_LOCATIONS =
+ (MOA_NS_URI + " " + MOA_SCHEMA_LOCATION + " ")
+ + (MOA_CONFIG_NS_URI + " " + MOA_CONFIG_SCHEMA_LOCATION + " ")
+ + (MOA_ID_CONFIG_NS_URI + " " + MOA_ID_CONFIG_SCHEMA_LOCATION + " ")
+ + (SL10_NS_URI + " " + SL10_SCHEMA_LOCATION + " ")
+ + (SL11_NS_URI + " " + SL11_SCHEMA_LOCATION + " ")
+ + (SL12_NS_URI + " " + SL12_SCHEMA_LOCATION + " ")
+ + (ECDSA_NS_URI + " " + ECDSA_SCHEMA_LOCATION + " ")
+ + (PD_NS_URI + " " + PD_SCHEMA_LOCATION + " ")
+ + (SAML_NS_URI + " " + SAML_SCHEMA_LOCATION + " ")
+ + (SAMLP_NS_URI + " " + SAMLP_SCHEMA_LOCATION + " ")
+ + (XML_NS_URI + " " + XML_SCHEMA_LOCATION + " ")
+ + (XSI_NS_URI + " " + XSI_SCHEMA_LOCATION + " ")
+ + (DSIG_NS_URI + " " + DSIG_SCHEMA_LOCATION + " ")
+ + (DSIG_FILTER2_NS_URI + " " + DSIG_FILTER2_SCHEMA_LOCATION + " ")
+ + (DSIG_EC_NS_URI + " " + DSIG_EC_SCHEMA_LOCATION + " ")
+ + (XMLLPR_NS_URI + " " + XMLLPR_SCHEMA_LOCATION + " ")
+ + (XADES_1_1_1_NS_URI + " " + XADES_1_1_1_SCHEMA_LOCATION + " ")
+ + (XADES_1_2_2_NS_URI + " " + XADES_1_2_2_SCHEMA_LOCATION + " ")
+ + (XADES_1_3_2_NS_URI + " " + XADES_1_3_2_SCHEMA_LOCATION + " ")
+ + (XADES_1_4_1_NS_URI + " " + XADES_1_4_1_SCHEMA_LOCATION + " ")
+ + (TSL_NS_URI + " " + TSL_SCHEMA_LOCATION + " ")
+ + (TSL_SIE_NS_URI + " " + TSL_SIE_SCHEMA_LOCATION + " ")
+ + (TSL_ADDTYPES_NS_URI + " " + TSL_ADDTYPES_SCHEMA_LOCATION + " ")
+ + (SAML2_NS_URI + " " + SAML2_SCHEMA_LOCATION + " ")
+ + (SAML2P_NS_URI + " " + SAML2P_SCHEMA_LOCATION + " ")
+ + (STORK_NS_URI + " " + STORK_SCHEMA_LOCATION + " ")
+ + (STORKP_NS_URI + " " + STORKP_SCHEMA_LOCATION + " ")
+ + (SAML2_METADATA_URI + " " + SAML2_METADATA_SCHEMA_LOCATION + " ")
+ + (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION + " ")
+ + (SAML2_eIDAS_EXTENSIONS + " " + SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION + " ")
+ + (SAML2_MDATTR_EXTENSIONS + " " + SAML2_MDATTR_EXTENSIONS_SCHEMA_LOCATION);
+
+
+ /** Security Layer manifest type URI. */
+ public static final String SL_MANIFEST_TYPE_URI =
+ "http://www.buergerkarte.at/specifications/Security-Layer/20020225#SignatureManifest";
+
+ /** URI of the SHA1 digest algorithm */
+ public static final String SHA1_URI =
+ "http://www.w3.org/2000/09/xmldsig#sha1";
+
+ /** URI of the SHA1 digest algorithm */
+ public static final String SHA256_URI =
+ "http://www.w3.org/2000/09/xmldsig#sha256";
+
+ /** URI of the SHA1 digest algorithm */
+ public static final String SHA384_URI =
+ "http://www.w3.org/2000/09/xmldsig#sha384";
+
+ /** URI of the SHA1 digest algorithm */
+ public static final String SHA512_URI =
+ "http://www.w3.org/2000/09/xmldsig#sha512";
+
+ /** URI of the Canonical XML algorithm */
+ public static final String C14N_URI =
+ "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
+
+ /** URI of the Canoncial XML with comments algorithm */
+ public static final String C14N_WITH_COMMENTS_URI =
+ "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";
+
+ /** URI of the Exclusive Canonical XML algorithm */
+ public static final String EXC_C14N_URI =
+ "http://www.w3.org/2001/10/xml-exc-c14n#";
+
+ /** URI of the Exclusive Canonical XML with commments algorithm */
+ public static final String EXC_C14N_WITH_COMMENTS_URI =
+ "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
+
+ /**
+ * A map used to map namespace prefixes to namespace URIs
+ */
+ public static final Map nSMap = Collections.unmodifiableMap(new HashMap(){
+ private static final long serialVersionUID = 3845384324295136490L;
+ {
+ put(XMLNamespaceConstants.SAML_PREFIX, XMLNamespaceConstants.SAML_NS_URI);
+ put(XMLNamespaceConstants.ECDSA_PREFIX, "http://www.w3.org/2001/04/xmldsig-more#");
+ put(XMLNamespaceConstants.DSIG_PREFIX, XMLNamespaceConstants.DSIG_NS_URI);
+ }
+ });
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIBuilderConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIBuilderConfiguration.java
new file mode 100644
index 00000000..80a686f9
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIBuilderConfiguration.java
@@ -0,0 +1,54 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.gui;
+
+import java.io.InputStream;
+import java.util.Map;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IGUIBuilderConfiguration {
+
+
+ /**
+ * Define the name of the template (with suffix) which should be used
+ *
+ * @return templatename, but never null
+ */
+ public String getViewName();
+
+ /**
+ * Define the parameters, which should be evaluated in the template
+ *
+ * @return Map of parameters, which should be added to template
+ */
+ public Map getViewParameters();
+
+
+ /**
+ * Get a specific classpath template-directory prefix, which is used
+ * to load a template from classpath by using ClassLoader.getResourceAsStream(...)
+ *
+ * @return Classpath directory, or null if the default directory should be used
+ */
+ public String getClasspathTemplateDir();
+
+ /**
+ * Get the GUI template with a specific name
+ *
+ * @param viewName Name of the template
+ * @return Tempate as InputStream, or null if default getTemplate method should be used
+ */
+ public InputStream getTemplate(String viewName);
+
+ /**
+ * Get the contentType, which should be set in HTTP response
+ *
+ * DefaultValue: text/html;charset=UTF-8
+ *
+ * @return ContentType, or null if default ContentType should be used.
+ */
+ public String getDefaultContentType();
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIBuilderConfigurationFactory.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIBuilderConfigurationFactory.java
new file mode 100644
index 00000000..0d6b1470
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIBuilderConfigurationFactory.java
@@ -0,0 +1,30 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.gui;
+
+import java.net.MalformedURLException;
+import java.net.URI;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+
+public interface IGUIBuilderConfigurationFactory {
+
+ /**
+ * Get a DefaultGuiBuilderConfiguration to render an error message
+ *
+ * @param authURL PublicURLPrefix of the IDP but never null
+ * @return
+ */
+ public IGUIBuilderConfiguration getDefaultErrorGUI(String authURL);
+
+ /**
+ * @param Current processed pending-request but never null
+ * @param viewName Name of the default template (with suffix) but never null
+ * @param configRootContextDir Path to configuration root directory
+ * @return
+ * @throws MalformedURLException If configRootContextDir is not a valid URI
+ */
+ public IGUIBuilderConfiguration getSPSpecificSAML2PostConfiguration(IRequest pendingReq, String viewName, URI configRootContextDir)
+ throws MalformedURLException;
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIFormBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIFormBuilder.java
new file mode 100644
index 00000000..40238c2b
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGUIFormBuilder.java
@@ -0,0 +1,70 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.gui;
+
+import java.io.InputStream;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.VelocityContext;
+
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IGUIFormBuilder {
+
+ /**
+ * Parse a GUI template, with parameters into a http servlet-response
+ * and use the default http-response content-type.
+ *
+ * The parser use the VelocityEngine as internal template evaluator.
+ *
+ * @param httpResp http-response object
+ * @param viewName Name of the template (with suffix), which should be used.
+ * The template is selected by using the getTemplate(String viewName) method
+ * @param viewParams Map of parameters, which should be added to template
+ * @param loggerName String, which should be used from logger
+ *
+ * @throws GUIBuildException
+ */
+ public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException;
+
+ /**
+ * Parse a GUI template, with parameters into a http servlet-response.
+ *
+ * The parser use the VelocityEngine as internal template evaluator.
+ *
+ * @param httpResp http-response object
+ * @param viewName Name of the template (with suffix), which should be used.
+ * The template is selected by using the getTemplate(String viewName) method
+ * @param viewParams Map of parameters, which should be added to template
+ * @param contentType http-response content-type, which should be set
+ * @param loggerName String, which should be used from logger
+ *
+ * @throws GUIBuildException
+ */
+ void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String contentType,
+ String loggerName) throws GUIBuildException;
+
+
+ /**
+ * Generate a new {@link VelocityContext} and populate it with MOA-ID GUI parameters
+ *
+ * @param config
+ * @return
+ */
+ public VelocityContext generateVelocityContextFromConfiguration(IGUIBuilderConfiguration config);
+
+
+ /**
+ * Load the template from different resources
+ *
+ * @param config
+ * @return An {@link InputStream} but never null. The {@link InputStream} had to be closed be the invoking method
+ * @throws GUIBuildException
+ */
+ public InputStream getTemplateInputStream(IGUIBuilderConfiguration config) throws GUIBuildException;
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/ModifyableGuiBuilderConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/ModifyableGuiBuilderConfiguration.java
new file mode 100644
index 00000000..3183ffad
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/gui/ModifyableGuiBuilderConfiguration.java
@@ -0,0 +1,25 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.gui;
+
+public interface ModifyableGuiBuilderConfiguration {
+
+ /**
+ * Add a key/value pair into Velocity context.
+ * IMPORTANT: external HTML escapetion is required, because it is NOT done internally
+ *
+ * @param key velocity context key
+ * @param value of this key
+ */
+ void putCustomParameterWithOutEscaption(String key, Object value);
+
+ /**
+ * Add a key/value pair into Velocity context.
+ * All parameters get escaped internally
+ *
+ * @param key velocity context key
+ * @param value of this key
+ */
+ void putCustomParameter(String key, String value);
+
+}
\ No newline at end of file
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java
new file mode 100644
index 00000000..f7a9a847
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java
@@ -0,0 +1,21 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp;
+
+public interface EAAFAuthProcessDataConstants {
+
+ public static final String GENERIC_PREFIX = "generic_";
+
+ public static final String VALUE_ISSUEINSTANT = "direct_issueInstant";
+
+ public static final String FLAG_IS_AUTHENTICATED = "direct_flagIsAuth";
+ public static final String FLAG_IS_FOREIGNER = "direct_flagIsForeigner";
+ public static final String FLAG_USE_MANDATE = "direct_flagUseMandate";
+ public static final String FLAG_IS_ORGANWALTER = "direct_flagOrganwalter";
+
+ public static final String VALUE_IDENTITYLINK = "direct_idl";
+ public static final String VALUE_QAALEVEL = "direct_qaaLevel";
+ public static final String VALUE_MISMANDATE = "direct_MIS_Mandate";
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAction.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAction.java
new file mode 100644
index 00000000..c8d55b96
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAction.java
@@ -0,0 +1,43 @@
+/*******************************************************************************
+ *******************************************************************************/
+/*******************************************************************************
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+
+
+/**
+ * Basic interface of a specific operation that is requested by an authentication protocol implementation
+ *
+ * @author tlenz
+ *
+ */
+public interface IAction {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData)
+ throws EAAFException;
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp);
+
+ public String getDefaultActionName();
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java
new file mode 100644
index 00000000..ded9731c
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java
@@ -0,0 +1,32 @@
+/*******************************************************************************
+ *******************************************************************************/
+/*******************************************************************************
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp;
+
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+
+public interface IAttributeBuilder {
+ public String getName();
+
+ public ATT build(final ISPConfiguration oaParam, final IAuthData authData,
+ final IAttributeGenerator g) throws AttributeBuilderException;
+
+ public ATT buildEmpty(final IAttributeGenerator g);
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java
new file mode 100644
index 00000000..01bb68cc
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java
@@ -0,0 +1,39 @@
+/*******************************************************************************
+ *******************************************************************************/
+/*******************************************************************************
+
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp;
+
+public interface IAttributeGenerator {
+ /**
+ *
+ * @param friendlyName FriendlyName
+ * @param name Name
+ * @param value value
+ * @return
+ */
+ public abstract ATT buildStringAttribute(final String friendlyName, final String name, final String value);
+
+ public abstract ATT buildIntegerAttribute(final String friendlyName, final String name, final int value);
+
+ public abstract ATT buildLongAttribute(final String friendlyName, final String name, final long value);
+
+ public abstract ATT buildEmptyAttribute(final String friendlyName, final String name);
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
new file mode 100644
index 00000000..888b6e92
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
@@ -0,0 +1,198 @@
+/*******************************************************************************
+ *******************************************************************************/
+/**
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egiz.eaaf.core.api.idp;
+
+import java.util.Date;
+
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IAuthData {
+
+ /**
+ * BaseId transfer policy
+ *
+ * @return true if baseID transfer to service provider is allowed, otherwise false
+ */
+ boolean isBaseIDTransferRestrication();
+
+ /**
+ * Identifier of the IDP that authenicates the user
+ *
+ * @return
+ */
+ String getAuthenticationIssuer();
+
+ /**
+ * Timestamp of the authentication process
+ *
+ * @return
+ */
+ Date getAuthenticationIssueInstant();
+
+ /**
+ * Get string formated timestamp of the authentication process
+ *
+ * @return
+ */
+ String getAuthenticationIssueInstantString();
+
+
+ /**
+ * Familyname of the user
+ *
+ * @return
+ */
+ String getFamilyName();
+
+ /**
+ * Givenname of the user
+ *
+ * @return
+ */
+ String getGivenName();
+
+ /**
+ * Date of birth of the user
+ *
+ * @return date of birth or null no data of birth is available
+ */
+ Date getDateOfBirth();
+
+ /**
+ * String formated date of birth of the user with pattern yyyy-MM-dd
+ *
+ *
+ * @return date of birth or '2999-12-31' if no data of birth is available
+ */
+ String getFormatedDateOfBirth();
+
+ /**
+ * Get bPK of the user
+ *
+ * @return
+ */
+ String getBPK();
+
+ /**
+ * Get sector for user's bPK
+ *
+ *
+ * @return Sector identifier with prefix
+ */
+ String getBPKType();
+
+ /**
+ * Get baseId of this user
+ *
+ * @return
+ */
+ String getIdentificationValue();
+
+ /**
+ * Get type identifier of the baseId
+ * By default, this type is urn:publicid:gv.at:baseid
+ *
+ * @return
+ */
+ String getIdentificationType();
+
+
+ /**
+ * Get the identityLink for the authenticated user
+ *
+ * @return IDL, or NULL if no IDL is available
+ */
+ IIdentityLink getIdentityLink();
+
+ /**
+ * Return LoA for this user authentication
+ *
+ * @return eIDAS LoA URI
+ */
+ public String getEIDASQAALevel();
+
+
+ /**
+ * Indicates that the user is a foreigner
+ *
+ * @return true if the user is foreigner, otherwise false
+ */
+ boolean isForeigner();
+
+ /**
+ * Code of the citizen country of the authenticated user
+ *
+ * @return
+ */
+ String getCiticenCountryCode();
+
+
+ /**
+ * Indicate that the authentication was done by using an active single sign-on session
+ *
+ * @return true if it an SSO session was used, otherwise false
+ */
+ boolean isSsoSession();
+
+ /**
+ * Date, up to which the SSO that was used for authentication is valid to
+ *
+ * @return
+ */
+ Date getSsoSessionValidTo();
+
+
+ /**
+ * SessionIndex, if it was an reauthentication on a service provider by using the same SSO session
+ *
+ * @return
+ */
+ String getSessionIndex();
+
+ /**
+ * SAML2 NameID for the user
+ *
+ * @return
+ */
+ String getNameID();
+
+ /**
+ * Format of the SAML2 NameID
+ *
+ * @return
+ */
+ String getNameIDFormat();
+
+
+ /**
+ * Get generic information for this authenticated user
+ *
+ * @param key Identifier for the generic data
+ * @param clazz Type of the generic data
+ * @return return the generic data of specific type, otherwise null
+ */
+ public T getGenericData(String key, final Class clazz);
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthenticationDataBuilder.java
new file mode 100644
index 00000000..4bdefb06
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthenticationDataBuilder.java
@@ -0,0 +1,14 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
+
+public interface IAuthenticationDataBuilder {
+
+ IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException;
+
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java
new file mode 100644
index 00000000..6aac90f8
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java
@@ -0,0 +1,108 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp;
+
+import java.net.URI;
+import java.net.URL;
+import java.util.Map;
+import java.util.Properties;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+
+public interface IConfiguration {
+
+ public static final String CONFIG_PROPS_AUTH_DEFAULT_COUNTRYCODE = "configuration.auth.default.countrycode";
+
+ /**
+ * Get a configuration value from file based configuration
+ *
+ * @param key configuration key
+ * @return configuration value or null if it is not found
+ */
+ public String getBasicConfiguration(final String key);
+
+
+ /**
+ * Get a configuration value from file based configuration
+ *
+ * @param key configuration key
+ * @param defaultValue Default value if no value with this key is found
+ * @return configuration value
+ */
+ public String getBasicConfiguration(final String key, final String defaultValue);
+
+ /**
+ * Get a set of configuration values from file based configuration that starts with this prefix
+ *
+ * Important: The configuration values must be of type String!
+ *
+ * @param prefix Prefix of the configuration key
+ * @return Map without prefix, but never null
+ */
+ public Map getBasicMOAIDConfigurationWithPrefix(final String prefix);
+
+
+ /**
+ * Get a boolean value from basic MOA-ID configuration file
+ *
+ * @param key Configuration key
+ * @param defaultValue Default result
+ * @return returns the value of the configuration key, or the default value if the key is not set
+ */
+ public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue);
+
+ /**
+ * Get a configuration entry for a specific Service Provider
+ *
+ * @param uniqueID Unique identifier of the Service Provider
+ * @return
+ * @throws EAAFConfigurationException
+ */
+ public ISPConfiguration getServiceProviderConfiguration(final String uniqueID) throws EAAFConfigurationException;
+
+
+ /**
+ * Get a configuration entry for a specific Service Provider that is decorated by a Object
+ *
+ * @param spIdentifier EntityID of a Service Provider
+ * @param decorator Decorator that should be used to decorate the result.
+ * This decorator has to be implement or extend the {@link ISPConfiguration} interface
+ * @return
+ * @throws EAAFConfigurationException
+ */
+ public T getServiceProviderConfiguration(String spIdentifier, final Class decorator) throws EAAFConfigurationException;
+
+ /**
+ * Get the full configuration properties object
+ *
+ * @return
+ */
+ public Properties getFullConfigurationProperties();
+
+ /**
+ * Get the root directory of the configuration folder
+ *
+ * @return
+ */
+ public URI getConfigurationRootDirectory();
+
+
+ /**
+ * Get the path to EAAFCore configuration that is internally used
+ *
+ * @return
+ */
+ public URI getConfigurationFilePath();
+
+
+ /**
+ * Validate a URL if it it is allowed by configuration.
+ *
+ * @param authReqUrl URL for validation
+ * @return URL of the application context if the authReqUrl was valid, otherwise null
+ */
+ public String validateIDPURL(URL authReqUrl) throws EAAFException;
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IModulInfo.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IModulInfo.java
new file mode 100644
index 00000000..03a761f2
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IModulInfo.java
@@ -0,0 +1,75 @@
+/*******************************************************************************
+ *******************************************************************************/
+/*******************************************************************************
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+
+/**
+ * Basic interface of an authentication protocol implementation on IDP side
+ *
+ * @author tlenz
+ *
+ */
+public interface IModulInfo {
+
+ /**
+ * Name of this IDP authentication module
+ *
+ * @return
+ */
+ public String getName();
+
+ /**
+ * Authentication protocol identifier for this module
+ *
+ * @return
+ */
+ public String getAuthProtocolIdentifier();
+
+ /**
+ * Generates a protocol specific error message
+ *
+ *
+ * @param e Exception that contains the error message
+ * @param request httpRequest object from servlet container
+ * @param response httpResponse object from servlet container
+ * @param protocolRequest incoming protocol request
+ * @return return true if a protocol specific error message was generated, otherwise false
+ * @throws Throwable
+ */
+ public boolean generateErrorMessage(Throwable e,
+ HttpServletRequest request, HttpServletResponse response,
+ IRequest protocolRequest) throws Throwable;
+
+ /**
+ * additional validation of a incoming authentication request
+ *
+ * @param request httpRequest object from servlet container
+ * @param response httpResponse object from servlet container
+ * @param pending incoming protocol request
+ * @return return true if the incoming request is valid, otherwise false
+ */
+ public boolean validate(HttpServletRequest request,
+ HttpServletResponse response, IRequest pending);
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IPVPAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IPVPAttributeBuilder.java
new file mode 100644
index 00000000..33693647
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IPVPAttributeBuilder.java
@@ -0,0 +1,9 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp;
+
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+
+public interface IPVPAttributeBuilder extends PVPAttributeDefinitions, IAttributeBuilder {
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISPConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISPConfiguration.java
new file mode 100644
index 00000000..82e4bd1e
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISPConfiguration.java
@@ -0,0 +1,131 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp;
+
+import java.io.Serializable;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+
+public interface ISPConfiguration extends Serializable {
+
+ public static final String CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL = "configuration.restrictions.baseID.idpProcessing";
+ public static final String CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION = "configuration.restrictions.baseID.spTransmission";
+
+ /**
+ * Get the full key/value configuration for this Service Provider
+ *
+ * @return an unmodifiable map of key/value pairs
+ */
+ public Map getFullConfiguration();
+
+ /**
+ * Get a configuration value from Service Provider key/value configuration
+ *
+ * @param key The key identifier of a configuration value
+ * @return The configuration value {String} or null if the key does not exist
+ */
+ public String getConfigurationValue(String key);
+
+ /**
+ * Get a configuration value from Service Provider key/value configuration
+ *
+ * @param key The key identifier of a configuration value
+ * @param defaultValue Default value if key does not exist
+ * @return The configuration value {String} or defaultValue if the key does not exist
+ */
+ public String getConfigurationValue(String key, String defaultValue);
+
+ /**
+ * Get a boolean configuration value from Service Provider key/value configuration
+ *
+ * @param key The key identifier of a configuration value
+ * @return true / false, or null if the key does not exist
+ */
+ public Boolean isConfigurationValue(String key);
+
+
+ /**
+ * Get a boolean configuration value from Service Provider key/value configuration
+ *
+ * @param key The key identifier of a configuration value
+ * @param defaultValue Default value if key does not exist
+ * @return true / false, or defaultValue if the key does not exist
+ */
+ public boolean isConfigurationValue(String key, boolean defaultValue);
+
+ /**
+ * Check if a configuration key is available in this Service Provider configuration
+ *
+ * @param key The key identifier of a configuration value
+ * @return true if the configuration key exists, otherwise false
+ */
+ boolean containsConfigurationKey(String key);
+
+ /**
+ * Return the unique identifier of this Service Provider
+ *
+ * @return
+ */
+ public String getUniqueIdentifier();
+
+ /**
+ * Return the unique identifier of this Service Provider
+ *
+ * @return
+ */
+ public String getFriendlyName();
+
+ /**
+ * Indicates if this service provider has private area restrictions that disallow baseId processing in general
+ * *
+ * @return true if there is a restriction, otherwise false
+ */
+ public boolean hasBaseIdInternalProcessingRestriction();
+
+
+ /**
+ * Indicates if this service provider has private area restrictions that disallow baseId transfer to SP
+ *
+ * @return true if there is a restriction, otherwise false
+ */
+ public boolean hasBaseIdTransferRestriction();
+
+ /**
+ * Get the {@link List} of identifier's that indicates no baseID processing restriction exists.
+ * This list can be configured by key: "configuration.restrictions.baseID.idpProcessing"
+ *
+ * @return
+ */
+ public List getTargetsWithNoBaseIdInternalProcessingRestriction();
+
+ /**
+ * Get the {@link List} of identifier's that indicates no baseID transfer restriction exists.
+ * This list can be configured by key: "configuration.restrictions.baseID.spTransmission"
+ *
+ * @return
+ */
+ public List getTargetsWithNoBaseIdTransferRestriction();
+
+ /**
+ * Get the minimum eIDAS LoA that is required by this service provider
+ *
+ * {@link EAAFConstants.EIDAS_QAA_LOW}
+ * {@link EAAFConstants.EIDAS_QAA_SUBSTANTIAL}
+ * {@link EAAFConstants.EIDAS_QAA_HIGH}
+ *
+ * @return return eIDAS LoA
+ */
+ public String getMinimumLevelOfAssurence();
+
+ /**
+ * Get the full area-identifier for this service provider to calculate the
+ * area-specific unique person identifier (bPK, wbPK, eIDAS unique identifier, ...).
+ * This identifier always contains the full prefix
+ *
+ * @return area identifier with prefix
+ */
+ public String getAreaSpecificTargetIdentifier();
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java
new file mode 100644
index 00000000..82f87f49
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java
@@ -0,0 +1,72 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.auth;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+
+public interface IAuthenticationManager {
+
+ //TODO
+ public static int EVENT_AUTHENTICATION_PROCESS_FOR_SP = -1;
+ public static int EVENT_AUTHENTICATION_PROCESS_STARTED = -1;
+ public static int EVENT_AUTHENTICATION_PROCESS_FINISHED = -1;
+ public static int EVENT_AUTHENTICATION_PROCESS_ERROR = -1;
+
+
+ /**
+ * Add a request parameter to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext}
+ *
+ * @param httpReqParam http parameter name, but never null
+ */
+ void addParameterNameToWhiteList(String httpReqParam);
+
+ /**
+ * Add a request header to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext}
+ *
+ * @param httpReqParam http header name, but never null
+ */
+ void addHeaderNameToWhiteList(String httpReqParam);
+
+
+ /**
+ * Starts an authentication process for a specific pending request
+ *
+ * @param httpReq http servlet request
+ * @param httpResp http servlet response
+ * @param pendingReq Pending request for that an authentication is required
+ * @return true if the pending request is already authenticated, otherwise false
+ * @throws EAAFException
+ */
+ boolean doAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IRequest pendingReq) throws EAAFException;
+
+ /**
+ * Close an active authenticated session on IDP side
+ *
+ * @param request http servlet request
+ * @param response http servlet response
+ * @param pendingReq ReqPending request for that an authentication session should be closed
+ */
+ void performOnlyIDPLogOut(HttpServletRequest request, HttpServletResponse response, IRequest pendingReq);
+
+
+ /**
+ * Close an active authenticated session on IDP side and get a list authenticated service providers
+ *
+ * @param request http servlet request
+ * @param response http servlet response
+ * @param pendingReq ReqPending request for that an authentication session should be closed
+ * @param internalSSOId internal SSO session identifier
+ * @return A container that contains all active SP sessions
+ * @throws EAAFException
+ */
+ ISLOInformationContainer performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String internalSSOId) throws EAAFException;
+
+
+}
\ No newline at end of file
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java
new file mode 100644
index 00000000..9c7a7320
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java
@@ -0,0 +1,92 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.auth;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException;
+
+public interface ISSOManager {
+
+ //TODO
+ public static int EVENT_SSO_SESSION_INVALID = -1;
+ public static int EVENT_SSO_SESSION_VALID = -1;
+
+
+ public static final String PROCESS_ENGINE_SSO_CONSENTS_EVALUATION = "ssoconsentsevaluation";
+ public static final String AUTH_DATA_SSO_SESSIONID = "eaaf_authdata_sso_sessionId";
+
+
+ /**
+ * Check if there is an active and valid SSO session for the current pending request.
+ *
+ * If there is an active SSO session, the pending request will be populated with eID information from SSO session
+ *
+ * @param pendingReq Current incoming pending request
+ * @param httpReq http Servlet request
+ * @param httpResp http Servlet response
+ * @return true if there is a valid SSO session, otherwise false
+ * @throws EAAFSSOException
+ */
+ public boolean checkAndValidateSSOSession(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp) throws EAAFSSOException;
+
+ /**
+ * Populate service provider specific SSO settings
+ *
+ * Check if Single Sign-On is allowed for the current pending request and the requested service provider
+ *
+ * @param pendingReq Current incoming pending request
+ * @param httpReq http Servlet request
+ * @return true if SSO is allowed for this service provider, otherwise false
+ */
+ public void isSSOAllowedForSP(IRequest pendingReq, HttpServletRequest httpReq);
+
+
+ /**
+ * Populate the current pending request with eID information from an existing SSO session
+ *
+ * @param pendingReq pending request that should be populated by SSO session
+ * @throws EAAFSSOException if pending request contains no SSO information or population failed
+ */
+ public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException;
+
+
+ /**
+ * Destroy an active SSO session on IDP site only
+ *
+ * @param httpReq http servlet request
+ * @param httpResp http servlet response
+ * @param pendingReq
+ * @return true if a SSO session was closed successfully, otherwise false
+ * @throws EAAFSSOException in case of an internal processing error
+ */
+ public boolean destroySSOSessionOnIDPOnly(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) throws EAAFSSOException;
+
+
+
+ // ************************* old ***************************************************
+ String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) throws EAAFSSOException;
+
+
+ void createNewSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInformationInterface sloInformation) throws EAAFSSOException;
+// {
+// internalDBSSOSession = authenticatedSessionStorage.createInternalSSOSession(pendingReq);
+// authenticatedSessionStorage.addSSOInformation(internalDBSSOSession.getSessionID(),
+// newSSOSessionId, sloInformation, pendingReq);
+//
+// }
+
+
+ void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInformationInterface sloInformation) throws EAAFSSOException;
+// {
+// authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(),
+// newSSOSessionId, sloInformation, pendingReq);
+// }
+
+
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
new file mode 100644
index 00000000..743c7797
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
@@ -0,0 +1,144 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.auth.data;
+
+import java.util.Date;
+import java.util.Map;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+
+public interface IAuthProcessDataContainer {
+
+ /**
+ * Returns the issuing time of the AUTH-Block SAML assertion.
+ *
+ * @return The issuing time of the AUTH-Block SAML assertion.
+ */
+ String getIssueInstant();
+
+ /**
+ * Sets the issuing time of the AUTH-Block SAML assertion.
+ *
+ * @param issueInstant
+ * The issueInstant to set.
+ */
+ void setIssueInstant(String issueInstant);
+
+ /**
+ * Indicate if the authentication process is finished
+ *
+ * @return
+ */
+ boolean isAuthenticated();
+
+ /**
+ * Mark the authentication as authenticated, which means that the authenication process is completed
+ *
+ * @param authenticated
+ */
+ void setAuthenticated(boolean authenticated);
+
+ /**
+ * Returns the identityLink.
+ *
+ * @return IdentityLink
+ */
+ IIdentityLink getIdentityLink();
+
+ /**
+ * Sets the identityLink.
+ *
+ * @param identityLink
+ * The identityLink to set
+ */
+ void setIdentityLink(IIdentityLink identityLink);
+
+
+ /**
+ * Indicate that mandates was used in this auth. process
+ *
+ * @return
+ */
+ boolean isMandateUsed();
+
+ /**
+ * Mark that mandates was used in this auth. process
+ *
+ * @param useMandates
+ */
+ void setUseMandates(boolean useMandates);
+
+ /**
+ * Indicate that the auth. process was performed by a foreigner
+ *
+ * @return
+ */
+ boolean isForeigner();
+
+ /**
+ * Mark that the auth. process was done by a foreigner
+ *
+ * @param isForeigner
+ */
+ void setForeigner(boolean isForeigner);
+
+ /**
+ * Indicate that the auth. process was performed by an official representatives
+ *
+ * @return is official representatives
+ */
+ boolean isOW();
+
+ /**
+ * Mark that the auth. process was done by an official representatives
+ *
+ */
+ void setOW(boolean isOW);
+
+ /**
+ * eIDAS QAA level
+ *
+ * @return the qAALevel
+ */
+ String getQAALevel();
+
+ /**
+ * set QAA level in eIDAS form
+ *
+ * @param qAALevel the qAALevel to set
+ */
+ void setQAALevel(String qAALevel);
+
+ /**
+ * @return the sessionCreated
+ */
+ Date getSessionCreated();
+
+ Map getGenericSessionDataStorage();
+
+ /**
+ * Returns a generic session-data object with is stored with a specific identifier
+ *
+ * @param key The specific identifier of the session-data object
+ * @return The session-data object or null if no data is found with this key
+ */
+ Object getGenericDataFromSession(String key);
+
+ /**
+ * Returns a generic session-data object with is stored with a specific identifier
+ *
+ * @param key The specific identifier of the session-data object
+ * @param clazz The class type which is stored with this key
+ * @return The session-data object or null if no data is found with this key
+ */
+ T getGenericDataFromSession(String key, Class clazz);
+
+ /**
+ * Store a generic data-object to session with a specific identifier
+ *
+ * @param key Identifier for this data-object
+ * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+ * @throws EAAFStorageException Error message if the data-object can not stored to generic session-data storage
+ */
+ void setGenericDataToSession(String key, Object object) throws EAAFStorageException;
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java
new file mode 100644
index 00000000..ca1f145d
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java
@@ -0,0 +1,155 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.auth.data;
+
+import java.io.IOException;
+import java.security.PublicKey;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IIdentityLink {
+
+ /**
+ * Returns the dateOfBirth.
+ * @return Calendar
+ */
+ String getDateOfBirth();
+
+ /**
+ * Returns the familyName.
+ * @return String
+ */
+ String getFamilyName();
+
+ /**
+ * Returns the givenName.
+ * @return String
+ */
+ String getGivenName();
+
+ /**
+ * Returns the name.
+ * @return The name.
+ */
+ String getName();
+
+ /**
+ * Returns the identificationValue.
+ * "identificationValue" is the translation of "Stammzahl".
+ * @return String
+ */
+ String getIdentificationValue();
+
+ /**
+ * Returns the identificationType.
+ * "identificationType" type of the identificationValue in the IdentityLink.
+ * @return String
+ */
+ String getIdentificationType();
+
+ /**
+ * Sets the dateOfBirth.
+ * @param dateOfBirth The dateOfBirth to set
+ */
+ void setDateOfBirth(String dateOfBirth);
+
+ /**
+ * Sets the familyName.
+ * @param familyName The familyName to set
+ */
+ void setFamilyName(String familyName);
+
+ /**
+ * Sets the givenName.
+ * @param givenName The givenName to set
+ */
+ void setGivenName(String givenName);
+
+ /**
+ * Sets the identificationValue.
+ * "identificationValue" is the translation of "Stammzahl".
+ * @param identificationValue The identificationValue to set
+ */
+ void setIdentificationValue(String identificationValue);
+
+ /**
+ * Sets the Type of the identificationValue.
+ * @param identificationType The type of identificationValue to set
+ */
+ void setIdentificationType(String identificationType);
+
+ /**
+ * Returns the samlAssertion.
+ * @return Element
+ */
+ Element getSamlAssertion();
+
+ /**
+ * Returns the samlAssertion.
+ * @return Element
+ */
+ String getSerializedSamlAssertion();
+
+ /**
+ * Sets the samlAssertion and the serializedSamlAssertion.
+ * @param samlAssertion The samlAssertion to set
+ */
+ void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException;
+
+ /**
+ * Returns the dsigReferenceTransforms.
+ * @return Element[]
+ */
+ Element[] getDsigReferenceTransforms();
+
+ /**
+ * Sets the dsigReferenceTransforms.
+ * @param dsigReferenceTransforms The dsigReferenceTransforms to set
+ */
+ void setDsigReferenceTransforms(Element[] dsigReferenceTransforms);
+
+ /**
+ * Returns the publicKey.
+ * @return PublicKey[]
+ */
+ PublicKey[] getPublicKey();
+
+ /**
+ * Sets the publicKey.
+ * @param publicKey The publicKey to set
+ */
+ void setPublicKey(PublicKey[] publicKey);
+
+ /**
+ * Returns the prPerson.
+ * @return Element
+ */
+ Element getPrPerson();
+
+ /**
+ * Sets the prPerson.
+ * @param prPerson The prPerson to set
+ */
+ void setPrPerson(Element prPerson);
+
+ /**
+ * Returns the issuing time of the identity link SAML assertion.
+ *
+ * @return The issuing time of the identity link SAML assertion.
+ */
+ String getIssueInstant();
+
+ /**
+ * Sets the issuing time of the identity link SAML assertion.
+ *
+ * @param issueInstant The issueInstant to set.
+ */
+ void setIssueInstant(String issueInstant);
+
+}
\ No newline at end of file
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java
new file mode 100644
index 00000000..d8f15aff
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java
@@ -0,0 +1,44 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.auth.modules;
+
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.impl.idp.process.model.ProcessDefinition;
+
+/**
+ * Provides metadata of a certain module. Uses for module discovery and process selection.
+ */
+public interface AuthModule {
+
+ /**
+ * Returns the priority of the module. The priority defines the order of the respective module within the chain of
+ * discovered modules. Higher priorized modules are asked before lower priorized modules for a process that they can
+ * handle.
+ *
+ * Internal default modules are priorized neutral ({@code 0}. Use a higher priority ({@code 1...Integer.MAX_VALUE})
+ * in order to have your module(s) priorized or a lower priority ({@code Integer.MIN_VALUE...-1}) in order to put
+ * your modules behind default modules.
+ *
+ * @return the priority of the module.
+ */
+ int getPriority();
+
+ /**
+ * Selects a process (description), referenced by its unique id, which is able to perform authentication with the
+ * given {@link ExecutionContext}. Returns {@code null} if no appropriate process (description) was available within
+ * this module.
+ *
+ * @param context
+ * an ExecutionContext for a process.
+ * @return the process-ID of a process which is able to work with the given ExecutionContext, or {@code null}.
+ */
+ String selectProcess(ExecutionContext context);
+
+ /**
+ * Returns the an Array of {@link ProcessDefinition}s of the processes included in this module.
+ *
+ * @return an array of resource uris of the processes included in this module.
+ */
+ String[] getProcessDefinitions();
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExecutionContext.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExecutionContext.java
new file mode 100644
index 00000000..e5e2011b
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExecutionContext.java
@@ -0,0 +1,65 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.process;
+
+import java.io.Serializable;
+import java.util.Set;
+
+/**
+ * Encapsulates data needed for or provided by task execution.
+ *
+ * @author tknall
+ *
+ */
+public interface ExecutionContext extends Serializable {
+
+ /**
+ * Returns the identifier of underlying process instance.
+ *
+ * @return The identifier of the process instance.
+ */
+ String getProcessInstanceId();
+
+ /**
+ * Sets the identifier of underlying process instance.
+ *
+ * @param processInstanceId
+ * The identifier of the process instance.
+ */
+ void setProcessInstanceId(String processInstanceId);
+
+ /**
+ * Stores a serializable object using {@code key}.
+ *
+ * @param key
+ * The key under that the {@code object} should be stored.
+ * @param object The object to be stored.
+ */
+ void put(String key, Serializable object);
+
+ /**
+ * Returns an serializable object stored within this process context using {@code key}.
+ *
+ * @param key
+ * The key that has been used to store the serializable object (may be {@code null}).
+ * @return The object or {@code null} in case the key does not relate to a stored object or the stored object itself
+ * was {@code null}.
+ */
+ Serializable get(String key);
+
+ /**
+ * Removes the object stored using {@code key}.
+ * @param key
+ * The key that has been used to store the serializable object (may be {@code null}).
+ * @return The object that has been removed or {@code null} there was no object stored using {@code key}.
+ */
+ Serializable remove(String key);
+
+ /**
+ * Returns an unmodifiable set containing the stored keys.
+ *
+ * @return The keyset (never {@code null}).
+ */
+ Set keySet();
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluationContext.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluationContext.java
new file mode 100644
index 00000000..6e976422
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluationContext.java
@@ -0,0 +1,25 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.process;
+
+import java.io.Serializable;
+import java.util.Map;
+
+import at.gv.egiz.eaaf.core.impl.idp.process.model.Transition;
+
+/**
+ * Context used for evaluation of condition expressions set for {@linkplain Transition Transitions}.
+ *
+ * @author tknall
+ *
+ */
+public interface ExpressionEvaluationContext extends Serializable {
+
+ /**
+ * Returns the context data map used for expression evaluation.
+ *
+ * @return An unmodifiable map (never {@code null}).
+ */
+ Map getCtx();
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluator.java
new file mode 100644
index 00000000..eda6b3cb
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluator.java
@@ -0,0 +1,27 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.process;
+
+/**
+ * Evaluates a given {@code expression} returning a boolean value.
+ *
+ * @author tknall
+ */
+public interface ExpressionEvaluator {
+
+ /**
+ * Evaluates a given {@code expression} returning a boolean value.
+ *
+ * @param expressionContext
+ * The context which can be used for evaluation of the expression.
+ * @param expression
+ * The expression resulting in a boolean (must not be {@code null}).
+ * @return A boolean value.
+ * @throws IllegalArgumentException
+ * In case of an invalid {@code expression}.
+ * @throws NullPointerException
+ * In case of a {@code null} expression.
+ */
+ boolean evaluate(ExpressionEvaluationContext expressionContext, String expression);
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessEngine.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessEngine.java
new file mode 100644
index 00000000..523eb8dc
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessEngine.java
@@ -0,0 +1,114 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.process;
+
+
+import java.io.InputStream;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.process.ProcessDefinitionParserException;
+import at.gv.egiz.eaaf.core.impl.idp.process.ProcessInstance;
+import at.gv.egiz.eaaf.core.impl.idp.process.model.ProcessDefinition;
+
+/**
+ * Process engine providing means for starting and resuming processes.
+ *
+ * @author tknall
+ */
+public interface ProcessEngine {
+
+ /**
+ * Registers a new process definition. Note that existing definitions with the same identifier will be replaced.
+ *
+ * @param processDefinition
+ * The process definition to be registered.
+ */
+ void registerProcessDefinition(ProcessDefinition processDefinition);
+
+ /**
+ * Registers a new process definition given as {@link InputStream}. Note that existing definitions with the same identifier will be replaced.
+ *
+ * @param processDefinitionInputStream The input stream to the definition to be registered.
+ * @throws ProcessDefinitionParserException Thrown in case of an error parsing the process definition.
+ * @return The process definition's identifier.
+ */
+ String registerProcessDefinition(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException;
+
+ /**
+ * Creates a process instance according to the referenced process definition, persists it into the database and returns it identifier.
+ *
+ * Note that the method returns the identifier of a process instance which will be needed in order to start a process or to continue
+ * process execution after asynchronous task execution (refer to {@link #start(String)} and
+ * {@link #signal(String)} for further information).
+ *
+ * @param processDefinitionId
+ * The identifier of the respective process definition.
+ * @param executionContext The execution context (may be {@code null}).
+ * @return The id of the newly created process instance (never {@code null}).
+ * @throws ProcessExecutionException
+ * Thrown in case of error, e.g. when a {@code processDefinitionId} is referenced that does not exist.
+ */
+ String createProcessInstance(String processDefinitionId, ExecutionContext executionContext) throws ProcessExecutionException;
+
+ /**
+ * Creates a process instance according to the referenced process definition, persists it into the database and returns it identifier.
+ *
+ * Note that the method returns the identifier of a process instance which will be needed in order to start a process or to continue
+ * process execution after asynchronous task execution (refer to {@link #start(String)} and
+ * {@link #signal(String)} for further information).
+ *
+ * @param processDefinitionId
+ * The identifier of the respective process definition.
+ * @return The id of the newly created process instance (never {@code null}).
+ * @throws ProcessExecutionException
+ * Thrown in case of error, e.g. when a {@code processDefinitionId} is referenced that does not exist.
+ */
+ String createProcessInstance(String processDefinitionId) throws ProcessExecutionException;
+
+
+ /**
+ * Delete a process instance
+ *
+ * @param processInstanceId
+ * The identifier of the respective process.
+ * @throws ProcessExecutionException
+ * Thrown in case of error, e.g. when a {@code processInstanceId} is referenced that does not exist.
+ */
+ void deleteProcessInstance(String processInstanceId) throws ProcessExecutionException;
+
+ /**
+ * Returns the process instance with a given {@code processInstanceId}.
+ *
+ * @param processInstanceId
+ * The process instance id.
+ * @return The process instance (never {@code null}).
+ * @throws IllegalArgumentException
+ * In case the process instance does not/no longer exist.
+ * @throws RuntimeException
+ * In case the process instance could not be retrieved from persistence.
+ */
+ ProcessInstance getProcessInstance(String processInstanceId);
+
+ /**
+ * Starts the process using the given {@code pendingReq}.
+ *
+ * @param pendingReq
+ * The protocol request for which a process should be started.
+ * @throws ProcessExecutionException
+ * Thrown in case of error.
+ */
+ void start(IRequest pendingReq) throws ProcessExecutionException;
+
+
+ /**
+ * Resumes process execution after an asynchronous task has been executed.
+ *
+ * @param pendingReq
+ * The process instance id.
+ * @throws ProcessExecutionException
+ * Thrown in case of error.
+ */
+ void signal(IRequest pendingReq) throws ProcessExecutionException;
+
+}
\ No newline at end of file
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessInstanceStoreDAO.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessInstanceStoreDAO.java
new file mode 100644
index 00000000..1242620b
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessInstanceStoreDAO.java
@@ -0,0 +1,47 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.process;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.process.ProcessInstance;
+import at.gv.egiz.eaaf.core.impl.idp.process.dao.ProcessInstanceStore;
+
+public interface ProcessInstanceStoreDAO {
+
+ /**
+ * Stores a {@link ProcessInstance} defined by {@code pIStore} in the
+ * database.
+ *
+ * @param pIStore
+ * the {@link ProcessInstanceStore} to persist.
+ * @throws EAAFStorageException
+ * is thrown if a problem occurs while accessing the database.
+ */
+ void saveOrUpdate(ProcessInstanceStore pIStore) throws EAAFException;
+
+ /**
+ * Returns a {@link ProcessInstanceStore}, defined by
+ * {@code processInstanceID} from the database, or {@code null} if the
+ * object could not be found.
+ *
+ * @param processInstanceId
+ * the id of the {@code ProcessInstanceStore} to retrieve.
+ * @return a ProcessInstanceStore, or {@code null}.
+ * @throws EAAFStorageException
+ * is thrown if a problem occurs while accessing the database.
+ */
+ ProcessInstanceStore load(String processInstanceId) throws EAAFException;
+
+ /**
+ * Deletes the {@link ProcessInstance} corresponding with the
+ * {@code processInstanceId}.
+ *
+ * @param processInstanceId
+ * the id of the {@code ProcessInstance} to be deleted.
+ * @throws EAAFStorageException
+ * is thrown if a problem occurs while accessing the database.
+ */
+ void remove(String processInstanceId) throws EAAFException;
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/Task.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/Task.java
new file mode 100644
index 00000000..ff28b714
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/Task.java
@@ -0,0 +1,28 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.process;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+
+
+/**
+ * Represents a single task to be performed upon process execution.
+ *
+ * @author tknall
+ *
+ */
+public interface Task {
+
+ /**
+ * Executes this task.
+ * @param pendingReq
+ * Provides the current processed protocol request
+ * @param executionContext
+ * Provides execution related information.
+ * @return The pending-request object, because Process-management works recursive
+ * @throws Exception An exception upon task execution.
+ */
+ IRequest execute(IRequest pendingReq, ExecutionContext executionContext) throws TaskExecutionException;
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/ISLOInformationContainer.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/ISLOInformationContainer.java
new file mode 100644
index 00000000..b5798f7b
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/ISLOInformationContainer.java
@@ -0,0 +1,68 @@
+/*******************************************************************************
+ *******************************************************************************/
+/**
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egiz.eaaf.core.api.idp.slo;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map.Entry;
+import java.util.Set;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface ISLOInformationContainer {
+
+ boolean hasFrontChannelOA();
+
+ Set> getFrontChannelOASessionDescriptions();
+
+ void removeFrontChannelOA(String oaID);
+
+ Iterator getNextBackChannelOA();
+
+ SLOInformationInterface getBackChannelOASessionDescripten(String oaID);
+
+ void removeBackChannelOA(String oaID);
+
+ /**
+ * @return the sloRequest
+ */
+ IRequest getSloRequest();
+
+ /**
+ * @param sloRequest the sloRequest to set
+ */
+ void setSloRequest(IRequest sloRequest);
+
+ /**
+ * @return the sloFailedOAs
+ */
+ List getSloFailedOAs();
+
+ void putFailedOA(String oaID);
+
+ public String getTransactionID();
+
+ public String getSessionID();
+}
\ No newline at end of file
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/SLOInformationInterface.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/SLOInformationInterface.java
new file mode 100644
index 00000000..bd630c0a
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/SLOInformationInterface.java
@@ -0,0 +1,80 @@
+/*******************************************************************************
+ *******************************************************************************/
+/**
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egiz.eaaf.core.api.idp.slo;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface SLOInformationInterface{
+
+
+ /**
+ * get AssertionID which was used for Service Provider Single LogOut request
+ *
+ * @return
+ * SessionID (SessionIndex in case of SAML2)
+ */
+ public String getSessionIndex();
+
+ /**
+ * get user identifier which was used
+ *
+ * @return
+ * bPK / wbPK (nameID in case of SAML2)
+ */
+ public String getUserNameIdentifier();
+
+
+ /**
+ * get protocol type which was used for authentication
+ *
+ * @return
+ * return authentication protocol type
+ */
+ public String getProtocolType();
+
+ /**
+ * @return
+ */
+ public String getUserNameIDFormat();
+
+ /**
+ * Get the unique entityID of this Service-Provider
+ *
+ * @return unique identifier, but never null
+ */
+ public String getSpEntityID();
+
+ public String getAuthURL();
+
+ public String getServiceURL();
+
+ public String getBinding();
+
+ public void setUserNameIdentifier(String subjectNameId);
+
+ public void setNameIDFormat(String format);
+
+ public void setSessionIndex(String sessionIndex);
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/logging/IRevisionLogger.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/logging/IRevisionLogger.java
new file mode 100644
index 00000000..ab269694
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/logging/IRevisionLogger.java
@@ -0,0 +1,38 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.logging;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+
+public interface IRevisionLogger {
+
+
+ //TODO:
+ public static final int AUTHPROTOCOL_TYPE = 3000;
+
+ void logEvent(ISPConfiguration oaConfig, int eventCode, String message);
+
+ void logEvent(IRequest pendingRequest, int eventCode);
+
+ void logEvent(IRequest pendingRequest, int eventCode, String message);
+
+ /**
+ * @param sessionCreated
+ * @param uniqueSessionIdentifier
+ */
+ void logEvent(int eventCode, String message);
+
+ /**
+ * @param sessionCreated
+ * @param uniqueSessionIdentifier
+ */
+ void logEvent(String sessionID, String transactionID, int eventCode, String message);
+
+ /**
+ * @param sessionCreated
+ * @param uniqueSessionIdentifier
+ */
+ void logEvent(String sessionID, String transactionID, int eventCode);
+
+}
\ No newline at end of file
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/logging/IStatisticLogger.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/logging/IStatisticLogger.java
new file mode 100644
index 00000000..7774fb22
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/logging/IStatisticLogger.java
@@ -0,0 +1,20 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.logging;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+
+
+
+public interface IStatisticLogger {
+
+ public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession);
+
+ public void logErrorOperation(Throwable throwable);
+
+ public void logErrorOperation(Throwable throwable, IRequest errorRequest);
+
+ public void internalTesting() throws Exception;
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java
new file mode 100644
index 00000000..41c55148
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java
@@ -0,0 +1,114 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.storage;
+
+import java.util.Date;
+import java.util.List;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface ITransactionStorage {
+
+ /**
+ * Check if transaction storage contains a data object with a specific key
+ *
+ * @param key Key, which identifies a data object
+ * @return true if key is found, otherwise false
+ */
+ public boolean containsKey(String key);
+
+ /**
+ * Store a data object with a key to transaction storage
+ *
+ * @param key Id which identifiers the data object
+ * @param value Data object which should be stored.
+ * This data must implement the java.io.Serializable interface
+ * @param timeout_ms Defines the period of time a data object is kept within the storage
+ * @throws EAAFStorageException In case of store operation failed
+ */
+ public void put(String key, Object value, int timeout_ms) throws EAAFException;
+
+ /**
+ * Get a data object from transaction storage
+ *
+ * @param key key Id which identifiers the data object
+ * @return The transaction-data object, or null
+ * @throws EAAFStorageException In case of load operation failed
+ */
+ public Object get(String key) throws EAAFException;
+
+ /**
+ * Get a data object from transaction storage
+ *
+ * @param key Id which identifiers the data object
+ * @param clazz The class type which is stored with this key
+ * @return The transaction-data object from type class, or null
+ * @throws EAAFStorageException In case of load operation failed
+ */
+ public T get(String key, final Class clazz) throws EAAFException;
+
+ /**
+ * Get a data object from transaction storage
+ *
+ * @param key Id which identifiers the data object
+ * @param clazz The class type which is stored with this key
+ * @param Data-object timeout in [ms]
+ * @return The transaction-data object from type class, or null
+ * @throws EAAFStorageException In case of load operation failed
+ */
+ public T get(String key, final Class clazz, long dataTimeOut) throws EAAFException;
+
+
+ /**
+ * Change the key of a data object and store it under the new key
+ *
+ * @param oldKey Old key of the data object
+ * @param newKey New key, which should be used to store the data object
+ * @param value Data object which should be stored
+ * @throws EAAFStorageException In case of store operation failed
+ */
+ public void changeKey(String oldKey, String newKey, Object value) throws EAAFException;
+
+ /**
+ * Remove a data object from transaction storage
+ *
+ * @param key Id which identifiers the data object
+ */
+ public void remove(String key);
+
+ /**
+ * Get all entries for Clean-up the transaction storage
+ *
+ * @param now Current time
+ * @param dataTimeOut Data-object timeout in [ms]
+ * @return List of entry-keys which as a timeout
+ */
+ public List clean(Date now, long dataTimeOut);
+
+
+ /**
+ * Get a raw object from storage by using this key
+ *
+ * @param key
+ * @return
+ * @throws EAAFException
+ */
+ public Object getRaw(String key) throws EAAFException;
+
+
+ /**
+ * Set a raw object to storage
+ *
+ * @param key
+ * @param element
+ * @throws EAAFException
+ */
+ public void putRaw(String key, Object element) throws EAAFException;
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java
new file mode 100644
index 00000000..7e5373be
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java
@@ -0,0 +1,13 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+public class AttributeBuilderException extends EAAFIDPException {
+
+ private static final long serialVersionUID = 1L;
+
+ public AttributeBuilderException(String msg) {
+ super(msg);
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributePolicyException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributePolicyException.java
new file mode 100644
index 00000000..7f484feb
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributePolicyException.java
@@ -0,0 +1,20 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+public class AttributePolicyException extends AttributeBuilderException {
+
+ private static final long serialVersionUID = 1L;
+
+ private String attributeName;
+
+ public AttributePolicyException(String attributeName) {
+ super("Attribute " + attributeName + " is restricted by IDP policy.");
+ this.attributeName = attributeName;
+ }
+
+ public String getAttributeName() {
+ return attributeName;
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AuthnRequestValidatorException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AuthnRequestValidatorException.java
new file mode 100644
index 00000000..c416b8e0
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/AuthnRequestValidatorException.java
@@ -0,0 +1,49 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthnRequestValidatorException extends EAAFProtocolException {
+
+ private IRequest errorRequest = null;
+ protected String statusCodeValue;
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 4939651000658508576L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public AuthnRequestValidatorException(String internalMsgId, Object[] params, String msg) {
+ super(internalMsgId, params, msg);
+
+ }
+
+ public AuthnRequestValidatorException(String internalMsgId, Object[] params, String msg, IRequest errorRequest) {
+ super(internalMsgId, params, msg);
+ this.errorRequest = errorRequest;
+
+ }
+
+ /**
+ * @return the errorRequest
+ */
+ public IRequest getErrorRequest() {
+ return errorRequest;
+ }
+
+ public String getStatusCodeValue() {
+ return statusCodeValue;
+ }
+
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFAuthenticationException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFAuthenticationException.java
new file mode 100644
index 00000000..87176194
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFAuthenticationException.java
@@ -0,0 +1,21 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+public class EAAFAuthenticationException extends EAAFException {
+
+
+
+ private static final long serialVersionUID = -4793625336456467005L;
+
+ public EAAFAuthenticationException(String internalMsgId, Object[] params, String msg) {
+ super(internalMsgId, params, msg);
+
+ }
+
+ public EAAFAuthenticationException(String internalMsgId, Object[] params, String msg, Throwable e) {
+ super(internalMsgId, params, msg, e);
+
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java
new file mode 100644
index 00000000..b58d8b7f
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java
@@ -0,0 +1,20 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+public class EAAFBuilderException extends EAAFException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public EAAFBuilderException(String errorId, Object[] params, String msg) {
+ super(errorId, params, msg);
+ }
+
+ public EAAFBuilderException(String errorId, Object[] objects, String message, Exception ex) {
+ super(errorId, objects, message, ex);
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFConfigurationException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFConfigurationException.java
new file mode 100644
index 00000000..9615d8fd
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFConfigurationException.java
@@ -0,0 +1,20 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+public class EAAFConfigurationException extends EAAFException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public EAAFConfigurationException(String msg) {
+ super(msg);
+ }
+
+ public EAAFConfigurationException(String msg, Throwable e) {
+ super(msg, e);
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFException.java
new file mode 100644
index 00000000..c72bc130
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFException.java
@@ -0,0 +1,45 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+public class EAAFException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ private String errorId = null;
+ private Object[] params = null;
+
+ public EAAFException(String msg) {
+ super(msg);
+
+ }
+
+ public EAAFException(String msg, Throwable e) {
+ super(msg, e);
+
+ }
+
+ public EAAFException(String errorId, Object[] params, String msg) {
+ super(msg);
+ this.errorId = errorId;
+ this.params = params;
+
+ }
+
+ public EAAFException(String errorId, Object[] params, String msg, Throwable e) {
+ super(msg, e);
+ this.errorId = errorId;
+ this.params = params;
+
+ }
+
+ public String getErrorId() {
+ return this.errorId;
+
+ }
+
+ public Object[] getParams() {
+ return this.params;
+
+ }
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java
new file mode 100644
index 00000000..e9cdccb8
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java
@@ -0,0 +1,17 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+public class EAAFIDPException extends EAAFException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public EAAFIDPException(String msg) {
+ super(msg);
+
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIllegalStateException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIllegalStateException.java
new file mode 100644
index 00000000..65934015
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIllegalStateException.java
@@ -0,0 +1,15 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+import at.gv.egiz.eaaf.core.api.IStatusMessager;
+
+public class EAAFIllegalStateException extends EAAFException {
+ private static final long serialVersionUID = 261484121729891927L;
+
+ public EAAFIllegalStateException(Object[] params, String msg) {
+ super(IStatusMessager.CODES_INTERNAL_ILLEGAL_STATE, params, msg);
+
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFParserException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFParserException.java
new file mode 100644
index 00000000..de6e91ae
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFParserException.java
@@ -0,0 +1,20 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+public class EAAFParserException extends EAAFException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public EAAFParserException(String errorId, Object[] params, String msg) {
+ super(errorId, params, msg);
+ }
+
+ public EAAFParserException(String errorId, Object[] objects, String message, Throwable ex) {
+ super(errorId, objects, message, ex);
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFProtocolException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFProtocolException.java
new file mode 100644
index 00000000..f3ed4bb7
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFProtocolException.java
@@ -0,0 +1,26 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+public class EAAFProtocolException extends EAAFException {
+
+ private static final long serialVersionUID = 7982298114399440473L;
+
+ public EAAFProtocolException(String msg) {
+ super(msg);
+
+ }
+
+ public EAAFProtocolException(String msg, Throwable e) {
+ super(msg, e);
+ }
+
+ public EAAFProtocolException(String errorId, Object[] params, String msg) {
+ super(errorId, params, msg);
+
+ }
+
+ public EAAFProtocolException(String errorId, Object[] params, String msg, Throwable e) {
+ super(errorId, params, msg, e);
+ }
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFSSOException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFSSOException.java
new file mode 100644
index 00000000..396fee05
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFSSOException.java
@@ -0,0 +1,17 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+public class EAAFSSOException extends EAAFException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -5942886204347860148L;
+
+ public EAAFSSOException(String errorId, Object[] params, String msg, Throwable e) {
+ super(errorId, params, msg, e);
+
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFStorageException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFStorageException.java
new file mode 100644
index 00000000..7d0acef8
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFStorageException.java
@@ -0,0 +1,18 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+public class EAAFStorageException extends EAAFException {
+
+ private static final long serialVersionUID = 1L;
+
+ public EAAFStorageException(String msg) {
+ super(msg);
+ }
+
+ public EAAFStorageException(String msg, Throwable e) {
+ super(msg, e);
+ }
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/GUIBuildException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/GUIBuildException.java
new file mode 100644
index 00000000..6043d559
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/GUIBuildException.java
@@ -0,0 +1,26 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class GUIBuildException extends Exception {
+
+ private static final long serialVersionUID = -278663750102498205L;
+
+ /**
+ * @param string
+ */
+ public GUIBuildException(String msg) {
+ super(msg);
+
+ }
+
+ public GUIBuildException(String msg, Throwable e) {
+ super(msg, e);
+
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/InvalidDateFormatAttributeException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/InvalidDateFormatAttributeException.java
new file mode 100644
index 00000000..2afc0720
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/InvalidDateFormatAttributeException.java
@@ -0,0 +1,15 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+public class InvalidDateFormatAttributeException extends AttributeBuilderException {
+
+ private static final long serialVersionUID = 1L;
+
+ public InvalidDateFormatAttributeException() {
+ super("Date format is invalid.");
+ }
+
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/InvalidProtocolRequestException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/InvalidProtocolRequestException.java
new file mode 100644
index 00000000..d7b0933b
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/InvalidProtocolRequestException.java
@@ -0,0 +1,23 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class InvalidProtocolRequestException extends EAAFProtocolException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -7866198705324084601L;
+
+ public InvalidProtocolRequestException(String internalMsgId, Object[] params, String msg) {
+ super(internalMsgId, params, msg);
+ }
+
+ public InvalidProtocolRequestException(String internalMsgId, Object[] params, String msg, Throwable e) {
+ super(internalMsgId, params, msg, e);
+ }
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/NoPassivAuthenticationException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/NoPassivAuthenticationException.java
new file mode 100644
index 00000000..f4d40b6a
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/NoPassivAuthenticationException.java
@@ -0,0 +1,18 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+import at.gv.egiz.eaaf.core.api.IStatusMessager;
+
+public class NoPassivAuthenticationException extends EAAFAuthenticationException {
+
+ public NoPassivAuthenticationException() {
+ super(IStatusMessager.CODES_INTERNAL_ERROR_AUTH_REQUEST_INVALID, null, "");
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 596920452166197688L;
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProcessExecutionException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProcessExecutionException.java
new file mode 100644
index 00000000..db678e9b
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProcessExecutionException.java
@@ -0,0 +1,38 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+/**
+ * Indicates a problem when executing a process.
+ *
+ * @author tknall
+ *
+ */
+public class ProcessExecutionException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * Creates a new process execution exception providing a {@code message} describing the reason and the respective
+ * {@code cause}.
+ *
+ * @param message
+ * The message.
+ * @param cause
+ * The cause.
+ */
+ public ProcessExecutionException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ /**
+ * Creates a new process execution exception providing a {@code message} describing the reason.
+ *
+ * @param message
+ * The message.
+ */
+ public ProcessExecutionException(String message) {
+ super(message);
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProtocolNotActiveException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProtocolNotActiveException.java
new file mode 100644
index 00000000..33597845
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProtocolNotActiveException.java
@@ -0,0 +1,20 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ProtocolNotActiveException extends EAAFProtocolException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1832697083163940710L;
+
+ public ProtocolNotActiveException(String internalMsgId, Object[] params, String msg) {
+ super(internalMsgId, params, msg);
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/SLOException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/SLOException.java
new file mode 100644
index 00000000..66c18db6
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/SLOException.java
@@ -0,0 +1,21 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SLOException extends EAAFException {
+ private static final long serialVersionUID = -5284624715788385022L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public SLOException(String messageId, Object[] parameters) {
+ super(messageId, parameters, "SLO processing error");
+ // TODO Auto-generated constructor stub
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/TaskExecutionException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/TaskExecutionException.java
new file mode 100644
index 00000000..b6c6bd16
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/TaskExecutionException.java
@@ -0,0 +1,55 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+
+/**
+ * @author tlenz
+ *
+ */
+public class TaskExecutionException extends ProcessExecutionException {
+
+ private static final long serialVersionUID = 1L;
+ Throwable originalException = null;
+ String pendingRequestID = null;
+
+ /**
+ * @param message
+ * @param cause
+ */
+ public TaskExecutionException(IRequest pendingReq, String message, Throwable cause) {
+ super(message, cause);
+ this.originalException = cause;
+
+ if (StringUtils.isNotEmpty(pendingReq.getPendingRequestId()))
+ this.pendingRequestID = pendingReq.getPendingRequestId();
+
+ }
+
+ /**
+ * Get the original internal exception from task
+ *
+ * @return the originalException
+ */
+ public Throwable getOriginalException() {
+ return originalException;
+
+ }
+
+ /**
+ * Get the pending-request ID of that request, which was processed when the exception occurs
+ *
+ * @return the pendingRequestID
+ */
+ public String getPendingRequestID() {
+ return pendingRequestID;
+ }
+
+
+
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java
new file mode 100644
index 00000000..f4d5bdae
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java
@@ -0,0 +1,22 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.exceptions;
+
+public class UnavailableAttributeException extends AttributeBuilderException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -1114323185905118432L;
+
+ private String attributeName;
+
+ public UnavailableAttributeException(String attributeName) {
+ super("Attribute " + attributeName + " is not available.");
+ this.attributeName = attributeName;
+ }
+
+ public String getAttributeName() {
+ return attributeName;
+ }
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/XPathException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/XPathException.java
new file mode 100644
index 00000000..5cccbda4
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/XPathException.java
@@ -0,0 +1,68 @@
+/*******************************************************************************
+ *******************************************************************************/
+
+
+package at.gv.egiz.eaaf.core.exceptions;
+
+import java.io.PrintStream;
+import java.io.PrintWriter;
+
+/**
+ * An exception occurred evaluating an XPath.
+ *
+ */
+public class XPathException extends RuntimeException {
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1736311265333034392L;
+/** The wrapped exception. */
+ private Throwable wrapped;
+
+ /**
+ * Create a XPathException.
+ *
+ * @param message The exception message.
+ * @param wrapped The exception being the likely cause of this exception.
+ */
+ public XPathException(String message, Throwable wrapped) {
+ super(message);
+ this.wrapped = wrapped;
+ }
+
+ public XPathException(String string) {
+ super(string);
+}
+
+/**
+ * Return the wrapped exception.
+ *
+ * @return The wrapped exception being the likely cause of this exception.
+ */
+ public Throwable getWrapped() {
+ return wrapped;
+ }
+
+ /**
+ * @see java.lang.Throwable#printStackTrace(java.io.PrintStream)
+ */
+ public void printStackTrace(PrintStream s) {
+ super.printStackTrace(s);
+ if (getWrapped() != null) {
+ s.print("Caused by: ");
+ getWrapped().printStackTrace(s);
+ }
+ }
+
+ /**
+ * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter)
+ */
+ public void printStackTrace(PrintWriter s) {
+ super.printStackTrace(s);
+ if (getWrapped() != null) {
+ s.print("Caused by: ");
+ getWrapped().printStackTrace(s);
+ }
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/Pair.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/Pair.java
new file mode 100644
index 00000000..3277107f
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/Pair.java
@@ -0,0 +1,25 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.data;
+
+public class Pair {
+ private final P1 first;
+ private final P2 second;
+
+ private Pair(final P1 newFirst, final P2 newSecond) {
+ this.first = newFirst;
+ this.second = newSecond;
+ }
+
+ public P1 getFirst() {
+ return this.first;
+ }
+
+ public P2 getSecond() {
+ return this.second;
+ }
+
+ public static Pair newInstance(final P1 newFirst, final P2 newSecond) {
+ return new Pair(newFirst, newSecond);
+ }
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/SLOInformationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/SLOInformationImpl.java
new file mode 100644
index 00000000..46dce216
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/SLOInformationImpl.java
@@ -0,0 +1,167 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.data;
+
+import java.io.Serializable;
+
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+
+
+/**
+ * @author tlenz
+ *
+ */
+public class SLOInformationImpl implements SLOInformationInterface, Serializable {
+
+ private static final long serialVersionUID = 295577931870512387L;
+ private String sessionIndex = null;
+ private String nameID = null;
+ private String protocolType = null;
+ private String nameIDFormat = null;
+ private String binding = null;
+ private String serviceURL = null;
+ private String authURL = null;
+ private String spEntityID = null;
+
+ public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType) {
+ new SLOInformationImpl(authURL, spEntityID, sessionID, nameID, nameIDFormat, protocolType, null, null);
+ }
+
+ public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType, String sloBinding, String sloLocationURL) {
+ this.sessionIndex = sessionID;
+ this.nameID = nameID;
+ this.nameIDFormat = nameIDFormat;
+ this.protocolType = protocolType;
+ this.spEntityID = spEntityID;
+
+ if (authURL.endsWith("/"))
+ this.authURL = authURL.substring(0, authURL.length()-1);
+ else
+ this.authURL = authURL;
+
+
+ this.binding = sloBinding;
+ this.serviceURL = sloLocationURL;
+
+ }
+
+
+ /**
+ *
+ */
+ public SLOInformationImpl() {
+
+ }
+
+
+
+ /**
+ * @return the spEntityID
+ */
+ public String getSpEntityID() {
+ return spEntityID;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getSessionIndex()
+ */
+ @Override
+ public String getSessionIndex() {
+ return sessionIndex;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIdentifier()
+ */
+ @Override
+ public String getUserNameIdentifier() {
+ return nameID;
+
+ }
+
+
+ /**
+ * @param sessionIndex the sessionIndex to set
+ */
+ public void setSessionIndex(String sessionIndex) {
+ this.sessionIndex = sessionIndex;
+ }
+
+
+ /**
+ * @param nameID the nameID to set
+ */
+ public void setUserNameIdentifier(String nameID) {
+ this.nameID = nameID;
+ }
+
+
+
+ /**
+ * @param protocolType the protocolType to set
+ */
+ public void setProtocolType(String protocolType) {
+ this.protocolType = protocolType;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getProtocolType()
+ */
+ @Override
+ public String getProtocolType() {
+ return protocolType;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIDFormat()
+ */
+ @Override
+ public String getUserNameIDFormat() {
+ return this.nameIDFormat;
+ }
+
+
+ /**
+ * @param nameIDFormat the nameIDFormat to set
+ */
+ public void setNameIDFormat(String nameIDFormat) {
+ this.nameIDFormat = nameIDFormat;
+ }
+
+ /**
+ * @return the binding
+ */
+ public String getBinding() {
+ return binding;
+ }
+
+ /**
+ * @return the serviceURL
+ */
+ public String getServiceURL() {
+ return serviceURL;
+ }
+
+ /**
+ * @return the authURL from requested IDP without ending /
+ */
+ public String getAuthURL() {
+ return authURL;
+ }
+
+ /**
+ * @param spEntityID the spEntityID to set
+ */
+ public void setSpEntityID(String spEntityID) {
+ this.spEntityID = spEntityID;
+ }
+
+
+
+
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/Trible.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/Trible.java
new file mode 100644
index 00000000..b817de42
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/data/Trible.java
@@ -0,0 +1,31 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.data;
+
+public class Trible {
+ private final P1 first;
+ private final P2 second;
+ private final P3 third;
+
+ private Trible(final P1 newFirst, final P2 newSecond, final P3 newThird) {
+ this.first = newFirst;
+ this.second = newSecond;
+ this.third = newThird;
+ }
+
+ public P1 getFirst() {
+ return this.first;
+ }
+
+ public P2 getSecond() {
+ return this.second;
+ }
+
+ public P3 getThird() {
+ return this.third;
+ }
+
+ public static Trible newInstance(final P1 newFirst, final P2 newSecond, final P3 newThird) {
+ return new Trible(newFirst, newSecond, newThird);
+ }
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java
new file mode 100644
index 00000000..0ab13a9b
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java
@@ -0,0 +1,90 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.gui;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
+
+/**
+ * @author tlenz
+ *
+ */
+public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilderConfiguration {
+
+ public static final String PARAM_AUTHCONTEXT = "contextPath";
+ public static final String PARAM_FORMSUBMITENDPOINT = "submitEndpoint";
+ public static final String PARAM_PENDINGREQUESTID = "pendingReqID";
+
+ private String authURL = null;
+ private String viewName = null;
+ private String formSubmitEndpoint = null;
+
+ /**
+ * @param authURL IDP PublicURL-Prefix which should be used, but never null
+ * @param viewName Name of the template (with suffix) but never null
+ * @param formSubmitEndpoint EndPoint on which the form should be submitted,
+ * or null if the form must not submitted
+ *
+ */
+ public AbstractGUIFormBuilderConfiguration(String authURL, String viewName, String formSubmitEndpoint) {
+ if (viewName.startsWith("/"))
+ this.viewName = viewName.substring(1);
+ else
+ this.viewName = viewName;
+
+ if (authURL.endsWith("/"))
+ this.authURL = authURL.substring(0, authURL.length() - 1);
+ else
+ this.authURL = authURL;
+
+ if (StringUtils.isNotEmpty(formSubmitEndpoint)) {
+ if (formSubmitEndpoint.startsWith("/"))
+ this.formSubmitEndpoint = formSubmitEndpoint;
+ else
+ this.formSubmitEndpoint = "/" + formSubmitEndpoint;
+ }
+ }
+
+
+ /**
+ * Define the parameters, which should be evaluated in the template
+ * IMPORTANT: external HTML escapetion is required, because it is NOT done internally during the building process
+ *
+ * @return Map of parameters, which should be added to template
+ */
+ abstract protected Map getSpecificViewParameters();
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewName()
+ */
+ @Override
+ public final String getViewName() {
+ return this.viewName;
+
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters()
+ */
+ @Override
+ public final Map getViewParameters() {
+ //get parameters from detail implementation
+ Map specParams = getSpecificViewParameters();
+ if (specParams == null)
+ specParams = new HashMap();
+
+ //add generic parameters
+ specParams.put(PARAM_AUTHCONTEXT, this.authURL);
+ if (this.formSubmitEndpoint != null)
+ specParams.put(PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint);
+
+ return specParams;
+
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderImpl.java
new file mode 100644
index 00000000..a71fc21e
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderImpl.java
@@ -0,0 +1,192 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.gui;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.StringWriter;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
+
+/**
+ * @author tlenz
+ *
+ */
+public abstract class AbstractGUIFormBuilderImpl implements IGUIFormBuilder {
+ private static final Logger log = LoggerFactory.getLogger(AbstractGUIFormBuilderImpl.class);
+ private static final String DEFAULT_CONTENT_TYPE = EAAFConstants.CONTENTTYPE_HTML_UTF8;
+
+ private VelocityEngine engine;
+
+ public AbstractGUIFormBuilderImpl() throws GUIBuildException {
+ try {
+ engine = VelocityProvider.getClassPathVelocityEngine();
+
+ } catch (Exception e) {
+ log.error("Initialization of Velocity-Engine to render GUI components FAILED.", e);
+ throw new GUIBuildException("Initialization of Velocity-Engine to render GUI components FAILED.", e);
+
+ }
+
+ }
+
+ public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException {
+ build(httpResp, config, getInternalContentType(config), loggerName);
+
+ }
+
+ @Override
+ public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config,
+ String contentType, String loggerName) throws GUIBuildException {
+
+ InputStream is = null;
+ try {
+ String viewName = config.getViewName();
+ is = getTemplateInputStream(config);
+
+ //build Velocity Context from input paramters
+ VelocityContext context = buildContextFromViewParams(config.getViewParameters());
+
+ //evaluate template
+ StringWriter writer = new StringWriter();
+ engine.evaluate(context, writer, loggerName, new BufferedReader(new InputStreamReader(is)));
+
+ //write template to response
+ final byte[] content = writer.toString().getBytes("UTF-8");
+ httpResp.setStatus(HttpServletResponse.SC_OK);
+ httpResp.setContentLength(content.length);
+ httpResp.setContentType(contentType);
+ httpResp.getOutputStream().write(content);
+
+ if (log.isTraceEnabled()) {
+ log.trace("Write Content for viewName:" + viewName
+ + ". Contentsize:" + String.valueOf(content.length)
+ + " BufferSize:" + httpResp.getBufferSize()
+ + " ContentType:" + contentType);
+ for (String el : httpResp.getHeaderNames())
+ log.trace(" * Headername:" + el + " Value:" + httpResp.getHeader(el));
+
+ }
+
+ } catch (IOException e) {
+ log.error("GUI form-builder has an internal error.", e);
+ throw new GUIBuildException("GUI form-builder has an internal error.", e);
+
+ } finally {
+ if (is != null)
+ try {
+ is.close();
+
+ } catch (IOException e) {
+ log.error("Can NOT close GUI-Template InputStream.", e);
+
+ }
+ }
+
+ }
+
+ /**
+ * Generate a new {@link VelocityContext} and populate it with MOA-ID GUI parameters
+ *
+ * @param config
+ * @return
+ */
+ public VelocityContext generateVelocityContextFromConfiguration(IGUIBuilderConfiguration config) {
+ return buildContextFromViewParams(config.getViewParameters());
+
+ }
+
+ /**
+ * Load the template from different resources
+ *
+ * @param config
+ * @return An {@link InputStream} but never null. The {@link InputStream} had to be closed be the invoking method
+ * @throws GUIBuildException
+ */
+ public InputStream getTemplateInputStream(IGUIBuilderConfiguration config) throws GUIBuildException {
+ InputStream is = config.getTemplate(config.getViewName());
+ if (is == null) {
+ log.trace("Loading GUI template:" + config.getViewName() + " from default resources ... ");
+ is = getInternalTemplate(config);
+
+ if (is == null) {
+ log.warn("No GUI with viewName:" + config.getViewName() + " FOUND.");
+ throw new GUIBuildException("No GUI with viewName:" + config.getViewName() + " FOUND.");
+
+ }
+ }
+ return is;
+
+ }
+
+ /**
+ * Load an internal template from default resources
+ *
+ * @param config
+ * @return
+ * @throws GUIBuildException
+ */
+ abstract protected InputStream getInternalTemplate(IGUIBuilderConfiguration config) throws GUIBuildException;
+
+
+ /**
+ * @return
+ */
+ protected String getInternalClasspathTemplateDir(IGUIBuilderConfiguration config, String defaultClassPathDir) {
+ String dir = config.getClasspathTemplateDir();
+ if (dir != null) {
+ if (!dir.endsWith("/"))
+ dir += "/";
+
+ return dir;
+
+ } else
+ return defaultClassPathDir;
+ }
+
+ /**
+ * @param viewParams
+ * @return
+ */
+ private VelocityContext buildContextFromViewParams(Map viewParams) {
+ VelocityContext context = new VelocityContext();
+
+ if (viewParams != null) {
+ Iterator> interator = viewParams.entrySet().iterator();
+ while (interator.hasNext()) {
+ Entry el = interator.next();
+ context.put(el.getKey(), el.getValue());
+ }
+
+ }
+
+ return context;
+ }
+
+ private String getInternalContentType(IGUIBuilderConfiguration config) {
+ if (StringUtils.isEmpty(config.getDefaultContentType()))
+ return DEFAULT_CONTENT_TYPE;
+
+ else
+ return config.getDefaultContentType();
+
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityLogAdapter.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityLogAdapter.java
new file mode 100644
index 00000000..51a59a8e
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityLogAdapter.java
@@ -0,0 +1,81 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.gui.velocity;
+
+import org.apache.velocity.app.Velocity;
+import org.apache.velocity.runtime.RuntimeServices;
+import org.apache.velocity.runtime.log.LogChute;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class VelocityLogAdapter implements LogChute {
+
+ private static final Logger log = LoggerFactory.getLogger(VelocityLogAdapter.class);
+
+ public VelocityLogAdapter() {
+ try
+ {
+ /*
+ * register this class as a logger with the Velocity singleton
+ * (NOTE: this would not work for the non-singleton method.)
+ */
+ Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this );
+ Velocity.init();
+ }
+ catch (Exception e)
+ {
+ log.error("Failed to register Velocity logger");
+ }
+ }
+
+ public void init(RuntimeServices arg0) throws Exception {
+ }
+
+ public boolean isLevelEnabled(int arg0) {
+ switch(arg0) {
+ case LogChute.DEBUG_ID:
+ return log.isDebugEnabled();
+ case LogChute.TRACE_ID:
+ return log.isTraceEnabled();
+ default:
+ return true;
+ }
+ }
+
+ public void log(int arg0, String arg1) {
+ switch(arg0) {
+ case LogChute.DEBUG_ID:
+ log.debug(arg1);
+ break;
+ case LogChute.TRACE_ID:
+ log.trace(arg1);
+ break;
+ case LogChute.INFO_ID:
+ log.info(arg1);
+ break;
+ case LogChute.WARN_ID:
+ log.warn(arg1);
+ break;
+ case LogChute.ERROR_ID:
+ default:
+ log.error(arg1);
+ break;
+ }
+ }
+
+ public void log(int arg0, String arg1, Throwable arg2) {
+ switch(arg0) {
+ case LogChute.DEBUG_ID:
+ case LogChute.TRACE_ID:
+ case LogChute.INFO_ID:
+ case LogChute.WARN_ID:
+ log.warn(arg1, arg2);
+ break;
+ case LogChute.ERROR_ID:
+ default:
+ log.error(arg1, arg2);
+ break;
+ }
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityProvider.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityProvider.java
new file mode 100644
index 00000000..5775e203
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityProvider.java
@@ -0,0 +1,121 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package at.gv.egiz.eaaf.core.impl.gui.velocity;
+
+import org.apache.velocity.app.Velocity;
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.runtime.RuntimeConstants;
+
+/**
+ * Gets a Velocity Engine
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class VelocityProvider {
+
+ private static VelocityEngine velocityEngine = null;
+
+ /**
+ * Gets velocityEngine from Classpath
+ * @return VelocityEngine
+ * @throws Exception
+ */
+ public static VelocityEngine getClassPathVelocityEngine() throws Exception {
+ if (velocityEngine == null) {
+ velocityEngine = getBaseVelocityEngine();
+ velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+ velocityEngine.setProperty("classpath.resource.loader.class",
+ "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+ velocityEngine.init();
+
+ }
+
+ return velocityEngine;
+ }
+
+ /**
+ * Gets VelocityEngine from File
+ * @param rootPath File Path to template file
+ * @return VelocityEngine
+ * @throws Exception
+ */
+ public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception {
+ if (velocityEngine == null) {
+ velocityEngine = getBaseVelocityEngine();
+ velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file");
+ velocityEngine.setProperty("file.resource.loader.class",
+ "org.apache.velocity.runtime.resource.loader.FileResourceLoader");
+ velocityEngine.setProperty("file.resource.loader.path", rootPath);
+
+ velocityEngine.init();
+
+ }
+
+ return velocityEngine;
+ }
+
+ /**
+ * Gets a basic VelocityEngine
+ * @return VelocityEngine
+ */
+ private static VelocityEngine getBaseVelocityEngine() {
+ VelocityEngine velocityEngine = new VelocityEngine();
+ velocityEngine.setProperty(RuntimeConstants.INPUT_ENCODING, "UTF-8");
+ velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+// velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
+// "org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
+ velocityEngine.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, new VelocityLogAdapter() );
+
+ return velocityEngine;
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
new file mode 100644
index 00000000..f35a54fa
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
@@ -0,0 +1,416 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.idp;
+
+import java.io.Serializable;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.Map;
+import java.util.TimeZone;
+
+import org.apache.commons.collections4.map.HashedMap;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthenticationData implements IAuthData, Serializable {
+
+ private static final Logger log = LoggerFactory.getLogger(AuthenticationData.class);
+
+ private static final long serialVersionUID = -1042697056735596866L;
+ public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
+
+ private boolean isBaseIDTransferRestrication = true;
+ private Map genericDataStorate = new HashedMap();
+
+ private String issuer;
+ private Date issueInstant;
+
+ private String identificationValue;
+ private String identificationType;
+ private IIdentityLink identityLink = null;
+
+ private String familyName;
+ private String givenName;
+ private Date dateOfBirth;
+ private String bPK;
+ private String bPKType;
+
+ private String ccc = null;
+
+
+ private boolean foreigner =false;
+ private String eIDASLoA = null;
+
+ private boolean ssoSession = false;
+ private Date ssoSessionValidTo = null;
+
+ private String sessionIndex = null;
+ private String nameID = null;
+ private String nameIDFormat = null;
+
+ public AuthenticationData() {
+ this.issueInstant = new Date();
+
+ }
+
+ @Override
+ public String getAuthenticationIssuer() {
+ return this.issuer;
+ }
+
+ /**
+ * Set an unique identifier for the IDP that authenticates the user
+ *
+ * @param authIssuer
+ */
+ public void setAuthenticationIssuer(String authIssuer) {
+ this.issuer = authIssuer;
+
+ }
+
+
+ @Override
+ public Date getAuthenticationIssueInstant() {
+ return this.issueInstant;
+ }
+
+
+ public String getAuthenticationIssueInstantString() {
+ SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+ f.setTimeZone(TimeZone.getTimeZone("UTC"));
+ return f.format(this.issueInstant);
+
+ }
+
+ /**
+ * Set the timestamp for this user authentication process
+ *
+ * @param date
+ */
+ public void setAuthenticationIssueInstant(Date date) {
+ this.issueInstant = date;
+ }
+
+ @Override
+ public String getCiticenCountryCode() {
+ return this.ccc;
+ }
+
+
+ public String getBPK() {
+ return bPK;
+ }
+
+ /**
+ * Sets the bPK.
+ * @param bPK The bPK to set
+ */
+ public void setBPK(String bPK) {
+ this.bPK = bPK;
+ }
+
+
+ public Date getDateOfBirth() {
+ return this.dateOfBirth;
+ }
+
+ public String getFormatedDateOfBirth() {
+ DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+ if (getDateOfBirth() != null)
+ return pvpDateFormat.format(getDateOfBirth());
+ else
+ return "2999-12-31";
+
+ }
+
+
+ public String getFamilyName() {
+ return this.familyName;
+ }
+
+
+ public String getGivenName() {
+ return this.givenName;
+ }
+
+
+ public String getIdentificationValue() {
+ return identificationValue;
+ }
+
+
+ public String getIdentificationType() {
+ return identificationType;
+ }
+
+ @Override
+ public IIdentityLink getIdentityLink() {
+ return identityLink;
+ }
+
+ /**
+ * @param identityLink the identityLink to set
+ */
+ public void setIdentityLink(IIdentityLink identityLink) {
+ this.identityLink = identityLink;
+ }
+
+ /**
+ * Sets the dateOfBirth.
+ * @param dateOfBirth The dateOfBirth to set
+ */
+ public void setDateOfBirth(Date dateOfBirth) {
+ this.dateOfBirth = dateOfBirth;
+ }
+
+ public void setDateOfBirth(String dateOfBirth) {
+ try {
+ if (StringUtils.isNotEmpty(dateOfBirth)) {
+ DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+ this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
+
+ }
+
+ } catch (ParseException e) {
+ log.warn("Parse dateOfBirht from IdentityLink FAILED", e);
+
+ }
+ }
+
+ /**
+ * Sets the familyName.
+ * @param familyName The familyName to set
+ */
+ public void setFamilyName(String familyName) {
+ this.familyName = familyName;
+ }
+
+ /**
+ * Sets the givenName.
+ * @param givenName The givenName to set
+ */
+ public void setGivenName(String givenName) {
+ this.givenName = givenName;
+ }
+
+ /**
+ * Sets the identificationValue.
+ * @param identificationValue The identificationValue to set
+ */
+ public void setIdentificationValue(String identificationValue) {
+ this.identificationValue = identificationValue;
+ }
+
+ /**
+ * Sets the identificationType.
+ * @param identificationType The identificationType to set
+ */
+ public void setIdentificationType(String identificationType) {
+ this.identificationType = identificationType;
+ }
+
+
+ public String getBPKType() {
+ return bPKType;
+ }
+
+ /**
+ * Set sector identifier of user's bPK
+ *
+ * @param bPKType
+ */
+ public void setBPKType(String bPKType) {
+ this.bPKType = bPKType;
+ }
+
+ public String getEIDASQAALevel() {
+ return this.eIDASLoA;
+
+ }
+
+
+ public boolean isForeigner() {
+ return this.foreigner;
+ }
+
+
+ /**
+ * Indicate the the user is a foreigner
+ *
+ * @param true if the user is a foreigner, otherwise false
+ */
+ public void setForeigner(boolean foreigner) {
+ this.foreigner = foreigner;
+ }
+
+ @Override
+ public boolean isSsoSession() {
+ return ssoSession;
+ }
+
+
+ /**
+ * Indicate that the authentication was done by using an active SSO session
+ *
+ * @param true if a SSO was used, otherwise false
+ */
+ public void setSsoSession(boolean ssoSession) {
+ this.ssoSession = ssoSession;
+ }
+
+
+ /**
+ * Country Code for the authenticated user
+ *
+ * @param ccc Two letter country code
+ */
+ public void setCiticenCountryCode(String ccc) {
+ this.ccc = ccc;
+ }
+
+ public String getSessionIndex() {
+ return sessionIndex;
+ }
+
+ /**
+ * @param sessionIndex the sessionIndex to set
+ */
+ public void setSessionIndex(String sessionIndex) {
+ this.sessionIndex = sessionIndex;
+ }
+
+
+ @Override
+ public String getNameID() {
+ return this.nameID;
+ }
+
+ /**
+ * @param nameID the nameID to set
+ */
+ public void setNameID(String nameID) {
+ this.nameID = nameID;
+ }
+
+ /**
+ * @return the nameIDFormat
+ */
+ public String getNameIDFormat() {
+ return nameIDFormat;
+ }
+
+ /**
+ * @param nameIDFormat the nameIDFormat to set
+ */
+ public void setNameIDFormat(String nameIDFormat) {
+ this.nameIDFormat = nameIDFormat;
+ }
+
+ /**
+ * @return the ssoSessionValidTo
+ */
+ public Date getSsoSessionValidTo() {
+ return ssoSessionValidTo;
+ }
+
+ /**
+ * @param ssoSessionValidTo the ssoSessionValidTo to set
+ */
+ public void setSsoSessionValidTo(Date ssoSessionValidTo) {
+ this.ssoSessionValidTo = ssoSessionValidTo;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
+ */
+ @Override
+ public boolean isBaseIDTransferRestrication() {
+ return isBaseIDTransferRestrication;
+ }
+
+ /**
+ * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set
+ */
+ public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) {
+ this.isBaseIDTransferRestrication = isBaseIDTransferRestrication;
+ }
+
+ /**
+ * Returns a generic data-object with is stored with a specific identifier
+ *
+ * @param key The specific identifier of the data object
+ * @param clazz The class type which is stored with this key
+ * @return The data object or null if no data is found with this key
+ */
+ public T getGenericData(String key, final Class clazz) {
+ if (StringUtils.isNotEmpty(key)) {
+ Object data = genericDataStorate.get(key);
+
+ if (data == null)
+ return null;
+
+ try {
+ @SuppressWarnings("unchecked")
+ T test = (T) data;
+ return test;
+
+ } catch (Exception e) {
+ log.warn("Generic authentication-data object can not be casted to requsted type", e);
+ return null;
+
+ }
+
+ }
+
+ log.info("Can not load generic session-data with key='null'");
+ return null;
+
+ }
+
+ /**
+ * Store a generic data-object to session with a specific identifier
+ *
+ * @param key Identifier for this data-object
+ * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+ * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
+ */
+ public void setGenericData(String key, Object object) throws EAAFStorageException {
+ if (StringUtils.isEmpty(key)) {
+ log.info("Generic session-data can not be stored with a 'null' key");
+ throw new EAAFStorageException("Generic data can not be stored with a 'null' key", null);
+
+ }
+
+ if (object != null) {
+ if (!Serializable.class.isInstance(object)) {
+ log.warn("Generic data can only store objects which implements the 'Seralizable' interface");
+ throw new EAAFStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
+
+ }
+ }
+
+ if (genericDataStorate.containsKey(key))
+ log.debug("Overwrite generic data with key:" + key);
+ else
+ log.trace("Add generic data with key:" + key + " to session.");
+
+ genericDataStorate.put(key, object);
+ }
+
+ public void seteIDASLoA(String eIDASLoA) {
+ this.eIDASLoA = eIDASLoA;
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EAAFCoreSpringResourceProvider.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EAAFCoreSpringResourceProvider.java
new file mode 100644
index 00000000..a289f49d
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EAAFCoreSpringResourceProvider.java
@@ -0,0 +1,30 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.idp;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+public class EAAFCoreSpringResourceProvider implements SpringResourceProvider {
+
+ @Override
+ public String getName() {
+ return "EAAF Core SpringResourceProvider";
+ }
+
+ @Override
+ public String[] getPackagesToScan() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Resource[] getResourcesToLoad() {
+ ClassPathResource sl20AuthConfig = new ClassPathResource("/eaaf_core.beans.xml", EAAFCoreSpringResourceProvider.class);
+
+ return new Resource[] {sl20AuthConfig};
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
new file mode 100644
index 00000000..e52a7884
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
@@ -0,0 +1,341 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.idp.auth;
+
+import java.io.IOException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException;
+import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
+
+public abstract class AbstractAuthenticationManager implements IAuthenticationManager {
+ private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationManager.class);
+
+ private static List reqParameterWhiteListeForModules = new ArrayList();
+ private static List reqHeaderWhiteListeForModules = new ArrayList();
+
+ public static final String MOA_SESSION = "MoaAuthenticationSession";
+ public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
+
+ public static final int SLOTIMEOUT = 30 * 1000; //30 sec
+
+ @Autowired(required=true) protected IConfiguration authConfig;
+ @Autowired(required=true) private ProcessEngine processEngine;
+ @Autowired(required=true) private IRequestStorage requestStoreage;
+ @Autowired(required=true) protected IRevisionLogger revisionsLogger;
+ @Autowired(required=false) protected ISSOManager ssoManager;
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager#addParameterNameToWhiteList(java.lang.String)
+ */
+ @Override
+ public final void addParameterNameToWhiteList(String httpReqParam) {
+ if (StringUtils.isNotEmpty(httpReqParam))
+ reqParameterWhiteListeForModules.add(httpReqParam);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager#addHeaderNameToWhiteList(java.lang.String)
+ */
+ @Override
+ public final void addHeaderNameToWhiteList(String httpReqParam) {
+ if (StringUtils.isNotEmpty(httpReqParam))
+ reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase());
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager#addHeaderNameToWhiteList(java.lang.String)
+ */
+ @Override
+ public final boolean doAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IRequest pendingReq) throws EAAFException {
+
+ if (!(pendingReq instanceof RequestImpl)) {
+ log.error("Requests that need authentication MUST be of type 'RequestImpl'");
+ throw new RuntimeException("Requests that need authentication HAS TO BE of type 'RequestImpl'");
+
+ }
+
+ //load OA configuration from pending request
+ ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
+
+ //set logging context and log unique OA identifier to revision log
+ TransactionIDUtils.setServiceProviderId(oaParam.getUniqueIdentifier());
+ revisionsLogger.logEvent(pendingReq, EVENT_AUTHENTICATION_PROCESS_FOR_SP, pendingReq.getSPEntityId());
+
+ //generic authentication request validation
+ if (pendingReq.isPassiv() && pendingReq.forceAuth()) {
+ // conflict!
+ throw new NoPassivAuthenticationException();
+ }
+
+
+ //check Single Sign-On functionality if SSOManager is available
+ boolean isValidSSOSession = false;
+ if (ssoManager != null) {
+ log.trace("SSOManager is loaded. Starting SSO session validation ... ");
+ //check if SSO is allowed for this service provider
+ ssoManager.isSSOAllowedForSP(pendingReq, httpReq);
+
+ //check if SSO session is active and valid
+ isValidSSOSession = ssoManager.checkAndValidateSSOSession(pendingReq, httpReq, httpResp);
+
+ }
+
+ //check if session is already authenticated
+ //boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, isValidSSOSession);
+ //boolean isSessionAuthenticated = isValidSSOSession && StringUtils.isNotEmpty(pendingReq.getSSOSessionIdentifier());
+
+
+ //force new authentication authentication process
+ if (pendingReq.forceAuth()) {
+ startAuthenticationProcess(httpReq, httpResp, (RequestImpl) pendingReq);
+ return false;
+
+ //perform SSO-Consents evaluation if it it required
+ } else if (isValidSSOSession && pendingReq.isNeedUserConsent()) {
+ sendSingleSignOnConsentsEvaluation(httpReq, httpResp, (RequestImpl) pendingReq);
+ return false;
+
+
+ } else if (pendingReq.isPassiv()) {
+ if (isValidSSOSession &&
+ StringUtils.isNotEmpty(pendingReq.getSSOSessionIdentifier()) ) {
+ // Passive authentication ok! --> Populate pending request from SSO session
+ ssoManager.populatePendingRequestWithSSOInformation(pendingReq);
+ revisionsLogger.logEvent(pendingReq, EVENT_AUTHENTICATION_PROCESS_FINISHED);
+ return true;
+
+ } else {
+ throw new NoPassivAuthenticationException();
+
+ }
+
+ } else {
+ if (isValidSSOSession &&
+ StringUtils.isNotEmpty(pendingReq.getSSOSessionIdentifier())) {
+ // Is authenticated .. proceed
+ ssoManager.populatePendingRequestWithSSOInformation(pendingReq);
+ revisionsLogger.logEvent(pendingReq, EVENT_AUTHENTICATION_PROCESS_FINISHED);
+ return true;
+
+ } else {
+ // Start authentication!
+ startAuthenticationProcess(httpReq, httpResp, (RequestImpl) pendingReq);
+ return false;
+
+ }
+ }
+ }
+
+ public final void performOnlyIDPLogOut(HttpServletRequest request, HttpServletResponse response, IRequest pendingReq) {
+
+ log.debug("Close session. Remove pending request ... ");
+ requestStoreage.removePendingRequest(pendingReq.getPendingRequestId());
+
+
+ if (ssoManager != null) {
+ try {
+ log.trace("'SSOManager' active. Search for active SSO sessions ... ");
+ if (ssoManager.destroySSOSessionOnIDPOnly(request, response, pendingReq))
+ log.info("SSO session successfully closed");
+ else
+ log.info("Closing SSO session NOT successfully");
+
+ } catch (EAAFSSOException e) {
+ log.warn("Destroying of SSO session FAILED. Reason: " + e.getMessage(), e);
+
+ }
+
+ }
+
+ }
+
+ /**
+ * Populate process execution context and start process engine
+ *
+ * @param httpReq
+ * @param httpResp
+ * @param pendingReq
+ * @throws ServletException
+ * @throws IOException
+ * @throws EAAFException
+ */
+ private void startAuthenticationProcess(HttpServletRequest httpReq,
+ HttpServletResponse httpResp, RequestImpl pendingReq)
+ throws EAAFException {
+
+ log.info("Starting authentication ...");
+ revisionsLogger.logEvent(pendingReq, EVENT_AUTHENTICATION_PROCESS_STARTED);
+
+ //create authentication process execution context
+ ExecutionContext executionContext = new ExecutionContextImpl();
+
+ //set oaIdentifeir
+ executionContext.put(EAAFConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID,
+ pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
+
+ //add X509 SSL client certificate if exist
+ if (httpReq.getAttribute("javax.servlet.request.X509Certificate") != null) {
+ log.debug("Find SSL-client-certificate on request --> Add it to context");
+ executionContext.put(EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE,
+ ((X509Certificate[])httpReq.getAttribute("javax.servlet.request.X509Certificate")));
+ pendingReq.setGenericDataToSession(EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE,
+ ((X509Certificate[])httpReq.getAttribute("javax.servlet.request.X509Certificate")));
+
+ }
+
+ //add additional http request parameter to context
+ if (!reqParameterWhiteListeForModules.isEmpty()) {
+ Enumeration reqParamNames = httpReq.getParameterNames();
+ while(reqParamNames.hasMoreElements()) {
+ String paramName = reqParamNames.nextElement();
+ if (StringUtils.isNotEmpty(paramName) && reqParameterWhiteListeForModules.contains(paramName) )
+ executionContext.put(paramName, StringEscapeUtils.escapeHtml4(httpReq.getParameter(paramName)));
+ }
+ }
+
+ //add additional http request parameter to context
+ if (!reqHeaderWhiteListeForModules.isEmpty()) {
+ Enumeration reqHeaderNames = httpReq.getHeaderNames();
+ while(reqHeaderNames.hasMoreElements()) {
+ String paramName = reqHeaderNames.nextElement();
+ if (StringUtils.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) )
+ executionContext.put(paramName, StringEscapeUtils.escapeHtml4(httpReq.getHeader(paramName)));
+
+ }
+ }
+
+ //populate more IDP specific information to execution context
+ populateExecutionContext(executionContext, pendingReq, httpReq);
+
+ //start process engine
+ startProcessEngine(pendingReq, executionContext);
+
+ }
+
+ /**
+ *
+ *
+ * @throws EAAFException
+ */
+ abstract protected void populateExecutionContext(ExecutionContext executionContext,
+ RequestImpl pendingReq, HttpServletRequest httpReq) throws EAAFException;
+
+ /**
+ * Starting a user consent evaluation
+ *
+ * @param request
+ * @param response
+ * @param pendingReq
+ * @throws ServletException
+ * @throws IOException
+ * @throws EAAFException
+ */
+ private void sendSingleSignOnConsentsEvaluation(HttpServletRequest request,
+ HttpServletResponse response, RequestImpl pendingReq)
+ throws EAAFException {
+
+ log.debug("Starting SSO user-consents evaluation ...");
+
+ //set authenticated flag to false, because user consents is required
+ pendingReq.setAuthenticated(false);
+
+ //create execution context
+ ExecutionContext executionContext = new ExecutionContextImpl();
+ executionContext.put(ISSOManager.PROCESS_ENGINE_SSO_CONSENTS_EVALUATION, true);
+
+ //start process engine
+ startProcessEngine(pendingReq, executionContext);
+
+ }
+
+
+ /**
+ * Select a specific process and starting process engine
+ *
+ * @param pendingReq
+ * @param executionContext
+ * @throws EAAFException
+ */
+ private void startProcessEngine(RequestImpl pendingReq, ExecutionContext executionContext) throws EAAFException {
+ try {
+ //put pending-request ID on execurtionContext
+ executionContext.put(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID, pendingReq.getPendingRequestId());
+
+ // create process instance
+ String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext);
+
+ if (processDefinitionId == null) {
+ log.warn("No suitable process found for PendingReqId " + pendingReq.getPendingRequestId() );
+ throw new EAAFException(
+ "process.02",
+ new Object[] {pendingReq.getPendingRequestId()}
+ ,"No suitable process found for PendingReqId " + pendingReq.getPendingRequestId());
+
+ }
+
+ String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext);
+
+ // keep process instance id in protocol pending-request
+ pendingReq.setProcessInstanceId(processInstanceId);
+
+ //store pending-request
+ requestStoreage.storePendingRequest(pendingReq);
+
+ // start process
+ processEngine.start(pendingReq);
+
+ } catch (ProcessExecutionException e) {
+ Throwable cause = e.getCause();
+ if (cause != null && cause instanceof TaskExecutionException) {
+ Throwable taskCause = cause.getCause();
+ if (taskCause != null && taskCause instanceof EAAFException) {
+ EAAFException moaTaskCause = (EAAFException) taskCause;
+ log.warn(taskCause.getMessage(), taskCause);
+ throw moaTaskCause;
+
+ }
+ }
+
+ throw new EAAFException(
+ "process.01",
+ new Object[] { pendingReq.getProcessInstanceId(), pendingReq.getPendingRequestId() },
+ "Authentication process execution FAILED",
+ e);
+ }
+
+ }
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java
new file mode 100644
index 00000000..7e0d4cc7
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java
@@ -0,0 +1,119 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.idp.auth;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.idp.process.ProcessInstanceStoreDAO;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
+
+@Service("RequestStorage")
+public class RequestStorage implements IRequestStorage{
+ private static final Logger log = LoggerFactory.getLogger(RequestStorage.class);
+
+ @Autowired ITransactionStorage transactionStorage;
+ @Autowired ProcessInstanceStoreDAO processInstanceStore;
+
+ @Override
+ public IRequest getPendingRequest(String pendingReqID) {
+
+ try {
+ IRequest pendingRequest = transactionStorage.get(pendingReqID, IRequest.class);
+ if (pendingRequest == null) {
+ log.info("No PendingRequst found with pendingRequestID " + pendingReqID);
+ return null;
+
+ }
+
+ //set transactionID and sessionID to Logger
+ TransactionIDUtils.setAllLoggingVariables(pendingRequest);
+
+ return pendingRequest;
+
+ } catch (EAAFException | NullPointerException e) {
+ log.info("No PendingRequst found with pendingRequestID " + pendingReqID);
+ return null;
+
+ }
+ }
+
+ @Override
+ public void storePendingRequest(IRequest pendingRequest) throws EAAFException {
+ try {
+ if (pendingRequest instanceof IRequest)
+ transactionStorage.put(((IRequest)pendingRequest).getPendingRequestId(), pendingRequest, -1);
+
+ else
+ throw new EAAFException("PendigRequest is NOT of type 'IRequest'", null);
+
+
+ } catch (EAAFException e) {
+ log.warn("PendingRequest with ID=" + ((IRequest)pendingRequest).getPendingRequestId() +
+ " can not stored.", e);
+ throw new EAAFStorageException("PendingRequest with Id: " + ((IRequest)pendingRequest).getPendingRequestId()
+ + " can not be stored", e);
+
+ }
+
+ }
+
+ @Override
+ public void removePendingRequest(String requestID) {
+
+ if (requestID != null) {
+
+ //remove process-management execution instance
+ try {
+ IRequest pendingReq = getPendingRequest(requestID);
+
+ if (pendingReq != null &&
+ pendingReq.getProcessInstanceId() != null)
+ processInstanceStore.remove(pendingReq.getProcessInstanceId());
+
+ } catch (EAAFException e) {
+ log.warn("Removing process associated with pending-request:" + requestID + " FAILED.", e);
+
+ }
+
+ transactionStorage.remove(requestID);
+
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.storage.IRequestStorage#changePendingRequestID(at.gv.egovernment.moa.id.moduls.IRequest)
+ */
+ @Override
+ public String changePendingRequestID(IRequest pendingRequest) throws EAAFException {
+
+ if (pendingRequest instanceof RequestImpl) {
+ String newRequestID = Random.nextHexRandom32();
+ String oldRequestID = pendingRequest.getPendingRequestId();
+
+ log.debug("Change pendingRequestID from " + pendingRequest.getPendingRequestId()
+ + " to " + newRequestID);
+
+ ((RequestImpl)pendingRequest).setPendingRequestId(newRequestID);
+ transactionStorage.changeKey(oldRequestID, newRequestID, pendingRequest);
+
+ //only delete oldRequestID, no change.
+
+ return newRequestID;
+
+ } else {
+ log.error("PendingRequest object is not of type 'RequestImpl.class'");
+ throw new EAAFException("PendingRequest object is not of type 'RequestImpl.class'", null);
+ }
+
+ }
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
new file mode 100644
index 00000000..561f6f32
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
@@ -0,0 +1,467 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.idp.auth.builder;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Collection;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.Base64Utils;
+import org.w3c.dom.DOMException;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFParserException;
+import at.gv.egiz.eaaf.core.exceptions.XPathException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
+
+
+public abstract class AbstractAuthenticationDataBuilder implements IAuthenticationDataBuilder {
+ private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationDataBuilder.class);
+ protected Collection includedToGenericAuthData = null;
+ @Autowired protected IConfiguration basicConfig;
+
+ protected void generateBasicAuthData(AuthenticationData authData, IRequest pendingReq,
+ IAuthProcessDataContainer authProcessData) throws EAAFBuilderException, EAAFConfigurationException, XPathException, DOMException, EAAFParserException {
+
+ if (authProcessData.getGenericSessionDataStorage() != null &&
+ !authProcessData.getGenericSessionDataStorage().isEmpty())
+ includedToGenericAuthData = authProcessData.getGenericSessionDataStorage().keySet();
+ else
+ includedToGenericAuthData = new ArrayList();
+
+ //####################################################
+ //set general authData info's
+ authData.setAuthenticationIssuer(pendingReq.getAuthURL());
+ authData.setSsoSession(pendingReq.needSingleSignOnFunctionality());
+ authData.setBaseIDTransferRestrication(pendingReq.getServiceProviderConfiguration().hasBaseIdTransferRestriction());
+
+
+ //####################################################
+ //parse user info's from identityLink
+ IIdentityLink idlFromPVPAttr = null;
+ IIdentityLink identityLink = authProcessData.getIdentityLink();
+ if (identityLink != null) {
+ parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData);
+
+ } else {
+ // identityLink is not direct in MOASession
+ String pvpAttrIDL = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class);
+ //find PVP-Attr. which contains the IdentityLink
+ if (StringUtils.isNotEmpty(pvpAttrIDL)) {
+ log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME
+ + " --> Parse basic user info's from that attribute.");
+ InputStream idlStream = null;
+ try {
+ idlStream = new ByteArrayInputStream(Base64Utils.decodeFromString(pvpAttrIDL));
+ idlFromPVPAttr = new SimpleIdentityLinkAssertionParser(idlStream).parseIdentityLink();
+ parseBasicUserInfosFromIDL(authData, idlFromPVPAttr, includedToGenericAuthData);
+
+ //set identitylink into AuthProcessData
+ authProcessData.setIdentityLink(idlFromPVPAttr);;
+
+ } catch (EAAFParserException e) {
+ log.warn("Received IdentityLink is not valid", e);
+
+ } catch (Exception e) {
+ log.warn("Received IdentityLink is not valid", e);
+
+ } finally {
+ try {
+ includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_IDENTITY_LINK_NAME);
+ if (idlStream != null)
+ idlStream.close();
+
+ } catch (IOException e) {
+ log.warn("Close InputStream FAILED.", e);
+
+ }
+ }
+ }
+
+ //if no basic user info's are set yet, parse info's single PVP-Attributes
+ if (StringUtils.isEmpty(authData.getFamilyName())) {
+ log.debug("No IdentityLink found or not parseable --> Parse basic user info's from single PVP-Attributes.");
+ authData.setFamilyName(authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class));
+ authData.setGivenName(authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.GIVEN_NAME_NAME, String.class));
+ authData.setDateOfBirth(authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.BIRTHDATE_NAME, String.class));
+ authData.setIdentificationValue(authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_SOURCE_PIN_NAME, String.class));
+ authData.setIdentificationType(authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME, String.class));
+
+ //remove corresponding keys from genericSessionData if exists
+ includedToGenericAuthData.remove(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME);
+ includedToGenericAuthData.remove(PVPAttributeDefinitions.GIVEN_NAME_NAME);
+ includedToGenericAuthData.remove(PVPAttributeDefinitions.BIRTHDATE_NAME);
+ includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_SOURCE_PIN_NAME);
+ includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME);
+ }
+
+ }
+
+ if (authData.getIdentificationType() != null &&
+ !authData.getIdentificationType().equals(EAAFConstants.URN_PREFIX_BASEID)) {
+ log.trace("IdentificationType is not a baseID --> clear it. ");
+ authData.setBPK(authData.getIdentificationValue());
+ authData.setBPKType(authData.getIdentificationType());
+
+ authData.setIdentificationValue(null);
+ authData.setIdentificationType(null);
+ }
+
+ //####################################################
+ //set QAA level
+ includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME);
+ String currentLoA = null;
+ if (StringUtils.isNotEmpty(authProcessData.getQAALevel()))
+ currentLoA = authProcessData.getQAALevel();
+ else {
+ currentLoA = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, String.class);
+ if (StringUtils.isNotEmpty(currentLoA)) {
+ log.debug("Find PVP-Attr '" + PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA
+ + " --> Parse QAA-Level from that attribute.");
+
+ }
+ }
+ if (StringUtils.isNotEmpty(currentLoA)) {
+ if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
+ authData.seteIDASLoA(currentLoA);
+
+ } else
+ log.info("Only eIDAS LoAs are supported by this implementation");
+
+ } else {
+ log.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_QAA_LOW);
+ authData.seteIDASLoA(EAAFConstants.EIDAS_QAA_LOW);
+
+ }
+
+ //####################################################
+ //set isForeigner flag
+ //TODO: change to new eIDAS-token attribute identifier
+ if (authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_STORK_TOKEN_NAME) != null) {
+ log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_STORK_TOKEN_FRIENDLY_NAME
+ + " --> Set 'isForeigner' flag to TRUE");
+ authData.setForeigner(true);
+
+ } else {
+ authData.setForeigner(authProcessData.isForeigner());
+
+ }
+
+ //####################################################
+ //set citizen country-code
+ includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME);
+ String pvpCCCAttr = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class);
+ if (StringUtils.isNotEmpty(pvpCCCAttr)) {
+ authData.setCiticenCountryCode(pvpCCCAttr);
+ log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME);
+
+ } else {
+ if (authData.isForeigner()) {
+ //TODO!!!!
+
+ } else {
+ authData.setCiticenCountryCode(basicConfig.getBasicConfiguration(
+ IConfiguration.CONFIG_PROPS_AUTH_DEFAULT_COUNTRYCODE,
+ EAAFConstants.COUNTRYCODE_AUSTRIA));
+
+ }
+ }
+
+
+ //####################################################
+ // set bPK and IdentityLink
+ String pvpbPKValue = getbPKValueFromPVPAttribute(authProcessData);
+ String pvpbPKTypeAttr = getbPKTypeFromPVPAttribute(authProcessData);
+ Pair pvpEncbPKAttr = getEncryptedbPKFromPVPAttribute(authProcessData, authData, pendingReq.getServiceProviderConfiguration());
+
+ //check if a unique ID for this citizen exists
+ if (StringUtils.isEmpty(authData.getIdentificationValue()) &&
+ StringUtils.isEmpty(pvpbPKValue) && StringUtils.isEmpty(authData.getBPK()) &&
+ pvpEncbPKAttr == null) {
+ log.info("Can not build authData, because moaSession include no bPK, encrypted bPK or baseID");
+ throw new EAAFBuilderException("builder.08", new Object[]{"No " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME
+ + " or " + PVPAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME
+ + " or " + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME},
+ "No " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME
+ + " or " + PVPAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME
+ + " or " + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME);
+
+ }
+
+ // baseID is in MOASesson --> calculate bPK directly
+ if (StringUtils.isNotEmpty(authData.getIdentificationValue())) {
+ log.debug("Citizen baseID is in MOASession --> calculate bPK from this.");
+ Pair result = buildOAspecificbPK(pendingReq, authData);
+ authData.setBPK(result.getFirst());
+ authData.setBPKType(result.getSecond());
+
+ //check if bPK already added to AuthData matches OA
+ } else if (StringUtils.isNotEmpty(authData.getBPK())
+ && matchsReceivedbPKToOnlineApplication(pendingReq.getServiceProviderConfiguration(), authData.getBPKType()) ) {
+ log.debug("Correct bPK is already included in AuthData.");
+
+ //check if bPK received by PVP-Attribute matches OA
+ } else if (StringUtils.isNotEmpty(pvpbPKValue) &&
+ matchsReceivedbPKToOnlineApplication(pendingReq.getServiceProviderConfiguration(), pvpbPKTypeAttr)) {
+ log.debug("Receive correct bPK from PVP-Attribute");
+ authData.setBPK(pvpbPKValue);
+ authData.setBPKType(pvpbPKTypeAttr);
+
+ //check if decrypted bPK exists
+ } else if (pvpEncbPKAttr != null) {
+ log.debug("Receive bPK as encrypted bPK and decryption was possible.");
+ authData.setBPK(pvpEncbPKAttr.getFirst());
+ authData.setBPKType(pvpEncbPKAttr.getSecond());
+
+ //ask SZR to get bPK
+ } else {
+ String notValidbPK = authData.getBPK();
+ String notValidbPKType = authData.getBPKType();
+ if (StringUtils.isEmpty(notValidbPK) &&
+ StringUtils.isEmpty(notValidbPKType)) {
+ notValidbPK = pvpbPKValue;
+ notValidbPKType = pvpbPKTypeAttr;
+
+ if (StringUtils.isEmpty(notValidbPK) &&
+ StringUtils.isEmpty(notValidbPKType)) {
+ log.error("No bPK in MOASession. THIS error should not occur any more.");
+ throw new NullPointerException("No bPK in MOASession. THIS error should not occur any more.");
+ }
+ }
+
+ Pair baseIDFromSZR = getbaseIDFromSZR(authData, notValidbPK, notValidbPKType);
+ if (baseIDFromSZR != null) {
+ log.info("Receive citizen baseID from SRZ. Authentication can be completed");
+ authData.setIdentificationValue(baseIDFromSZR.getFirst());
+ authData.setIdentificationType(baseIDFromSZR.getSecond());
+ Pair result = buildOAspecificbPK(pendingReq, authData);
+ authData.setBPK(result.getFirst());
+ authData.setBPKType(result.getSecond());
+
+ } else {
+ log.warn("Can not build authData, because moaSession include no valid bPK, encrypted bPK or baseID");
+ throw new EAAFBuilderException("builder.08", new Object[]{"No valid " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME
+ + " or " + PVPAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME
+ + " or " + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME},
+ "No valid " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME
+ + " or " + PVPAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME
+ + " or " + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME);
+
+ }
+ }
+
+ //build IdentityLink
+ if (authProcessData.getIdentityLink() != null)
+ authData.setIdentityLink(buildOAspecificIdentityLink(
+ pendingReq.getServiceProviderConfiguration(),
+ authProcessData.getIdentityLink(),
+ authData.getBPK(),
+ authData.getBPKType()));
+ else
+ log.info("Can NOT set IdentityLink. Msg: No IdentityLink found");
+
+ }
+
+ //extract a encrypted bPK from PVP attrobute
+ protected abstract Pair getEncryptedbPKFromPVPAttribute(IAuthProcessDataContainer authProcessDataContainer,
+ AuthenticationData authData, ISPConfiguration spConfig) throws EAAFBuilderException;
+
+ //request baseId from SRZ
+ protected abstract Pair getbaseIDFromSZR(AuthenticationData authData, String notValidbPK,
+ String notValidbPKType);
+
+
+ protected Pair buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) throws EAAFBuilderException {
+ ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
+
+ String baseID = authData.getIdentificationValue();
+ String baseIDType = authData.getIdentificationType();
+ Pair sectorSpecId = null;
+
+ if (EAAFConstants.URN_PREFIX_BASEID.equals(baseIDType)) {
+ //SAML1 legacy target parameter work-around
+ String spTargetId = oaParam.getAreaSpecificTargetIdentifier();
+ log.debug("Use OA target identifier '" + spTargetId + "' from configuration");
+
+ //calculate sector specific unique identifier
+ sectorSpecId = new BPKBuilder().generateAreaSpecificPersonIdentifier(baseID, spTargetId);
+
+ } else {
+ log.error("!!!baseID-element does not include a baseID. This should not be happen any more!!!");
+ sectorSpecId = Pair.newInstance(baseID, baseIDType);
+
+ }
+
+ log.trace("Authenticate user with bPK:" + sectorSpecId.getFirst() + " Type:" + sectorSpecId.getSecond());
+ return sectorSpecId;
+
+ }
+
+ protected IIdentityLink buildOAspecificIdentityLink(ISPConfiguration spConfig, IIdentityLink idl, String bPK, String bPKType) throws EAAFConfigurationException, XPathException, DOMException, EAAFParserException {
+ if (spConfig.hasBaseIdTransferRestriction()) {
+ log.debug("SP: " + spConfig.getUniqueIdentifier() + " has baseId transfer restriction. Remove baseId from IDL ...");
+ Element idlassertion = idl.getSamlAssertion();
+ //set bpk/wpbk;
+ Node prIdentification = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ prIdentification.getFirstChild().setNodeValue(bPK);
+ //set bkp/wpbk type
+ Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
+ prIdentificationType.getFirstChild().setNodeValue(bPKType);
+
+ SimpleIdentityLinkAssertionParser idlparser = new SimpleIdentityLinkAssertionParser(idlassertion);
+ return idlparser.parseIdentityLink();
+
+ } else
+ return idl;
+
+ }
+
+ /**
+ * Check a bPK-Type against a Service-Provider configuration
+ * If bPK-Type is null the result is false.
+ *
+ * @param oaParam Service-Provider configuration, never null
+ * @param bPKType bPK-Type to check
+ * @return true, if bPK-Type matchs to Service-Provider configuration, otherwise false
+ */
+ private boolean matchsReceivedbPKToOnlineApplication(ISPConfiguration oaParam, String bPKType) {
+ return oaParam.getAreaSpecificTargetIdentifier().equals(bPKType);
+
+ }
+
+ /**
+ * Parse information from an IdentityLink into AuthData object
+ *
+ * @param authData
+ * @param identityLink
+ * @param includedGenericSessionData
+ */
+ private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection includedGenericSessionData) {
+ authData.setIdentificationValue(identityLink.getIdentificationValue());
+ authData.setIdentificationType(identityLink.getIdentificationType());
+
+ authData.setGivenName(identityLink.getGivenName());
+ authData.setFamilyName(identityLink.getFamilyName());
+ authData.setDateOfBirth(identityLink.getDateOfBirth());
+
+ //remove corresponding keys from genericSessionData if exists
+ includedGenericSessionData.remove(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME);
+ includedGenericSessionData.remove(PVPAttributeDefinitions.GIVEN_NAME_NAME);
+ includedGenericSessionData.remove(PVPAttributeDefinitions.BIRTHDATE_NAME);
+ includedGenericSessionData.remove(PVPAttributeDefinitions.EID_SOURCE_PIN_NAME);
+ includedGenericSessionData.remove(PVPAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME);
+
+ }
+
+ /**
+ * Get bPK from PVP Attribute 'BPK_NAME', which could be exist in
+ * MOASession as 'GenericData'
+ *
+ * @param session MOASession, but never null
+ * @return bPK, which was received by PVP-Attribute, or null if no attribute exists
+ */
+ private String getbPKValueFromPVPAttribute(IAuthProcessDataContainer session) {
+ String pvpbPKValueAttr = session.getGenericDataFromSession(PVPAttributeDefinitions.BPK_NAME, String.class);
+ if (StringUtils.isNotEmpty(pvpbPKValueAttr)) {
+
+ //fix a wrong bPK-value prefix, which was used in some PVP Standardportal implementations
+ if (pvpbPKValueAttr.startsWith("bPK:")) {
+ log.warn("Attribute " + PVPAttributeDefinitions.BPK_NAME
+ + " contains a not standardize prefix! Staring attribute value correction process ...");
+ pvpbPKValueAttr = pvpbPKValueAttr.substring("bPK:".length());
+
+ }
+
+ String[] spitted = pvpbPKValueAttr.split(":");
+ if (spitted.length != 2) {
+ log.warn("Attribute " + PVPAttributeDefinitions.BPK_NAME + " has a wrong encoding and can NOT be USED!"
+ + " Value:" + pvpbPKValueAttr);
+ return null;
+
+ }
+ log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME);
+ return spitted[1];
+
+ }
+
+ return null;
+ }
+
+ /**
+ * Get bPK-Type from PVP Attribute 'EID_SECTOR_FOR_IDENTIFIER_NAME', which could be exist in
+ * MOASession as 'GenericData'
+ *
+ * @author tknall
+ * @author tlenz
+ *
+ */
+public abstract class AbstractTask implements Task {
+
+ /**
+ * Executes the task providing the underlying {@link ExecutionContext} {@code executionContext} as well as the
+ * respective {@link HttpServletRequest} and {@link HttpServletResponse}.
+ *
+ * @param executionContext
+ * The execution context (never {@code null}).
+ * @param request
+ * The HttpServletRequest (never {@code null}).
+ * @param response
+ * The HttpServletResponse (never {@code null}).
+ * @throws IllegalStateException
+ * Thrown in case the task is nur being run within the required environment. Refer to javadoc for
+ * further information.
+ * @throws Exception
+ * Thrown in case of error executing the task.
+ */
+ public abstract void execute(ExecutionContext executionContext, HttpServletRequest request,
+ HttpServletResponse response) throws TaskExecutionException;
+
+ /**
+ * Executes the task providing the underlying {@link ExecutionContext} {@code executionContext}
+ * and the {@link IRequest} {@code pendingReq }as well as the
+ * respective {@link HttpServletRequest} and {@link HttpServletResponse}.
+ *
+ * This method sets the pending-request object of the task implementation and starts the
+ * {@code execute} method of the task
+ *
+ * @param pendingReq The pending-request object (never {@code null}).
+ * @param executionContext The execution context (never {@code null}).
+ * @param request The HttpServletRequest (never {@code null}).
+ * @param response The HttpServletResponse (never {@code null}).
+ * @return The pending-request object, because Process-management works recursive
+ *
+ * @throws IllegalStateException
+ * Thrown in case the task is being run within the required environment. Refer to javadoc for
+ * further information.
+ * @throws Exception
+ * Thrown in case of error executing the task.
+ */
+ protected abstract IRequest internalExecute(IRequest pendingReq, ExecutionContext executionContext, HttpServletRequest request,
+ HttpServletResponse response) throws TaskExecutionException;
+
+ @Override
+ public IRequest execute(IRequest pendingReq, ExecutionContext executionContext) throws TaskExecutionException {
+ RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
+ if (requestAttributes != null && requestAttributes instanceof ServletRequestAttributes) {
+ HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
+ HttpServletResponse response = ((ServletRequestAttributes) requestAttributes).getResponse();
+ if (request == null || response == null) {
+ throw new IllegalStateException(
+ "Spring's RequestContextHolder did not provide HttpServletResponse. Did you forget to set the required org.springframework.web.filter.RequestContextFilter in your web.xml.");
+ }
+ return internalExecute(pendingReq, executionContext, request, response);
+ } else {
+ throw new IllegalStateException("Task needs to be executed within a Spring web environment.");
+ }
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java
new file mode 100644
index 00000000..229735e3
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java
@@ -0,0 +1,145 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.idp.process.springweb;
+
+import java.io.Serializable;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Objects;
+
+import javax.annotation.PostConstruct;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang3.ArrayUtils;
+import org.apache.commons.lang3.BooleanUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.expression.BeanFactoryResolver;
+import org.springframework.expression.Expression;
+import org.springframework.expression.ExpressionParser;
+import org.springframework.expression.spel.standard.SpelExpressionParser;
+import org.springframework.expression.spel.support.StandardEvaluationContext;
+
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.idp.process.ExpressionEvaluationContext;
+import at.gv.egiz.eaaf.core.api.idp.process.ExpressionEvaluator;
+import at.gv.egiz.eaaf.core.impl.idp.process.model.Transition;
+
+/**
+ * Expression evaluator for processing {@link Transition} conditions allowing to
+ *
+ *
reference Spring beans from the application context using {@code @myBeanName...},
+ *
{@link ExecutionContext} properties using {@code ctx['property']},
+ *
Multi valued {@link HttpServletRequest} parameters using {@code requestParameters['foo']} (keep in mind that this
+ * expression returns an array of String values) and
+ *
Single valued {@link HttpServletRequest} parameters using {@code requestParameter['foo']}
+ *
+ *
+ * @author tknall
+ *
+ */
+public class SpringWebExpressionEvaluator implements ExpressionEvaluator {
+
+ private Logger log = LoggerFactory.getLogger(getClass());
+ private ExpressionParser parser = new SpelExpressionParser();
+ private StandardEvaluationContext evaluationContext = new StandardEvaluationContext();
+
+ @Autowired(required = false)
+ private ApplicationContext ctx;
+
+ @Autowired(required = false)
+ private HttpServletRequest request;
+
+ @PostConstruct
+ private void init() {
+ if (ctx != null) {
+ evaluationContext.setBeanResolver(new BeanFactoryResolver(ctx));
+ }
+ }
+
+ /**
+ * Evaluation context that provides access to {@link HttpServletRequest} parameters using
+ * {@code requestParameter['foo']} for single value parameters or {@code requestParameters['foo']} for multi value
+ * parameters. Basic calls to {@code ctx} will be delegated.
+ *
+ * @author tknall
+ *
+ */
+ private class SpringWebExpressionEvaluationContext implements ExpressionEvaluationContext {
+
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * Creates a new expression evaluation context, providing access to HttpServletRequest parameter(s).
+ *
+ * @param delegate
+ * The original {@link ExpressionEvaluationContext} to be delegated to for {@code ctx['foo']}
+ * expressions.
+ */
+ public SpringWebExpressionEvaluationContext(ExpressionEvaluationContext delegate) {
+ this.delegate = delegate;
+ }
+
+ private ExpressionEvaluationContext delegate;
+
+ @Override
+ public Map getCtx() {
+ return delegate.getCtx();
+ }
+
+ @SuppressWarnings("unused")
+ public Map getRequestParameter() {
+ if (request != null) {
+ Map singleValueMap = new HashMap();
+ Iterator> it = request.getParameterMap().entrySet().iterator();
+ while (it.hasNext()) {
+ Entry entry = it.next();
+ if (ArrayUtils.isNotEmpty(entry.getValue())) {
+ singleValueMap.put(entry.getKey(), entry.getValue()[0]);
+ }
+ }
+ return singleValueMap;
+ } else {
+ return Collections. emptyMap();
+ }
+ }
+
+ @SuppressWarnings("unused")
+ public Map getRequestParameters() {
+ if (request != null) {
+ return request.getParameterMap();
+ } else {
+ return Collections. emptyMap();
+ }
+ }
+
+ }
+
+ @Override
+ public boolean evaluate(ExpressionEvaluationContext expressionContext, String expression) {
+ Objects.requireNonNull(expression, "Expression must not be null.");
+ log.trace("Evaluating '{}'.", expression);
+
+ Expression expr = parser.parseExpression(expression);
+ Boolean result = null;
+ try {
+ result = expr.getValue(evaluationContext, new SpringWebExpressionEvaluationContext(expressionContext),
+ Boolean.class);
+ if (result == null) {
+ log.warn("Evaluation of '{}' results in null-value.", expression);
+ } else {
+ log.debug("Expression '{}' -> {}", expression, result);
+ }
+ } catch (Exception e) {
+ log.warn("Expression '{}' could not be processed.", expression, e);
+ }
+
+ return BooleanUtils.isTrue(result);
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java
new file mode 100644
index 00000000..0f581dae
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java
@@ -0,0 +1,37 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.idp.process.support;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+/**
+ * Holder for a secure random instance following the initialization on demand holder design pattern. The secure random
+ * instance is a singleton that is initialized on first usage.
+ *
+ * @author tknall
+ *
+ */
+public class SecureRandomHolder {
+
+ private SecureRandomHolder() {
+ }
+
+ private static final SecureRandom SRND_INSTANCE;
+ static {
+ try {
+ SRND_INSTANCE = SecureRandom.getInstance("SHA1PRNG");
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException("Unable to instantiate SHA1PRNG.", e);
+ }
+ }
+
+ /**
+ * Returns a secure random generator instance.
+ * @return The secure random instance.
+ */
+ public static SecureRandom getInstance() {
+ return SecureRandomHolder.SRND_INSTANCE;
+ }
+
+}
\ No newline at end of file
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/DummyRevisionsLogger.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/DummyRevisionsLogger.java
new file mode 100644
index 00000000..5b6b8146
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/DummyRevisionsLogger.java
@@ -0,0 +1,52 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.logging;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+
+public class DummyRevisionsLogger implements IRevisionLogger {
+ private static final Logger log = LoggerFactory.getLogger(DummyStatisticLogger.class);
+
+
+ @Override
+ public void logEvent(ISPConfiguration oaConfig, int eventCode, String message) {
+ log.trace("Dummy-logEventOperation");
+
+ }
+
+ @Override
+ public void logEvent(int eventCode, String message) {
+ log.trace("Dummy-logEventOperation");
+
+ }
+
+ @Override
+ public void logEvent(String sessionID, String transactionID, int eventCode, String message) {
+ log.trace("Dummy-logEventOperation");
+
+ }
+
+ @Override
+ public void logEvent(String sessionID, String transactionID, int eventCode) {
+ log.trace("Dummy-logEventOperation");
+
+ }
+
+ @Override
+ public void logEvent(IRequest pendingRequest, int eventCode) {
+ log.trace("Dummy-logEventOperation");
+
+ }
+
+ @Override
+ public void logEvent(IRequest pendingRequest, int eventCode, String message) {
+ log.trace("Dummy-logEventOperation");
+
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/DummyStatisticLogger.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/DummyStatisticLogger.java
new file mode 100644
index 00000000..20f58b14
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/DummyStatisticLogger.java
@@ -0,0 +1,43 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.logging;
+
+
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
+
+@Service("DummyStatisticLogger")
+public class DummyStatisticLogger implements IStatisticLogger{
+ private static final Logger log = LoggerFactory.getLogger(DummyStatisticLogger.class);
+
+ @Override
+ public void logSuccessOperation(IRequest protocolRequest,
+ IAuthData authData, boolean isSSOSession) {
+ log.trace("Dummy-logSuccessOperation");
+ }
+
+ @Override
+ public void logErrorOperation(Throwable throwable) {
+ log.trace("Dummy-logErrorOperation");
+ }
+
+ @Override
+ public void logErrorOperation(Throwable throwable, IRequest errorRequest) {
+ log.trace("Dummy-logErrorOperation");
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger#testConnection()
+ */
+ @Override
+ public void internalTesting() throws Exception {
+ log.trace("Dummy-logErrorOperation");
+
+ }
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DOMUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DOMUtils.java
new file mode 100644
index 00000000..f28700a1
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DOMUtils.java
@@ -0,0 +1,1243 @@
+/*******************************************************************************
+ *******************************************************************************/
+
+
+package at.gv.egiz.eaaf.core.impl.utils;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+import java.util.Vector;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.xerces.parsers.DOMParser;
+import org.apache.xerces.parsers.SAXParser;
+import org.apache.xerces.parsers.XMLGrammarPreparser;
+import org.apache.xerces.util.SymbolTable;
+import org.apache.xerces.util.XMLGrammarPoolImpl;
+import org.apache.xerces.xni.grammars.XMLGrammarDescription;
+import org.apache.xerces.xni.grammars.XMLGrammarPool;
+import org.apache.xerces.xni.parser.XMLInputSource;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
+import org.w3c.dom.DocumentFragment;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.EntityResolver;
+import org.xml.sax.ErrorHandler;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+import at.gv.egiz.eaaf.core.api.data.XMLNamespaceConstants;
+
+/**
+ * Various utility functions for handling XML DOM trees.
+ *
+ * The parsing methods in this class make use of some features internal to the
+ * Xerces DOM parser, mainly for performance reasons. As soon as JAXP
+ * (currently at version 1.2) is better at schema handling, it should be used as
+ * the parser interface.
+ *
+ */
+public class DOMUtils {
+ private static final Logger log = LoggerFactory.getLogger(DOMUtils.class);
+
+ /** Feature URI for namespace aware parsing. */
+ private static final String NAMESPACES_FEATURE =
+ "http://xml.org/sax/features/namespaces";
+ /** Feature URI for validating parsing. */
+ private static final String VALIDATION_FEATURE =
+ "http://xml.org/sax/features/validation";
+ /** Feature URI for schema validating parsing. */
+ private static final String SCHEMA_VALIDATION_FEATURE =
+ "http://apache.org/xml/features/validation/schema";
+ /** Feature URI for normalization of element/attribute values. */
+ private static final String NORMALIZED_VALUE_FEATURE =
+ "http://apache.org/xml/features/validation/schema/normalized-value";
+ /** Feature URI for parsing ignorable whitespace. */
+ private static final String INCLUDE_IGNORABLE_WHITESPACE_FEATURE =
+ "http://apache.org/xml/features/dom/include-ignorable-whitespace";
+ /** Feature URI for creating EntityReference nodes in the DOM tree. */
+ private static final String CREATE_ENTITY_REF_NODES_FEATURE =
+ "http://apache.org/xml/features/dom/create-entity-ref-nodes";
+ /** Property URI for providing external schema locations. */
+ private static final String EXTERNAL_SCHEMA_LOCATION_PROPERTY =
+ "http://apache.org/xml/properties/schema/external-schemaLocation";
+ /** Property URI for providing the external schema location for elements
+ * without a namespace. */
+ private static final String EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY =
+ "http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation";
+
+ private static final String EXTERNAL_GENERAL_ENTITIES_FEATURE =
+ "http://xml.org/sax/features/external-general-entities";
+
+ private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE =
+ "http://xml.org/sax/features/external-parameter-entities";
+
+ public static final String DISALLOW_DOCTYPE_FEATURE =
+ "http://apache.org/xml/features/disallow-doctype-decl";
+
+
+
+ /** Property URI for the Xerces grammar pool. */
+ private static final String GRAMMAR_POOL =
+ org.apache.xerces.impl.Constants.XERCES_PROPERTY_PREFIX
+ + org.apache.xerces.impl.Constants.XMLGRAMMAR_POOL_PROPERTY;
+ /** A prime number for initializing the symbol table. */
+ private static final int BIG_PRIME = 2039;
+ /** Symbol table for the grammar pool. */
+ private static SymbolTable symbolTable = new SymbolTable(BIG_PRIME);
+ /** Xerces schema grammar pool. */
+ private static XMLGrammarPool grammarPool = new XMLGrammarPoolImpl();
+ /** Set holding the NamespaceURIs of the grammarPool, to prevent multiple
+ * entries of same grammars to the pool */
+ private static Set grammarNamespaces;
+
+ static {
+ grammarPool.lockPool();
+ grammarNamespaces = new HashSet();
+ }
+
+ /**
+ * Preparse a schema and add it to the schema pool.
+ * The method only adds the schema to the pool if a schema having the same
+ * systemId (namespace URI) is not already present in the pool.
+ *
+ * @param inputStream An InputStream providing the contents of
+ * the schema.
+ * @param systemId The systemId (namespace URI) to use for the schema.
+ * @throws IOException An error occurred reading the schema.
+ */
+ public static void addSchemaToPool(InputStream inputStream, String systemId)
+ throws IOException {
+ XMLGrammarPreparser preparser;
+
+ if (!grammarNamespaces.contains(systemId)) {
+
+ grammarNamespaces.add(systemId);
+
+ // unlock the pool so that we can add another grammar
+ grammarPool.unlockPool();
+
+ // prepare the preparser
+ preparser = new XMLGrammarPreparser(symbolTable);
+ preparser.registerPreparser(XMLGrammarDescription.XML_SCHEMA, null);
+ preparser.setProperty(GRAMMAR_POOL, grammarPool);
+ preparser.setFeature(NAMESPACES_FEATURE, true);
+ preparser.setFeature(VALIDATION_FEATURE, true);
+
+ // add the grammar to the pool
+ preparser.preparseGrammar(
+ XMLGrammarDescription.XML_SCHEMA,
+ new XMLInputSource(null, systemId, null, inputStream, null));
+
+ // lock the pool again so that schemas are not added automatically
+ grammarPool.lockPool();
+ }
+ }
+
+ /**
+ * Parse an XML document from an InputStream.
+ *
+ * @param inputStream The InputStream containing the XML
+ * document.
+ * @param validating If true, parse validating.
+ * @param externalSchemaLocations A String containing namespace
+ * URI to schema location pairs, the same way it is accepted by the xsi:
+ * schemaLocation attribute.
+ * @param externalNoNamespaceSchemaLocation The schema location of the
+ * schema for elements without a namespace, the same way it is accepted by the
+ * xsi:noNamespaceSchemaLocation attribute.
+ * @param entityResolver An EntityResolver to resolve external
+ * entities (schemas and DTDs). If null, it will not be set.
+ * @param errorHandler An ErrorHandler to decide what to do
+ * with parsing errors. If null, it will not be set.
+ * @return The parsed XML document as a DOM tree.
+ * @throws SAXException An error occurred parsing the document.
+ * @throws IOException An error occurred reading the document.
+ * @throws ParserConfigurationException An error occurred configuring the XML
+ * parser.
+ */
+ public static Document parseDocument(
+ InputStream inputStream,
+ boolean validating,
+ String externalSchemaLocations,
+ String externalNoNamespaceSchemaLocation,
+ EntityResolver entityResolver,
+ ErrorHandler errorHandler,
+ Map parserFeatures)
+ throws SAXException, IOException, ParserConfigurationException {
+
+ DOMParser parser;
+
+// class MyEntityResolver implements EntityResolver {
+//
+// public InputSource resolveEntity(String publicId, String systemId)
+// throws SAXException, IOException {
+// return new InputSource(new ByteArrayInputStream(new byte[0]));
+// }
+// }
+
+
+ //if Debug is enabled make a copy of inputStream to enable debug output in case of SAXException
+ byte buffer [] = null;
+ ByteArrayInputStream baStream = null;
+ if(true == log.isDebugEnabled()) {
+ buffer = IOUtils.toByteArray(inputStream);
+ baStream = new ByteArrayInputStream(buffer);
+
+ }
+
+
+
+ // create the DOM parser
+ if (symbolTable != null) {
+ parser = new DOMParser(symbolTable, grammarPool);
+ } else {
+ parser = new DOMParser();
+ }
+
+ // set parser features and properties
+ try {
+ parser.setFeature(NAMESPACES_FEATURE, true);
+ parser.setFeature(VALIDATION_FEATURE, validating);
+ parser.setFeature(SCHEMA_VALIDATION_FEATURE, validating);
+ parser.setFeature(NORMALIZED_VALUE_FEATURE, false);
+ parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true);
+ parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
+ parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
+ parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
+
+ //set external added parser features
+ if (parserFeatures != null) {
+ for (Entry el : parserFeatures.entrySet()) {
+ String key = el.getKey();
+ if (StringUtils.isNotEmpty(key)) {
+ Object value = el.getValue();
+ if (value != null && value instanceof Boolean)
+ parser.setFeature(key, (boolean)value);
+
+ else
+ log.warn("This XML parser only allows features with 'boolean' values");
+
+ } else
+ log.warn("Can not set 'null' feature to XML parser");
+ }
+ }
+
+ //fix XXE problem
+ //parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+
+
+ if (validating) {
+ if (externalSchemaLocations != null) {
+ parser.setProperty(
+ EXTERNAL_SCHEMA_LOCATION_PROPERTY,
+ externalSchemaLocations);
+ }
+ if (externalNoNamespaceSchemaLocation != null) {
+ parser.setProperty(
+ EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY,
+ externalNoNamespaceSchemaLocation);
+ }
+ }
+
+ // set entity resolver and error handler
+ if (entityResolver != null) {
+ parser.setEntityResolver(entityResolver);
+ }
+ if (errorHandler != null) {
+ parser.setErrorHandler(errorHandler);
+ }
+
+ // parse the document and return it
+ // if debug is enabled: use copy of strem (baStream) else use orig stream
+ if(null != baStream)
+ parser.parse(new InputSource(baStream));
+ else
+ parser.parse(new InputSource(inputStream));
+ } catch(SAXException e) {
+ if(true == log.isDebugEnabled() && null != buffer) {
+ String xmlContent = new String(buffer);
+ log.debug("SAXException in:\n" + xmlContent);
+ }
+ throw(e);
+ }
+
+ return parser.getDocument();
+ }
+
+ /**
+ * Parse an XML document from an InputStream.
+ *
+ * @param inputStream The InputStream containing the XML
+ * document.
+ * @param validating If true, parse validating.
+ * @param externalSchemaLocations A String containing namespace
+ * URI to schema location pairs, the same way it is accepted by the xsi:
+ * schemaLocation attribute.
+ * @param externalNoNamespaceSchemaLocation The schema location of the
+ * schema for elements without a namespace, the same way it is accepted by the
+ * xsi:noNamespaceSchemaLocation attribute.
+ * @param entityResolver An EntityResolver to resolve external
+ * entities (schemas and DTDs). If null, it will not be set.
+ * @param errorHandler An ErrorHandler to decide what to do
+ * with parsing errors. If null, it will not be set.
+ * @return The parsed XML document as a DOM tree.
+ * @throws SAXException An error occurred parsing the document.
+ * @throws IOException An error occurred reading the document.
+ * @throws ParserConfigurationException An error occurred configuring the XML
+ * parser.
+ */
+ public static Document parseDocumentSimple(InputStream inputStream)
+ throws SAXException, IOException, ParserConfigurationException {
+
+ DOMParser parser;
+
+ parser = new DOMParser();
+ // set parser features and properties
+ parser.setFeature(NAMESPACES_FEATURE, true);
+ parser.setFeature(VALIDATION_FEATURE, false);
+ parser.setFeature(SCHEMA_VALIDATION_FEATURE, false);
+ parser.setFeature(NORMALIZED_VALUE_FEATURE, false);
+ parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true);
+ parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
+
+ parser.parse(new InputSource(inputStream));
+
+ return parser.getDocument();
+ }
+
+
+ /**
+ * Parse an XML document from an InputStream.
+ *
+ * It uses a MOAEntityResolver as the EntityResolver
+ * and a MOAErrorHandler as the ErrorHandler.
+ *
+ * @param inputStream The InputStream containing the XML
+ * document.
+ * @param validating If true, parse validating.
+ * @param externalSchemaLocations A String containing namespace
+ * URI to schema location pairs, the same way it is accepted by the xsi:
+ * schemaLocation attribute.
+ * @param externalNoNamespaceSchemaLocation The schema location of the
+ * schema for elements without a namespace, the same way it is accepted by the
+ * xsi:noNamespaceSchemaLocation attribute.
+ * @param parserFeatures
+ * @return The parsed XML document as a DOM tree.
+ * @throws SAXException An error occurred parsing the document.
+ * @throws IOException An error occurred reading the document.
+ * @throws ParserConfigurationException An error occurred configuring the XML
+ * parser.
+ */
+ public static Document parseDocument(
+ InputStream inputStream,
+ boolean validating,
+ String externalSchemaLocations,
+ String externalNoNamespaceSchemaLocation, Map parserFeatures)
+ throws SAXException, IOException, ParserConfigurationException {
+
+
+
+ return parseDocument(
+ inputStream,
+ validating,
+ externalSchemaLocations,
+ externalNoNamespaceSchemaLocation,
+ new EAAFDomEntityResolver(),
+ null,
+ parserFeatures);
+ }
+
+ /**
+ * Parse an XML document from a String.
+ *
+ * It uses a MOAEntityResolver as the EntityResolver
+ * and a MOAErrorHandler as the ErrorHandler.
+ *
+ * @param xmlString The String containing the XML document.
+ * @param encoding The encoding of the XML document.
+ * @param validating If true, parse validating.
+ * @param externalSchemaLocations A String containing namespace
+ * URI to schema location pairs, the same way it is accepted by the xsi:
+ * schemaLocation attribute.
+ * @param externalNoNamespaceSchemaLocation The schema location of the
+ * schema for elements without a namespace, the same way it is accepted by the
+ * xsi:noNamespaceSchemaLocation attribute.
+ * @return The parsed XML document as a DOM tree.
+ * @throws SAXException An error occurred parsing the document.
+ * @throws IOException An error occurred reading the document.
+ * @throws ParserConfigurationException An error occurred configuring the XML
+ * parser.
+ */
+ public static Document parseDocument(
+ String xmlString,
+ String encoding,
+ boolean validating,
+ String externalSchemaLocations,
+ String externalNoNamespaceSchemaLocation,
+ Map parserFeatures)
+ throws SAXException, IOException, ParserConfigurationException {
+
+ InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding));
+ return parseDocument(
+ in,
+ validating,
+ externalSchemaLocations,
+ externalNoNamespaceSchemaLocation,
+ parserFeatures);
+ }
+
+
+ /**
+ * Parse an XML document from a String.
+ *
+ * It uses a MOAEntityResolver as the EntityResolver
+ * and a MOAErrorHandler as the ErrorHandler.
+ *
+ * @param xmlString The String containing the XML document.
+ * @param encoding The encoding of the XML document.
+ * @param validating If true, parse validating.
+ * @param externalSchemaLocations A String containing namespace
+ * URI to schema location pairs, the same way it is accepted by the xsi:
+ * schemaLocation attribute.
+ * @param externalNoNamespaceSchemaLocation The schema location of the
+ * schema for elements without a namespace, the same way it is accepted by the
+ * xsi:noNamespaceSchemaLocation attribute.
+ * @return The parsed XML document as a DOM tree.
+ * @throws SAXException An error occurred parsing the document.
+ * @throws IOException An error occurred reading the document.
+ * @throws ParserConfigurationException An error occurred configuring the XML
+ * parser.
+ */
+ public static Document parseDocument(
+ String xmlString,
+ String encoding,
+ boolean validating,
+ String externalSchemaLocations,
+ String externalNoNamespaceSchemaLocation)
+ throws SAXException, IOException, ParserConfigurationException {
+
+ InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding));
+ return parseDocument(
+ in,
+ validating,
+ externalSchemaLocations,
+ externalNoNamespaceSchemaLocation,
+ null);
+ }
+
+ /**
+ * Parse an UTF-8 encoded XML document from a String.
+ *
+ * @param xmlString The String containing the XML document.
+ * @param validating If true, parse validating.
+ * @param externalSchemaLocations A String containing namespace
+ * URI to schema location pairs, the same way it is accepted by the xsi:
+ * schemaLocation attribute.
+ * @param externalNoNamespaceSchemaLocation The schema location of the
+ * schema for elements without a namespace, the same way it is accepted by the
+ * xsi:noNamespaceSchemaLocation attribute.
+ * @return The parsed XML document as a DOM tree.
+ * @throws SAXException An error occurred parsing the document.
+ * @throws IOException An error occurred reading the document.
+ * @throws ParserConfigurationException An error occurred configuring the XML
+ * parser.
+ */
+ public static Document parseDocument(
+ String xmlString,
+ boolean validating,
+ String externalSchemaLocations,
+ String externalNoNamespaceSchemaLocation)
+ throws SAXException, IOException, ParserConfigurationException {
+
+ return parseDocument(
+ xmlString,
+ "UTF-8",
+ validating,
+ externalSchemaLocations,
+ externalNoNamespaceSchemaLocation);
+ }
+
+ /**
+ * A convenience method to parse an XML document validating.
+ *
+ * @param inputStream The InputStream containing the XML
+ * document.
+ * @return The root element of the parsed XML document.
+ * @throws SAXException An error occurred parsing the document.
+ * @throws IOException An error occurred reading the document.
+ * @throws ParserConfigurationException An error occurred configuring the XML
+ * parser.
+ */
+ public static Element parseXmlValidating(InputStream inputStream)
+ throws ParserConfigurationException, SAXException, IOException {
+ return DOMUtils
+ .parseDocument(inputStream, true, XMLNamespaceConstants.ALL_SCHEMA_LOCATIONS, null, null)
+ .getDocumentElement();
+ }
+
+ /**
+ * A convenience method to parse an XML document validating.
+ *
+ * @param inputStream The InputStream containing the XML
+ * document.
+ * @param parserFeatures Set additional features to XML parser
+ * @return The root element of the parsed XML document.
+ * @throws SAXException An error occurred parsing the document.
+ * @throws IOException An error occurred reading the document.
+ * @throws ParserConfigurationException An error occurred configuring the XML
+ * parser.
+ */
+ public static Element parseXmlValidating(InputStream inputStream, Map parserFeatures)
+ throws ParserConfigurationException, SAXException, IOException {
+ return DOMUtils
+ .parseDocument(inputStream, true, XMLNamespaceConstants.ALL_SCHEMA_LOCATIONS, null, parserFeatures)
+ .getDocumentElement();
+ }
+
+ /**
+ * A convenience method to parse an XML document non validating.
+ * This method disallow DocType declarations
+ *
+ * @param inputStream The InputStream containing the XML
+ * document.
+ * @return The root element of the parsed XML document.
+ * @throws SAXException An error occurred parsing the document.
+ * @throws IOException An error occurred reading the document.
+ * @throws ParserConfigurationException An error occurred configuring the XML
+ * parser.
+ */
+ public static Element parseXmlNonValidating(InputStream inputStream)
+ throws ParserConfigurationException, SAXException, IOException {
+ return DOMUtils
+ .parseDocument(inputStream, false, XMLNamespaceConstants.ALL_SCHEMA_LOCATIONS, null,
+ Collections.unmodifiableMap(new HashMap() {
+ private static final long serialVersionUID = 1L;
+ {
+ put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+
+ }
+ })).getDocumentElement();
+ }
+
+ /**
+ * Schema validate a given DOM element.
+ *
+ * @param element The element to validate.
+ * @param externalSchemaLocations A String containing namespace
+ * URI to schema location pairs, the same way it is accepted by the xsi:
+ * schemaLocation attribute.
+ * @param externalNoNamespaceSchemaLocation The schema location of the
+ * schema for elements without a namespace, the same way it is accepted by the
+ * xsi:noNamespaceSchemaLocation attribute.
+ * @return true, if the element validates against
+ * the schemas declared in it.
+ * @throws SAXException An error occurred parsing the document.
+ * @throws IOException An error occurred reading the document from its
+ * serialized representation.
+ * @throws ParserConfigurationException An error occurred configuring the XML
+ * @throws TransformerException An error occurred serializing the element.
+ */
+ public static boolean validateElement(
+ Element element,
+ String externalSchemaLocations,
+ String externalNoNamespaceSchemaLocation)
+ throws
+ ParserConfigurationException,
+ IOException,
+ SAXException,
+ TransformerException {
+
+ byte[] docBytes;
+ SAXParser parser;
+
+ // create the SAX parser
+ if (symbolTable != null) {
+ parser = new SAXParser(symbolTable, grammarPool);
+ } else {
+ parser = new SAXParser();
+ }
+
+ // serialize the document
+ docBytes = serializeNode(element, "UTF-8");
+
+ // set up parser features and attributes
+ parser.setFeature(NAMESPACES_FEATURE, true);
+ parser.setFeature(VALIDATION_FEATURE, true);
+ parser.setFeature(SCHEMA_VALIDATION_FEATURE, true);
+ parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
+ parser.setFeature(DISALLOW_DOCTYPE_FEATURE, true);
+
+
+ if (externalSchemaLocations != null) {
+ parser.setProperty(
+ EXTERNAL_SCHEMA_LOCATION_PROPERTY,
+ externalSchemaLocations);
+ }
+ if (externalNoNamespaceSchemaLocation != null) {
+ parser.setProperty(
+ EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY,
+ "externalNoNamespaceSchemaLocation");
+ }
+
+ // set up entity resolver and error handler
+ parser.setEntityResolver(new EAAFDomEntityResolver());
+
+ // parse validating
+ parser.parse(new InputSource(new ByteArrayInputStream(docBytes)));
+ return true;
+ }
+
+
+ /**
+ * Schema validate a given DOM element.
+ *
+ * @param element The element to validate.
+ * @param externalSchemaLocations A String containing namespace
+ * URI to schema location pairs, the same way it is accepted by the xsi:
+ * schemaLocation attribute.
+ * @param externalNoNamespaceSchemaLocation The schema location of the
+ * schema for elements without a namespace, the same way it is accepted by the
+ * xsi:noNamespaceSchemaLocation attribute.
+ * @return true, if the element validates against
+ * the schemas declared in it.
+ * @throws SAXException An error occurred parsing the document.
+ * @throws IOException An error occurred reading the document from its
+ * serialized representation.
+ * @throws ParserConfigurationException An error occurred configuring the XML
+ * @throws TransformerException An error occurred serializing the element.
+ */
+ public static boolean validateElement(
+ Element element,
+ String externalSchemaLocations,
+ String externalNoNamespaceSchemaLocation,
+ EntityResolver entityResolver)
+ throws
+ ParserConfigurationException,
+ IOException,
+ SAXException,
+ TransformerException {
+
+ byte[] docBytes;
+ SAXParser parser;
+
+ // create the SAX parser
+ if (symbolTable != null) {
+ parser = new SAXParser(symbolTable, grammarPool);
+ } else {
+ parser = new SAXParser();
+ }
+
+ // serialize the document
+ docBytes = serializeNode(element, "UTF-8");
+
+ // set up parser features and attributes
+ parser.setFeature(NAMESPACES_FEATURE, true);
+ parser.setFeature(VALIDATION_FEATURE, true);
+ parser.setFeature(SCHEMA_VALIDATION_FEATURE, true);
+
+ if (externalSchemaLocations != null) {
+ parser.setProperty(
+ EXTERNAL_SCHEMA_LOCATION_PROPERTY,
+ externalSchemaLocations);
+ }
+ if (externalNoNamespaceSchemaLocation != null) {
+ parser.setProperty(
+ EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY,
+ "externalNoNamespaceSchemaLocation");
+ }
+
+ // set up entity resolver and error handler
+ parser.setEntityResolver(entityResolver);
+
+ // parse validating
+ parser.parse(new InputSource(new ByteArrayInputStream(docBytes)));
+ return true;
+ }
+
+ /**
+ * Serialize the given DOM node.
+ *
+ * The node will be serialized using the UTF-8 encoding.
+ *
+ * @param node The node to serialize.
+ * @return String The String representation of the given DOM
+ * node.
+ * @throws TransformerException An error occurred transforming the
+ * node to a String.
+ * @throws IOException An IO error occurred writing the node to a byte array.
+ */
+ public static String serializeNode(Node node)
+ throws TransformerException, IOException {
+ return new String(serializeNode(node, "UTF-8", false), "UTF-8");
+ }
+
+
+ /**
+ * Serialize the given DOM node.
+ *
+ * The node will be serialized using the UTF-8 encoding.
+ *
+ * @param node The node to serialize.
+ * @param omitXmlDeclaration The boolean value for omitting the XML Declaration.
+ * @return String The String representation of the given DOM
+ * node.
+ * @throws TransformerException An error occurred transforming the
+ * node to a String.
+ * @throws IOException An IO error occurred writing the node to a byte array.
+ */
+ public static String serializeNode(Node node, boolean omitXmlDeclaration)
+ throws TransformerException, IOException {
+ return new String(serializeNode(node, "UTF-8", omitXmlDeclaration), "UTF-8");
+ }
+
+ /**
+ * Serialize the given DOM node.
+ *
+ * The node will be serialized using the UTF-8 encoding.
+ *
+ * @param node The node to serialize.
+ * @param omitXmlDeclaration The boolean value for omitting the XML Declaration.
+ * @param lineSeperator Sets the line seperator String of the parser
+ * @return String The String representation of the given DOM
+ * node.
+ * @throws TransformerException An error occurred transforming the
+ * node to a String.
+ * @throws IOException An IO error occurred writing the node to a byte array.
+ */
+ public static String serializeNode(Node node, boolean omitXmlDeclaration, String lineSeperator)
+ throws TransformerException, IOException {
+ return new String(serializeNode(node, "UTF-8", omitXmlDeclaration, lineSeperator), "UTF-8");
+ }
+
+ /**
+ * Serialize the given DOM node to a byte array.
+ *
+ * @param node The node to serialize.
+ * @param xmlEncoding The XML encoding to use.
+ * @return The serialized node, as a byte array. Using a compatible encoding
+ * this can easily be converted into a String.
+ * @throws TransformerException An error occurred transforming the node to a
+ * byte array.
+ * @throws IOException An IO error occurred writing the node to a byte array.
+ */
+ public static byte[] serializeNode(Node node, String xmlEncoding)
+ throws TransformerException, IOException {
+ return serializeNode(node, xmlEncoding, false);
+ }
+
+ /**
+ * Serialize the given DOM node to a byte array.
+ *
+ * @param node The node to serialize.
+ * @param xmlEncoding The XML encoding to use.
+ * @param omitDeclaration The boolean value for omitting the XML Declaration.
+ * @return The serialized node, as a byte array. Using a compatible encoding
+ * this can easily be converted into a String.
+ * @throws TransformerException An error occurred transforming the node to a
+ * byte array.
+ * @throws IOException An IO error occurred writing the node to a byte array.
+ */
+ public static byte[] serializeNode(Node node, String xmlEncoding, boolean omitDeclaration)
+ throws TransformerException, IOException {
+ return serializeNode(node, xmlEncoding, omitDeclaration, null);
+ }
+
+
+ /**
+ * Serialize the given DOM node to a byte array.
+ *
+ * @param node The node to serialize.
+ * @param xmlEncoding The XML encoding to use.
+ * @param omitDeclaration The boolean value for omitting the XML Declaration.
+ * @param lineSeperator Sets the line seperator String of the parser
+ * @return The serialized node, as a byte array. Using a compatible encoding
+ * this can easily be converted into a String.
+ * @throws TransformerException An error occurred transforming the node to a
+ * byte array.
+ * @throws IOException An IO error occurred writing the node to a byte array.
+ */
+ public static byte[] serializeNode(Node node, String xmlEncoding, boolean omitDeclaration, String lineSeperator)
+ throws TransformerException, IOException {
+
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ Transformer transformer = transformerFactory.newTransformer();
+ ByteArrayOutputStream bos = new ByteArrayOutputStream(16384);
+
+ transformer.setOutputProperty(OutputKeys.METHOD, "xml");
+ transformer.setOutputProperty(OutputKeys.ENCODING, xmlEncoding);
+ String omit = omitDeclaration ? "yes" : "no";
+ transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, omit);
+ if (null!=lineSeperator) {
+ transformer.setOutputProperty("{http://xml.apache.org/xalan}line-separator", lineSeperator);//does not work for xalan <= 2.5.1
+ }
+ transformer.transform(new DOMSource(node), new StreamResult(bos));
+
+ bos.flush();
+ bos.close();
+
+ return bos.toByteArray();
+ }
+
+ /**
+ * Return the text that a node contains.
+ *
+ * This routine:
+ *
+ *
Ignores comments and processing instructions.
+ *
Concatenates TEXT nodes, CDATA nodes, and the results recursively
+ * processing EntityRef nodes.
+ *
Ignores any element nodes in the sublist. (Other possible options are
+ * to recurse into element sublists or throw an exception.)
+ *
+ *
+ * @param node A DOM node from which to extract text.
+ * @return A String representing its contents.
+ */
+ public static String getText(Node node) {
+ if (!node.hasChildNodes()) {
+ return "";
+ }
+
+ StringBuffer result = new StringBuffer();
+ NodeList list = node.getChildNodes();
+
+ for (int i = 0; i < list.getLength(); i++) {
+ Node subnode = list.item(i);
+ if (subnode.getNodeType() == Node.TEXT_NODE) {
+ result.append(subnode.getNodeValue());
+ } else if (subnode.getNodeType() == Node.CDATA_SECTION_NODE) {
+ result.append(subnode.getNodeValue());
+ } else if (subnode.getNodeType() == Node.ENTITY_REFERENCE_NODE) {
+ // Recurse into the subtree for text
+ // (and ignore comments)
+ result.append(getText(subnode));
+ }
+ }
+ return result.toString();
+ }
+
+ /**
+ * Build the namespace prefix to namespace URL mapping in effect for a given
+ * node.
+ *
+ * @param node The context node for which build the map.
+ * @return The namespace prefix to namespace URL mapping (
+ * a String value to String value mapping).
+ */
+ public static Map getNamespaceDeclarations(Node node) {
+ Map nsDecls = new HashMap();
+ int i;
+
+ do {
+ if (node.hasAttributes()) {
+ NamedNodeMap attrs = node.getAttributes();
+
+ for (i = 0; i < attrs.getLength(); i++) {
+ Attr attr = (Attr) attrs.item(i);
+
+ // add prefix mapping if none exists
+ if ("xmlns".equals(attr.getPrefix())
+ || "xmlns".equals(attr.getName())) {
+
+ String nsPrefix =
+ attr.getPrefix() != null ? attr.getLocalName() : "";
+
+ if (nsDecls.get(nsPrefix) == null) {
+ nsDecls.put(nsPrefix, attr.getValue());
+ }
+ }
+ }
+ }
+ } while ((node = node.getParentNode()) != null);
+
+ return nsDecls;
+ }
+
+ /**
+ * Add all namespace declarations declared in the parent(s) of a given
+ * element and used in the subtree of the given element to the given element.
+ *
+ * @param context The element to which to add the namespaces.
+ */
+ public static void localizeNamespaceDeclarations(Element context) {
+ Node parent = context.getParentNode();
+
+ if (parent != null) {
+ Map namespaces = getNamespaceDeclarations(context.getParentNode());
+ Set nsUris = collectNamespaceURIs(context);
+ Iterator iter;
+
+ for (iter = namespaces.entrySet().iterator(); iter.hasNext();) {
+ Map.Entry e = (Map.Entry) iter.next();
+
+ if (nsUris.contains(e.getValue())) {
+ String prefix = (String) e.getKey();
+ String nsUri = (String) e.getValue();
+ String nsAttrName = "".equals(prefix) ? "xmlns" : "xmlns:" + prefix;
+
+ context.setAttributeNS(XMLNamespaceConstants.XMLNS_NS_URI, nsAttrName, nsUri);
+ }
+ }
+ }
+ }
+
+ /**
+ * Collect all the namespace URIs used in the subtree of a given element.
+ *
+ * @param context The element that should be searched for namespace URIs.
+ * @return All namespace URIs used in the subtree of context,
+ * including the ones used in context itself.
+ */
+ public static Set collectNamespaceURIs(Element context) {
+ Set result = new HashSet();
+
+ collectNamespaceURIsImpl(context, result);
+ return result;
+ }
+
+ /**
+ * A recursive method to do the work of collectNamespaceURIs.
+ *
+ * @param context The context element to evaluate.
+ * @param result The result, passed as a parameter to avoid unnecessary
+ * instantiations of Set.
+ */
+ private static void collectNamespaceURIsImpl(Element context, Set result) {
+ NamedNodeMap attrs = context.getAttributes();
+ NodeList childNodes = context.getChildNodes();
+ String nsUri;
+ int i;
+
+ // add the namespace of the context element
+ nsUri = context.getNamespaceURI();
+ if (nsUri != null && nsUri != XMLNamespaceConstants.XMLNS_NS_URI) {
+ result.add(nsUri);
+ }
+
+ // add all namespace URIs from attributes
+ for (i = 0; i < attrs.getLength(); i++) {
+ nsUri = attrs.item(i).getNamespaceURI();
+ if (nsUri != null && nsUri != XMLNamespaceConstants.XMLNS_NS_URI) {
+ result.add(nsUri);
+ }
+ }
+
+ // add all namespaces from subelements
+ for (i = 0; i < childNodes.getLength(); i++) {
+ Node node = childNodes.item(i);
+
+ if (node.getNodeType() == Node.ELEMENT_NODE) {
+ collectNamespaceURIsImpl((Element) node, result);
+ }
+ }
+ }
+
+ /**
+ * Check, that each attribute node in the given NodeList has its
+ * parent in the NodeList as well.
+ *
+ * @param nodes The NodeList to check.
+ * @return true, if each attribute node in nodes
+ * has its parent in nodes as well.
+ */
+ public static boolean checkAttributeParentsInNodeList(NodeList nodes) {
+ Set nodeSet = new HashSet();
+ int i;
+
+ // put the nodes into the nodeSet
+ for (i = 0; i < nodes.getLength(); i++) {
+ nodeSet.add(nodes.item(i));
+ }
+
+ // check that each attribute node's parent is in the node list
+ for (i = 0; i < nodes.getLength(); i++) {
+ Node n = nodes.item(i);
+
+ if (n.getNodeType() == Node.ATTRIBUTE_NODE) {
+ Attr attr = (Attr) n;
+ Element owner = attr.getOwnerElement();
+
+ if (owner == null) {
+ if (!isNamespaceDeclaration(attr)) {
+ return false;
+ }
+ }
+
+ if (!nodeSet.contains(owner) && !isNamespaceDeclaration(attr)) {
+ return false;
+ }
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * Convert an unstructured NodeList into a
+ * DocumentFragment.
+ *
+ * @param nodeList Contains the node list to be converted into a DOM
+ * DocumentFragment.
+ * @return the resulting DocumentFragment. The DocumentFragment will be
+ * backed by a new DOM Document, i.e. all noded of the node list will be
+ * cloned.
+ * @throws ParserConfigurationException An error occurred creating the
+ * DocumentFragment.
+ * @precondition The nodes in the node list appear in document order
+ * @precondition for each Attr node in the node list, the owning Element is
+ * in the node list as well.
+ * @precondition each Element or Attr node in the node list is namespace
+ * aware.
+ */
+ public static DocumentFragment nodeList2DocumentFragment(NodeList nodeList)
+ throws ParserConfigurationException {
+
+ DocumentBuilder builder =
+ DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ Document doc = builder.newDocument();
+ DocumentFragment result = doc.createDocumentFragment();
+
+ if (null == nodeList || nodeList.getLength() == 0) {
+ return result;
+ }
+
+ int currPos = 0;
+ currPos =
+ nodeList2DocumentFragment(nodeList, currPos, result, null, null) + 1;
+
+ while (currPos < nodeList.getLength()) {
+ currPos =
+ nodeList2DocumentFragment(nodeList, currPos, result, null, null) + 1;
+ }
+ return result;
+ }
+
+ /**
+ * Helper method for the nodeList2DocumentFragment.
+ *
+ * @param nodeList The NodeList to convert.
+ * @param currPos The current position in the nodeList.
+ * @param result The resulting DocumentFragment.
+ * @param currOrgElem The current original element.
+ * @param currClonedElem The current cloned element.
+ * @return The current position.
+ */
+ private static int nodeList2DocumentFragment(
+ NodeList nodeList,
+ int currPos,
+ DocumentFragment result,
+ Element currOrgElem,
+ Element currClonedElem) {
+
+ while (currPos < nodeList.getLength()) {
+ Node currentNode = nodeList.item(currPos);
+ switch (currentNode.getNodeType()) {
+ case Node.COMMENT_NODE :
+ case Node.PROCESSING_INSTRUCTION_NODE :
+ case Node.TEXT_NODE :
+ {
+ // Append current node either to resulting DocumentFragment or to
+ // current cloned Element
+ if (null == currClonedElem) {
+ result.appendChild(
+ result.getOwnerDocument().importNode(currentNode, false));
+ } else {
+ // Stop processing if current Node is not a descendant of
+ // current Element
+ if (!isAncestor(currOrgElem, currentNode)) {
+ return --currPos;
+ }
+
+ currClonedElem.appendChild(
+ result.getOwnerDocument().importNode(currentNode, false));
+ }
+ break;
+ }
+
+ case Node.ELEMENT_NODE :
+ {
+ Element nextCurrOrgElem = (Element) currentNode;
+ Element nextCurrClonedElem =
+ result.getOwnerDocument().createElementNS(
+ nextCurrOrgElem.getNamespaceURI(),
+ nextCurrOrgElem.getNodeName());
+
+ // Append current Node either to resulting DocumentFragment or to
+ // current cloned Element
+ if (null == currClonedElem) {
+ result.appendChild(nextCurrClonedElem);
+ currOrgElem = nextCurrOrgElem;
+ currClonedElem = nextCurrClonedElem;
+ } else {
+ // Stop processing if current Node is not a descendant of
+ // current Element
+ if (!isAncestor(currOrgElem, currentNode)) {
+ return --currPos;
+ }
+
+ currClonedElem.appendChild(nextCurrClonedElem);
+ }
+
+ // Process current Node (of type Element) recursively
+ currPos =
+ nodeList2DocumentFragment(
+ nodeList,
+ ++currPos,
+ result,
+ nextCurrOrgElem,
+ nextCurrClonedElem);
+
+ break;
+ }
+
+ case Node.ATTRIBUTE_NODE :
+ {
+ Attr currAttr = (Attr) currentNode;
+
+ // GK 20030411: Hack to overcome problems with IAIK IXSIL
+ if (currAttr.getOwnerElement() == null)
+ break;
+ if (currClonedElem == null)
+ break;
+
+ // currClonedElem must be the owner Element of currAttr if
+ // preconditions are met
+ currClonedElem.setAttributeNS(
+ currAttr.getNamespaceURI(),
+ currAttr.getNodeName(),
+ currAttr.getValue());
+ break;
+ }
+
+ default :
+ {
+ // All other nodes will be ignored
+ }
+ }
+
+ currPos++;
+ }
+
+ return currPos;
+ }
+
+ /**
+ * Check, if the given attribute is a namespace declaration.
+ *
+ * @param attr The attribute to check.
+ * @return true, if the attribute is a namespace declaration,
+ * false otherwise.
+ */
+ private static boolean isNamespaceDeclaration(Attr attr) {
+ return XMLNamespaceConstants.XMLNS_NS_URI.equals(attr.getNamespaceURI());
+ }
+
+ /**
+ * Check, if a given DOM element is an ancestor of a given node.
+ *
+ * @param candAnc The DOM element to check for being the ancestor.
+ * @param cand The node to check for being the child.
+ * @return true, if candAnc is an (indirect)
+ * ancestor of cand; false otherwise.
+ */
+ public static boolean isAncestor(Element candAnc, Node cand) {
+ Node currPar = cand.getParentNode();
+
+ while (currPar != null) {
+ if (candAnc == currPar)
+ return true;
+ currPar = currPar.getParentNode();
+ }
+ return false;
+ }
+
+ /**
+ * Selects the (first) element from a node list and returns it.
+ *
+ * @param nl The NodeList to get the element from.
+ * @return The (first) element included in the node list or null
+ * if the node list is null or empty or no element is
+ * included in the list.
+ */
+ public static Element getElementFromNodeList (NodeList nl) {
+ if ((nl == null) || (nl.getLength() == 0)) {
+ return null;
+ }
+ for (int i=0; iVerifyIdentityLink or VerifyAuthenticationBlock,
+ * including the MOASessionID as a parameter.
+ *
+ * @param authBaseURL base URL (context path) of the MOA ID Authentication component,
+ * including a trailing '/'
+ * @param authServletName request part of the data URL
+ * @param pendingReqId sessionID to be included in the dataURL
+ * @return String
+ */
+ public String buildDataURL(String authBaseURL, String authServletName, String pendingReqId) {
+ String dataURL;
+ if (!authBaseURL.endsWith("/"))
+ authBaseURL += "/";
+
+ if (authServletName.startsWith("/"))
+ authServletName = authServletName.substring(1);
+
+ dataURL = authBaseURL + authServletName;
+
+ if (StringUtils.isNotEmpty(pendingReqId))
+ dataURL = addParameter(dataURL, EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReqId);
+
+ return dataURL;
+ }
+
+ /**
+ * Method addParameter.
+ * @param urlString represents the url
+ * @param paramname is the parameter to be added
+ * @param value is the value of that parameter
+ * @return String
+ */
+ private String addParameter(String urlString, String paramname, String value) {
+ String url = urlString;
+ if (paramname != null) {
+ if (url.indexOf("?") < 0)
+ url += "?";
+ else
+ url += "&";
+ url += paramname + "=" + value;
+ }
+ return url;
+ }
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EAAFDomEntityResolver.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EAAFDomEntityResolver.java
new file mode 100644
index 00000000..5b39386c
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EAAFDomEntityResolver.java
@@ -0,0 +1,104 @@
+/*******************************************************************************
+ *******************************************************************************/
+
+
+package at.gv.egiz.eaaf.core.impl.utils;
+
+import java.io.InputStream;
+
+import org.apache.xerces.util.URI;
+import org.apache.xerces.util.URI.MalformedURIException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.xml.sax.EntityResolver;
+import org.xml.sax.InputSource;
+
+import at.gv.egiz.eaaf.core.api.data.XMLNamespaceConstants;
+
+/**
+ * An EntityResolver that looks up entities stored as
+ * local resources.
+ *
+ *
The following DTDs are mapped to local resources:
+ *
+ *
The XMLSchema.dtd
+ *
The datatypes.dtd
+ *
+ *
+ *
For all other resources, an attempt is made to resolve them as resources,
+ * either absolute or relative to Constants.SCHEMA_ROOT.
+ *
+ */
+public class EAAFDomEntityResolver implements EntityResolver {
+ private static final Logger log = LoggerFactory.getLogger(EAAFDomEntityResolver.class);
+
+ /**
+ * Resolve an entity.
+ *
+ * The systemId parameter is used to perform the lookup of the
+ * entity as a resource, either by interpreting the systemId as
+ * an absolute resource path, or by appending the last path component of
+ * systemId to Constants.SCHEMA_ROOT.
+ *
+ * @param publicId The public ID of the resource.
+ * @param systemId The system ID of the resource.
+ * @return An InputSource from which the entity can be read, or
+ * null, if the entity could not be found.
+ * @see org.xml.sax.EntityResolver#resolveEntity(java.lang.String, java.lang.String)
+ */
+ public InputSource resolveEntity(String publicId, String systemId) {
+ InputStream stream;
+ int slashPos;
+
+ if (publicId != null) {
+ // check if we can resolve some standard dtd's
+ if (publicId.equalsIgnoreCase("-//W3C//DTD XMLSchema 200102//EN")) {
+ return new InputSource(
+ getClass().getResourceAsStream(
+ XMLNamespaceConstants.SCHEMA_ROOT + "XMLSchema.dtd"));
+ } else if (publicId.equalsIgnoreCase("datatypes")) {
+ return new InputSource(
+ getClass().getResourceAsStream(
+ XMLNamespaceConstants.SCHEMA_ROOT + "datatypes.dtd"));
+ }
+ } else if (systemId != null) {
+ // get the URI path
+ try {
+ URI uri = new URI(systemId);
+ systemId = uri.getPath();
+
+ if (!"file".equals(uri.getScheme()) || "".equals(systemId.trim())) {
+ return null;
+ }
+
+ } catch (MalformedURIException e) {
+ return null;
+ }
+
+ // try to get the resource from the full path
+ stream = getClass().getResourceAsStream(systemId);
+ if (stream != null) {
+ InputSource source = new InputSource(stream);
+
+ source.setSystemId(systemId);
+ return source;
+ }
+
+ // try to get the resource from the last path component
+ slashPos = systemId.lastIndexOf('/');
+ if (slashPos >= 0 && systemId.length() > slashPos) {
+ systemId = systemId.substring(slashPos + 1, systemId.length());
+ stream =
+ getClass().getResourceAsStream(XMLNamespaceConstants.SCHEMA_ROOT + systemId);
+ if (stream != null) {
+ InputSource source = new InputSource(stream);
+
+ source.setSystemId(systemId);
+ return source;
+ }
+ }
+ }
+
+ return null; // nothing found - let the parser handle the entity
+ }
+}
\ No newline at end of file
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java
new file mode 100644
index 00000000..01fb7375
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java
@@ -0,0 +1,142 @@
+/*******************************************************************************
+ *******************************************************************************/
+
+
+package at.gv.egiz.eaaf.core.impl.utils;
+
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URL;
+
+/**
+ * Utility for accessing files on the file system, and for reading from input streams.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class FileUtils {
+
+ /**
+ * Reads a file, given by URL, into a byte array.
+ * @param urlString file URL
+ * @return file content
+ * @throws IOException on any exception thrown
+ */
+ public static byte[] readURL(String urlString) throws IOException {
+ URL url = new URL(urlString);
+ InputStream in = new BufferedInputStream(url.openStream());
+ byte[] content = StreamUtils.readStream(in);
+ in.close();
+ return content;
+ }
+
+ /**
+ * Reads a file from a resource.
+ * @param name resource name
+ * @return file content as a byte array
+ * @throws IOException on any exception thrown
+ */
+ public static byte[] readResource(String name) throws IOException {
+ ClassLoader cl = FileUtils.class.getClassLoader();
+ BufferedInputStream in = new BufferedInputStream(cl.getResourceAsStream(name));
+ byte[] content = StreamUtils.readStream(in);
+ in.close();
+ return content;
+ }
+ /**
+ * Reads a file from a resource.
+ * @param name filename
+ * @param encoding character encoding
+ * @return file content
+ * @throws IOException on any exception thrown
+ */
+ public static String readResource(String name, String encoding) throws IOException {
+ byte[] content = readResource(name);
+ return new String(content, encoding);
+ }
+
+
+ /**
+ * Returns the absolute URL of a given url which is relative to the parameter root
+ * @param url
+ * @param root
+ * @return String
+ * @throws MalformedURLException
+ */
+ public static String makeAbsoluteURL(String url, URI root) throws MalformedURLException {
+ return makeAbsoluteURL(url, root.toURL().toString());
+
+ }
+
+ /**
+ * Returns the absolute URL of a given url which is relative to the parameter root
+ * @param url
+ * @param root
+ * @return String
+ */
+ public static String makeAbsoluteURL(String url, String root) {
+ //if url is relative to rootConfigFileDirName make it absolute
+
+ File keyFile;
+ String newURL = url;
+
+ if(null == url) return null;
+
+ if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("file:/") || url.startsWith("ftp:/")) {
+ return url;
+
+ } else {
+ // check if absolute - if not make it absolute
+ keyFile = new File(url);
+ if (!keyFile.isAbsolute()) {
+ keyFile = new File(root, url);
+
+ if (keyFile.toString().startsWith("file:"))
+ newURL = keyFile.toString();
+
+ else
+ newURL = keyFile.toURI().toString();
+
+ }
+ return newURL;
+ }
+ }
+
+
+ private static void copy( InputStream fis, OutputStream fos )
+ {
+ try
+ {
+ byte[] buffer = new byte[ 0xFFFF ];
+ for ( int len; (len = fis.read(buffer)) != -1; )
+ fos.write( buffer, 0, len );
+ }
+ catch( IOException e ) {
+ System.err.println( e );
+ }
+ finally {
+ if ( fis != null )
+ try { fis.close(); } catch ( IOException e ) { e.printStackTrace(); }
+ if ( fos != null )
+ try { fos.close(); } catch ( IOException e ) { e.printStackTrace(); }
+ }
+ }
+
+ public static void copyFile(File src, File dest)
+ {
+ try
+ {
+ copy( new FileInputStream( src ), new FileOutputStream( dest ) );
+ }
+ catch( IOException e ) {
+ e.printStackTrace();
+ }
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HTTPUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HTTPUtils.java
new file mode 100644
index 00000000..cf1abaa7
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HTTPUtils.java
@@ -0,0 +1,178 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egiz.eaaf.core.impl.utils;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang3.StringUtils;
+
+
+/**
+ *
+ * @author Rudolf Schamberger
+ *
+ */
+public class HTTPUtils {
+
+// /**
+// * Utility used to obtainin correct encoded HTTP content.
+// * Reads a given Content adressed by HTTP-URL into String.
+// * Content encoding is considered by using the Content-Type HTTP header charset value.
+// * @param URL HTTP URL to read from.
+// * @return String representation of content
+// * @throws IOException on data-reading problems
+// */
+// public static String readHttpURL(String URL)
+// throws IOException {
+//
+// URL url = new URL(URL);
+// HttpURLConnection conn = (HttpURLConnection)url.openConnection();
+// conn.setRequestMethod("GET");
+// String contentType = conn.getContentType();
+// RE regExp = null;
+// try {
+// regExp = new RE("(;.*charset=)(\"*)(.*[^\"])");
+// } catch (RESyntaxException e) {
+// //RESyntaxException is not possible = expr. is costant
+// }
+// boolean charsetSupplied = regExp.match(contentType);
+// String encoding = "ISO-8859-1"; //default HTTP encoding
+// if (charsetSupplied) {
+// encoding = regExp.getParen(3);
+// }
+// InputStream instream = new BufferedInputStream(conn.getInputStream());
+// InputStreamReader isr = new InputStreamReader(instream, encoding);
+// Reader in = new BufferedReader(isr);
+// int ch;
+// StringBuffer buffer = new StringBuffer();
+// while ((ch = in.read()) > -1) {
+// buffer.append((char)ch);
+// }
+// in.close();
+// conn.disconnect();
+// return buffer.toString();
+// }
+
+ /**
+ * Helper method to retrieve server URL including context path
+ * @param request HttpServletRequest
+ * @return Server URL including context path (e.g. http://localhost:8443/moa-id-auth
+ */
+ public static String getBaseURL(HttpServletRequest request) {
+ StringBuffer buffer = new StringBuffer(getServerURL(request));
+
+ // add context path if available
+ String contextPath = request.getContextPath();
+ if (!StringUtils.isEmpty(contextPath)) {
+ buffer.append(contextPath);
+ }
+
+ return buffer.toString();
+ }
+
+ /**
+ * Helper method to retrieve server URL
+ * @param request HttpServletRequest
+ * @return Server URL (e.g. http://localhost:8443)
+ */
+ public static String getServerURL(HttpServletRequest request) {
+ StringBuffer buffer = new StringBuffer();
+
+ // get protocol
+ String protocol = request.getScheme();
+ buffer.append(protocol).append("://");
+
+ // server name
+ buffer.append(request.getServerName());
+
+ // add port if necessary
+ int port = request.getServerPort();
+ if ((protocol.equals("http") && port != 80) || (protocol.equals("https") && port != 443)) {
+ buffer.append(':');
+ buffer.append(port);
+ }
+
+ return buffer.toString();
+ }
+
+ /**
+ * Extract the IDP PublicURLPrefix from authrequest
+ *
+ * @param req HttpServletRequest
+ * @return PublicURLPrefix which ends always without /
+ */
+ public static String extractAuthURLFromRequest(HttpServletRequest req) {
+ String authURL = req.getScheme() + "://" + req.getServerName();
+ if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
+ authURL = authURL.concat(":" + req.getServerPort());
+ }
+ authURL = authURL.concat(req.getContextPath());
+ return authURL;
+
+ }
+
+ /**
+ * Extract the IDP requested URL from authrequest
+ *
+ * @param req HttpServletRequest
+ * @return RequestURL which ends always without /
+ */
+ public static String extractAuthServletPathFromRequest(HttpServletRequest req) {
+ return extractAuthURLFromRequest(req).concat(req.getServletPath());
+
+ }
+
+ public static String addURLParameter(String url, String paramname,
+ String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java
new file mode 100644
index 00000000..3583a294
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java
@@ -0,0 +1,175 @@
+/*******************************************************************************
+ *******************************************************************************/
+
+
+package at.gv.egiz.eaaf.core.impl.utils;
+
+import java.io.BufferedInputStream;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+
+/**
+ * Utility for creating and loading key stores.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class KeyStoreUtils {
+
+ /**
+ * JAVA KeyStore
+ */
+ private static final String KEYSTORE_TYPE_JKS = "JKS";
+
+ /**
+ * PKCS12 KeyStore
+ */
+ private static final String KEYSTORE_TYPE_PKCS12 = "PKCS12";
+
+
+
+ /**
+ * Loads a key store from file.
+ *
+ * @param keystoreType key store type
+ * @param urlString URL of key store
+ * @param password password protecting the key store
+ * @return key store loaded
+ * @throws IOException thrown while reading the key store from file
+ * @throws GeneralSecurityException thrown while creating the key store
+ */
+ public static KeyStore loadKeyStore(
+ String keystoreType,
+ String urlString,
+ String password)
+ throws IOException, GeneralSecurityException {
+
+ URL keystoreURL = new URL(urlString);
+ InputStream in = keystoreURL.openStream();
+ return loadKeyStore(keystoreType, in, password);
+ }
+ /**
+ * Loads a key store from an InputStream, and
+ * closes the InputStream.
+ *
+ * @param keystoreType key store type
+ * @param in input stream
+ * @param password password protecting the key store
+ * @return key store loaded
+ * @throws IOException thrown while reading the key store from the stream
+ * @throws GeneralSecurityException thrown while creating the key store
+ */
+ public static KeyStore loadKeyStore(
+ String keystoreType,
+ InputStream in,
+ String password)
+ throws IOException, GeneralSecurityException {
+
+ char[] chPassword = null;
+ if (password != null)
+ chPassword = password.toCharArray();
+ KeyStore ks = KeyStore.getInstance(keystoreType);
+ ks.load(in, chPassword);
+ in.close();
+ return ks;
+ }
+ /**
+ * Creates a key store from X509 certificate files, aliasing them with
+ * the index in the String[], starting with "0".
+ *
+ * @param keyStoreType key store type
+ * @param certFilenames certificate filenames
+ * @return key store created
+ * @throws IOException thrown while reading the certificates from file
+ * @throws GeneralSecurityException thrown while creating the key store
+ */
+ public static KeyStore createKeyStore(
+ String keyStoreType,
+ String[] certFilenames)
+ throws IOException, GeneralSecurityException {
+
+ KeyStore ks = KeyStore.getInstance(keyStoreType);
+ ks.load(null, null);
+ for (int i = 0; i < certFilenames.length; i++) {
+ Certificate cert = loadCertificate(certFilenames[i]);
+ ks.setCertificateEntry("" + i, cert);
+ }
+ return ks;
+ }
+
+ /**
+ * Loads an X509 certificate from file.
+ * @param certFilename filename
+ * @return the certificate loaded
+ * @throws IOException thrown while reading the certificate from file
+ * @throws GeneralSecurityException thrown while creating the certificate
+ */
+ private static Certificate loadCertificate(String certFilename)
+ throws IOException, GeneralSecurityException {
+
+ FileInputStream in = new FileInputStream(certFilename);
+ CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+ Certificate cert = certFactory.generateCertificate(in);
+ in.close();
+ return cert;
+ }
+
+
+ /**
+ * Loads a keyStore without knowing the keyStore type
+ * @param keyStorePath URL to the keyStore
+ * @param password Password protecting the keyStore
+ * @return keyStore loaded
+ * @throws KeyStoreException thrown if keyStore cannot be loaded
+ * @throws FileNotFoundException
+ * @throws IOException
+ */
+ public static KeyStore loadKeyStore(String keyStorePath, String password) throws KeyStoreException, IOException{
+
+ //InputStream is = new FileInputStream(keyStorePath);
+ URL keystoreURL = new URL(keyStorePath);
+ InputStream in = keystoreURL.openStream();
+ InputStream isBuffered = new BufferedInputStream(in);
+ return loadKeyStore(isBuffered, password);
+
+ }
+
+ /**
+ * Loads a keyStore without knowing the keyStore type
+ * @param in input stream
+ * @param password Password protecting the keyStore
+ * @return keyStore loaded
+ * @throws KeyStoreException thrown if keyStore cannot be loaded
+ * @throws FileNotFoundException
+ * @throws IOException
+ */
+public static KeyStore loadKeyStore(InputStream is, String password) throws KeyStoreException, IOException{
+ is.mark(1024*1024);
+ KeyStore ks = null;
+ try {
+ try {
+ ks = loadKeyStore(KEYSTORE_TYPE_PKCS12, is, password);
+ } catch (IOException e2) {
+ is.reset();
+ ks = loadKeyStore(KEYSTORE_TYPE_JKS, is, password);
+ }
+ } catch(Exception e) {
+ e.printStackTrace();
+
+ }
+ return ks;
+
+ }
+
+
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java
new file mode 100644
index 00000000..49b957cc
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java
@@ -0,0 +1,319 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.utils;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Properties;
+import java.util.Set;
+
+import org.apache.commons.lang3.StringUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class KeyValueUtils {
+
+ public static final String KEY_DELIMITER = ".";
+ public static final String CSV_DELIMITER = ",";
+
+ /**
+ * Convert Java properties into a Map
+ *
+ * Important: The key/values from properties must be of type String!
+ *
+ * @param properties
+ * @return
+ */
+ public static Map convertPropertiesToMap(Properties properties) {
+ return new HashMap((Map) properties);
+
+ //INFO Java8 solution ;)
+// return properties.entrySet().stream().collect(
+// Collectors.toMap(
+// e -> e.getKey().toString(),
+// e -> e.getValue().toString()
+// )
+// );
+
+ }
+
+ /**
+ * Extract the first child of an input key after a the prefix
+ *
+ * @param key Full input key
+ * @param prefix Prefix
+ * @return Child key {String} if it exists or null
+ */
+ public static String getFirstChildAfterPrefix(String key, String prefix) {
+ String idAfterPrefix = removePrefixFromKey(key, prefix);
+ if (idAfterPrefix != null) {
+ int index = idAfterPrefix.indexOf(KEY_DELIMITER);
+ if (index > 0) {
+ String adding = idAfterPrefix.substring(0, index);
+ if (!(adding.isEmpty())) {
+ return adding;
+
+ }
+ } else if (!(idAfterPrefix.isEmpty())) {
+ return idAfterPrefix;
+
+ }
+
+ }
+ return null;
+ }
+
+ /**
+ * Extract the prefix from an input key
+ *
+ * @param key Full input key
+ * @param suffix Suffix of this key
+ * @return Prefix {String} of the key or null if input key does not ends with postfix string
+ */
+ public static String getPrefixFromKey(String key, String suffix) {
+ if (key != null && key.endsWith(suffix)) {
+ String idPreforeSuffix = key.substring(0, key.length()-suffix.length());
+ if (idPreforeSuffix.endsWith(KEY_DELIMITER))
+ return idPreforeSuffix.substring(0, idPreforeSuffix.length()-1);
+ else
+ return idPreforeSuffix;
+ }
+ return null;
+
+ }
+
+ /**
+ * Remove a prefix string from a key
+ *
+ * @param key Full input key
+ * @param prefix Prefix, which should be removed
+ * @return The suffix of the input key or null if the input does not starts with the prefix
+ */
+ public static String removePrefixFromKey(String key, String prefix) {
+ if (prefix == null)
+ prefix = new String();
+
+ if (key!=null && key.startsWith(prefix)) {
+ String afterPrefix = key.substring(prefix.length());
+ int index = afterPrefix.indexOf(KEY_DELIMITER);
+
+ if (index == 0) {
+ afterPrefix = afterPrefix.substring(1);
+
+ }
+ return afterPrefix;
+
+ }
+ return null;
+ }
+
+ /**
+ * Remove a prefix string from all keys in {Map} of key/value pairs
+ *
+ * @param keys Input data of key/value pairs
+ * @param prefix Prefix which should be removed
+ * @return {Map} of key/value pairs without prefix in key, but never null
+ */
+ public static Map removePrefixFromKeys(Map keys, String prefix) {
+ Map result = new HashMap();
+ Iterator> interator = keys.entrySet().iterator();
+ while(interator.hasNext()) {
+ Entry el = interator.next();
+ String newKey = removePrefixFromKey(el.getKey(), prefix);
+ if (StringUtils.isNotEmpty(newKey)) {
+ result.put(newKey, el.getValue());
+ }
+ }
+
+ return result;
+ }
+
+ /**
+ * Get a subset of key/value pairs which starts with a prefix string
+ * The Prefix is removed from the key
+ *
+ * @param keys Input data of key/value pairs
+ * @param prefix Prefix string
+ * @return {Map} of key/value pairs without prefix in key, but never null
+ */
+ public static Map getSubSetWithPrefix(Map keys, String prefix) {
+ return removePrefixFromKeys(keys, prefix);
+ }
+
+
+ /**
+ * Add a prefix to key/value pairs to make the key absolute according to key namespace convention
+ *
+ * @param input Input key/value pairs which should be updated
+ * @param prefix Key prefix, which should be added if the key is not absolute
+ * @param absolutIdentifier Key identifier, which indicates an absolute key
+ * @return {Map} of key/value pairs in which all keys are absolute but never null
+ */
+ public static Map makeKeysAbsolut(Map input, String prefix, String absolutIdentifier) {
+ Map result = new HashMap();
+ Iterator> interator = input.entrySet().iterator();
+ while(interator.hasNext()) {
+ Entry el = interator.next();
+ if (!el.getKey().startsWith(absolutIdentifier)) {
+ //key is not absolute -> add prefix
+ result.put(prefix
+ + KEY_DELIMITER
+ + el.getKey(),
+ el.getValue());
+
+ } else {
+ //key is absolute
+ result.put(el.getKey(), el.getValue());
+ }
+ }
+ return result;
+ }
+
+ /**
+ * Get the parent key string from an input key
+ *
+ * @param key input key
+ * @return parent key or the empty String if no parent exists
+ */
+ public static String getParentKey(String key) {
+ if (StringUtils.isNotEmpty(key)) {
+ int index = key.lastIndexOf(KEY_DELIMITER);
+ if (index > 0) {
+ return key.substring(0, index);
+
+ }
+ }
+
+ return new String();
+ }
+
+ /**
+ * Find the highest free list counter
+ *
+ * @param input Array of list keys
+ * @param listPrefix {String} prefix of the list
+ * @return {int} highest free list counter
+ */
+ public static int findNextFreeListCounter(String[] input,
+ String listPrefix) {
+ List counters = new ArrayList();
+ if (input == null || input.length == 0)
+ return 0;
+
+ else {
+ for (String key : input) {
+ String listIndex = getFirstChildAfterPrefix(key, listPrefix);
+ counters.add(Integer.parseInt(listIndex));
+
+ }
+ Collections.sort(counters);
+ return counters.get(counters.size()-1) + 1;
+ }
+ }
+
+ /**
+ * Find the highest free list counter
+ *
+ * @param keySet {Set} of list keys
+ * @param listPrefix {String} prefix of the list
+ * @return {int} highest free list counter
+ */
+ public static int findNextFreeListCounter(Set keySet,
+ String listPrefix) {
+ if (keySet.isEmpty())
+ return 0;
+
+ String[] array = new String[keySet.size()];
+ keySet.toArray(array);
+ return findNextFreeListCounter(array, listPrefix);
+ }
+
+
+ /**
+ * Normalize a CSV encoded list of value of an key/value pair
+ *
+ * This method removes all whitespace at the begin or the
+ * end of CSV values and remove newLine signs at the end of value.
+ * The ',' is used as list delimiter
+ *
+ * @param value CSV encoded input data
+ * @return normalized CSV encoded data or null if {value} is null or empty
+ */
+ public static String normalizeCSVValueString(String value) {
+ String normalizedCodes = null;
+ if (StringUtils.isNotEmpty(value)) {
+ String[] codes = value.split(CSV_DELIMITER);
+ for (String el: codes) {
+ if (normalizedCodes == null)
+ normalizedCodes = StringUtils.chomp(el.trim());
+ else
+ normalizedCodes += "," + StringUtils.chomp(el.trim());
+
+ }
+ }
+ return normalizedCodes;
+ }
+
+
+ /**
+ * Check a String if it is a comma separated list of values
+ *
+ * This method uses the ',' as list delimiter.
+ *
+ * @param value CSV encoded input data
+ * @return true if the input data contains a ',' and has more then 1 list element, otherwise false
+ */
+ public static boolean isCSVValueString(String value) {
+ if (StringUtils.isNotEmpty(value)) {
+ String[] codes = value.split(CSV_DELIMITER);
+ if (codes.length >= 2) {
+ if (StringUtils.isNotEmpty(codes[1].trim()))
+ return true;
+
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * Convert a CSV list to a List of CSV values
+ *
+ * This method removes all whitespace at the begin or the
+ * end of CSV values and remove newLine signs at the end of value.
+ * The ',' is used as list delimiter
+ *
+ * @param csv CSV encoded input data
+ * @return List of CSV normalized values, but never null
+ */
+ public static List getListOfCSVValues(String csv) {
+ List list = new ArrayList();
+ if (StringUtils.isNotEmpty(csv)) {
+ String[] values = csv.split(CSV_DELIMITER);
+ for (String el: values)
+ list.add(el.trim());
+
+ }
+
+ return list;
+ }
+
+ /**
+ * This method remove all newline delimiter (\n or \r\n) from input data
+ *
+ * @param value Input String
+ * @return Input String without newline characters
+ */
+ public static String removeAllNewlineFromString(String value) {
+ return value.replaceAll("(\\t|\\r?\\n)+", "");
+
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java
new file mode 100644
index 00000000..c752c91f
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java
@@ -0,0 +1,89 @@
+/*******************************************************************************
+ *******************************************************************************/
+
+
+package at.gv.egiz.eaaf.core.impl.utils;
+
+import java.util.ListIterator;
+
+import org.w3c.dom.DOMException;
+import org.w3c.dom.Node;
+import org.w3c.dom.traversal.NodeFilter;
+import org.w3c.dom.traversal.NodeIterator;
+
+/**
+ * A NodeIterator implementation based on a
+ * ListIterator.
+ *
+ * @see java.util.ListIterator
+ * @see org.w3c.dom.traversal.NodeIterator
+ *
+ */
+public class NodeIteratorAdapter implements NodeIterator {
+
+ /** The ListIterator to wrap. */
+ private ListIterator nodeIterator;
+
+ /**
+ * Create a new NodeIteratorAdapter.
+ * @param nodeIterator The ListIterator to iterate over.
+ */
+ public NodeIteratorAdapter(ListIterator nodeIterator) {
+ this.nodeIterator = nodeIterator;
+ }
+
+ /**
+ * @see org.w3c.dom.traversal.NodeIterator#getRoot()
+ */
+ public Node getRoot() {
+ return null;
+ }
+
+ /**
+ * @see org.w3c.dom.traversal.NodeIterator#getWhatToShow()
+ */
+ public int getWhatToShow() {
+ return NodeFilter.SHOW_ALL;
+ }
+
+ /**
+ * @see org.w3c.dom.traversal.NodeIterator#getFilter()
+ */
+ public NodeFilter getFilter() {
+ return null;
+ }
+
+ /**
+ * @see org.w3c.dom.traversal.NodeIterator#getExpandEntityReferences()
+ */
+ public boolean getExpandEntityReferences() {
+ return false;
+ }
+
+ /**
+ * @see org.w3c.dom.traversal.NodeIterator#nextNode()
+ */
+ public Node nextNode() throws DOMException {
+ if (nodeIterator.hasNext()) {
+ return (Node) nodeIterator.next();
+ }
+ return null;
+ }
+
+ /**
+ * @see org.w3c.dom.traversal.NodeIterator#previousNode()
+ */
+ public Node previousNode() throws DOMException {
+ if (nodeIterator.hasPrevious()) {
+ return (Node) nodeIterator.previous();
+ }
+ return null;
+ }
+
+ /**
+ * @see org.w3c.dom.traversal.NodeIterator#detach()
+ */
+ public void detach() {
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java
new file mode 100644
index 00000000..61933907
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java
@@ -0,0 +1,46 @@
+/*******************************************************************************
+ *******************************************************************************/
+
+
+package at.gv.egiz.eaaf.core.impl.utils;
+
+import java.util.List;
+
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * A NodeList implementation based on a List.
+ *
+ * @see java.util.List
+ * @see org.w3c.dom.NodeList
+ */
+
+public class NodeListAdapter implements NodeList {
+ /** The List to wrap. */
+ private List nodeList;
+
+ /**
+ * Create a new NodeListAdapter.
+ *
+ * @param nodeList The List containing the nodes.
+ */
+ public NodeListAdapter(List nodeList) {
+ this.nodeList = nodeList;
+ }
+
+ /**
+ * @see org.w3c.dom.NodeList#item(int)
+ */
+ public Node item(int index) {
+ return (Node) nodeList.get(index);
+ }
+
+ /**
+ * @see org.w3c.dom.NodeList#getLength()
+ */
+ public int getLength() {
+ return nodeList.size();
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java
new file mode 100644
index 00000000..aad90649
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java
@@ -0,0 +1,205 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egiz.eaaf.core.impl.utils;
+
+
+import java.nio.ByteBuffer;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import org.apache.commons.codec.binary.Hex;
+import org.apache.commons.lang3.ArrayUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * Random number generator used to generate ID's
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class Random {
+ private static final Logger log = LoggerFactory.getLogger(Random.class);
+
+ private final static char[] allowedPreFix =
+ {'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
+ 'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'};
+ private static final DateFormat dateFormater = new SimpleDateFormat("yyyyddMM");
+
+ /** random number generator used */
+ private static SecureRandom random;
+ //private static SeedGenerator seedgenerator;
+
+ static {
+ try {
+ random = SecureRandom.getInstance("SHA256PRNG-FIPS186");
+
+ } catch (NoSuchAlgorithmException e) {
+ log.warn("Can NOT initialize SecureRandom with: 'SHA256PRNG-FIPS186'. Use 'StrongSecureRandom' as backup");
+
+ try {
+ random = SecureRandom.getInstanceStrong();
+
+ } catch (NoSuchAlgorithmException e1) {
+ log.error("Can NOT initialize SecureRandom. StartUp process FAILED!");
+ throw new RuntimeException("Can NOT initialize SecureRandom. StartUp process FAILED!", e);
+
+ }
+
+ }
+
+
+ //random = iaik.security.random.SHA256FIPS186Random.getDefault();
+ }
+
+ /**
+ * Generate a unique process reference-value [160bit], which always starts with a letter
+ *
+ * This unique ID consists of single letter, a 64bit date String[yyyyddMM],
+ * and a 88bit random value.
+ *
+ * @return 160bit ID, which is hex encoded
+ */
+ public static String nextProcessReferenceValue() {
+ //pre-process all three parts of a unique reference value
+ String now = dateFormater.format(new Date()); //8 bytes = 64bit
+ byte[] randValue = nextByteRandom(11);
+ char preFix = allowedPreFix[Math.abs(random.nextInt() % allowedPreFix.length)];
+
+ //generate ID
+ String returnValue = preFix + new String(Hex.encodeHex(ArrayUtils.addAll(now.getBytes(), randValue))); // 20 bytes = 160 bits
+ if (returnValue.length() > 40)
+ return returnValue.substring(0, 40);
+ else
+ return returnValue;
+
+ }
+
+
+
+ /**
+ * Creates a new random number [256bit], and encode it as hex value.
+ *
+ * @return random hex encoded value [256bit]
+ */
+ public static String nextHexRandom32() {
+ return new String(Hex.encodeHex(nextByteRandom(32))); // 32 bytes = 256 bits
+
+ }
+
+ /**
+ * Creates a new random number [128bit], and encode it as hex value.
+ *
+ * @return random hex encoded value [128bit]
+ */
+ public static String nextHexRandom16() {
+ return new String(Hex.encodeHex(nextByteRandom(16))); // 16 bytes = 128 bits
+
+ }
+
+ /**
+ * Creates a new random number [64bit], to be used as an ID.
+ *
+ * @return random long as a String [64bit]
+ */
+ public static String nextLongRandom() {
+ return "".concat(String.valueOf(Math.abs(generateLongRandom(32)))); // 32 bytes = 256 bits
+
+ }
+
+ /**
+ * Creates a new random number, to be used as an ID.
+ *
+ * @return random long as a String [64bit]
+ */
+ @Deprecated
+ public static String nextRandom() {
+ long l = ByteBuffer.wrap(nextByteRandom(32)).getLong(); // 32 bytes = 256 bits
+ return "" + Math.abs(l);
+
+ }
+
+/**
+ * Creates a new random byte[]
+ *
+ * @param size Size of random number in byte
+ * @return
+ */
+public static byte[] nextBytes(int size) {
+ return nextByteRandom(size);
+
+}
+
+ public static void seedRandom() {
+ //TODO: implement reflection on IAIK Seed generator
+// seedgenerator = iaik.security.random.AutoSeedGenerator.getDefault();
+// if (seedgenerator.seedAvailable())
+// random.setSeed(seedgenerator.getSeed());
+
+ random.setSeed(System.nanoTime());
+ }
+
+ private static long generateLongRandom(int size) {
+ return ByteBuffer.wrap(nextByteRandom(size)).getLong();
+ }
+
+ /**
+ * Generate a new random number
+ *
+ * @param size Size of random number in byte
+ * @return
+ */
+ private static synchronized byte[] nextByteRandom(int size) {
+ byte[] b = new byte[size];
+ random.nextBytes(b);
+ return b;
+
+ }
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ServletUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ServletUtils.java
new file mode 100644
index 00000000..c19e5ab1
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ServletUtils.java
@@ -0,0 +1,69 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ *
+ */
+package at.gv.egiz.eaaf.core.impl.utils;
+
+import javax.servlet.http.HttpServletRequest;
+
+public class ServletUtils {
+
+
+ public static String getBaseUrl( HttpServletRequest request ) {
+ if ( ( request.getServerPort() == 80 ) ||
+ ( request.getServerPort() == 443 ) )
+ return request.getScheme() + "://" +
+ request.getServerName() +
+ request.getContextPath();
+ else
+ return request.getScheme() + "://" +
+ request.getServerName() + ":" + request.getServerPort() +
+ request.getContextPath();
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java
new file mode 100644
index 00000000..3e4143d4
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java
@@ -0,0 +1,177 @@
+/*******************************************************************************
+ *******************************************************************************/
+
+
+package at.gv.egiz.eaaf.core.impl.utils;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+/**
+ * Utility methods for streams.
+ *
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class StreamUtils {
+
+ /**
+ * Compare the contents of two InputStreams.
+ *
+ * @param is1 The 1st InputStream to compare.
+ * @param is2 The 2nd InputStream to compare.
+ * @return boolean true, if both streams contain the exactly the
+ * same content, false otherwise.
+ * @throws IOException An error occurred reading one of the streams.
+ */
+ public static boolean compareStreams(InputStream is1, InputStream is2)
+ throws IOException {
+
+ byte[] buf1 = new byte[256];
+ byte[] buf2 = new byte[256];
+ int length1;
+ int length2;
+
+ try {
+ while (true) {
+ length1 = is1.read(buf1);
+ length2 = is2.read(buf2);
+
+ if (length1 != length2) {
+ return false;
+ }
+ if (length1 <= 0) {
+ return true;
+ }
+ if (!compareBytes(buf1, buf2, length1)) {
+ return false;
+ }
+ }
+ } catch (IOException e) {
+ throw e;
+ } finally {
+ // close both streams
+ try {
+ is1.close();
+ is2.close();
+ } catch (IOException e) {
+ // ignore this
+ }
+ }
+ }
+
+ /**
+ * Compare two byte arrays, up to a given maximum length.
+ *
+ * @param b1 1st byte array to compare.
+ * @param b2 2nd byte array to compare.
+ * @param length The maximum number of bytes to compare.
+ * @return true, if the byte arrays are equal, false
+ * otherwise.
+ */
+ private static boolean compareBytes(byte[] b1, byte[] b2, int length) {
+ if (b1.length != b2.length) {
+ return false;
+ }
+
+ for (int i = 0; i < b1.length && i < length; i++) {
+ if (b1[i] != b2[i]) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * Reads a byte array from a stream.
+ * @param in The InputStream to read.
+ * @return The bytes contained in the given InputStream.
+ * @throws IOException on any exception thrown
+ */
+ public static byte[] readStream(InputStream in) throws IOException {
+
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ copyStream(in, out, null);
+
+ /*
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ int b;
+ while ((b = in.read()) >= 0)
+ out.write(b);
+
+ */
+ in.close();
+ return out.toByteArray();
+ }
+
+ /**
+ * Reads a String from a stream, using given encoding.
+ * @param in The InputStream to read.
+ * @param encoding The character encoding to use for converting the bytes
+ * of the InputStream into a String.
+ * @return The content of the given InputStream converted into
+ * a String.
+ * @throws IOException on any exception thrown
+ */
+ public static String readStream(InputStream in, String encoding) throws IOException {
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ copyStream(in, out, null);
+
+ /*
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ int b;
+ while ((b = in.read()) >= 0)
+ out.write(b);
+ */
+ in.close();
+ return out.toString(encoding);
+ }
+
+ /**
+ * Reads all data (until EOF is reached) from the given source to the
+ * destination stream. If the destination stream is null, all data is dropped.
+ * It uses the given buffer to read data and forward it. If the buffer is
+ * null, this method allocates a buffer.
+ *
+ * @param source The stream providing the data.
+ * @param destination The stream that takes the data. If this is null, all
+ * data from source will be read and discarded.
+ * @param buffer The buffer to use for forwarding. If it is null, the method
+ * allocates a buffer.
+ * @exception IOException If reading from the source or writing to the
+ * destination fails.
+ */
+ private static void copyStream(InputStream source, OutputStream destination, byte[] buffer) throws IOException {
+ if (source == null) {
+ throw new NullPointerException("Argument \"source\" must not be null.");
+ }
+ if (buffer == null) {
+ buffer = new byte[8192];
+ }
+
+ if (destination != null) {
+ int bytesRead;
+ while ((bytesRead = source.read(buffer)) >= 0) {
+ destination.write(buffer, 0, bytesRead);
+ }
+ } else {
+ while (source.read(buffer) >= 0);
+ }
+ }
+
+ /**
+ * Gets the stack trace of the Throwable passed in as a string.
+ * @param t The Throwable.
+ * @return a String representing the stack trace of the Throwable.
+ */
+ public static String getStackTraceAsString(Throwable t)
+ {
+ ByteArrayOutputStream stackTraceBIS = new ByteArrayOutputStream();
+ t.printStackTrace(new PrintStream(stackTraceBIS));
+ return new String(stackTraceBIS.toByteArray());
+ }
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIDUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIDUtils.java
new file mode 100644
index 00000000..7df211ef
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIDUtils.java
@@ -0,0 +1,85 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.utils;
+
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+
+/**
+ * @author tlenz
+ *
+ */
+public class TransactionIDUtils {
+
+ //MDC variables for logging
+ public static final String MDC_TRANSACTION_ID = "transactionId";
+ public static final String MDC_SESSION_ID = "sessionId";
+ public static final String MDC_SERVICEPROVIDER_ID = "oaId";
+
+ /**
+ * Set all MDC variables from pending request to this threat context
+ * These includes SessionID, TransactionID, and unique service-provider identifier
+ *
+ * @param pendingRequest
+ */
+ public static void setAllLoggingVariables(IRequest pendingRequest) {
+ setTransactionId(pendingRequest.getUniqueTransactionIdentifier());
+ setSessionId(pendingRequest.getUniqueSessionIdentifier());
+ setServiceProviderId(pendingRequest.getServiceProviderConfiguration().getUniqueIdentifier());
+
+ }
+
+ /**
+ * Remove all MDC variables from this threat context
+ *
+ */
+ public static void removeAllLoggingVariables() {
+ removeSessionId();
+ removeTransactionId();
+ removeServiceProviderId();
+
+ }
+
+
+ public static void setServiceProviderId(String oaUniqueId) {
+ org.apache.log4j.MDC.put(MDC_SERVICEPROVIDER_ID, oaUniqueId);
+ org.slf4j.MDC.put(MDC_SERVICEPROVIDER_ID, oaUniqueId);
+
+ }
+
+ public static void removeServiceProviderId() {
+ org.apache.log4j.MDC.remove(MDC_SERVICEPROVIDER_ID);
+ org.slf4j.MDC.remove(MDC_SERVICEPROVIDER_ID);
+
+ }
+
+ public static void setTransactionId(String pendingRequestID) {
+ org.apache.log4j.MDC.put(MDC_TRANSACTION_ID,
+ "TID-" + pendingRequestID);
+ org.slf4j.MDC.put(MDC_TRANSACTION_ID,
+ "TID-" + pendingRequestID);
+
+ }
+
+ public static void removeTransactionId() {
+ org.apache.log4j.MDC.remove(MDC_TRANSACTION_ID);
+ org.slf4j.MDC.remove(MDC_TRANSACTION_ID);
+
+ }
+
+ public static void setSessionId(String uniqueSessionId) {
+ org.apache.log4j.MDC.put(MDC_SESSION_ID,
+ "SID-" + uniqueSessionId);
+ org.slf4j.MDC.put(MDC_SESSION_ID,
+ "SID-" + uniqueSessionId);
+
+ }
+
+ public static void removeSessionId() {
+ org.apache.log4j.MDC.remove(MDC_SESSION_ID);
+ org.slf4j.MDC.remove(MDC_SESSION_ID);
+
+ }
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/XPathUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/XPathUtils.java
new file mode 100644
index 00000000..7df242bd
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/XPathUtils.java
@@ -0,0 +1,523 @@
+/*******************************************************************************
+ *******************************************************************************/
+
+
+package at.gv.egiz.eaaf.core.impl.utils;
+
+import java.util.List;
+import java.util.Map;
+
+import org.jaxen.JaxenException;
+import org.jaxen.NamespaceContext;
+import org.jaxen.Navigator;
+import org.jaxen.SimpleNamespaceContext;
+import org.jaxen.dom.DOMXPath;
+import org.jaxen.dom.DocumentNavigator;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egiz.eaaf.core.api.data.XMLNamespaceConstants;
+import at.gv.egiz.eaaf.core.exceptions.XPathException;
+
+/**
+ * Utility methods to evaluate XPath expressions on DOM nodes.
+ *
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XPathUtils {
+
+ /**
+ * The XPath expression selecting all nodes under a given root (including the
+ * root node itself).
+ */
+ public static final String ALL_NODES_XPATH =
+ "(.//. | .//@* | .//namespace::*)";
+
+ /** The DocumentNavigator to use for navigating the document. */
+ private static Navigator documentNavigator =
+ DocumentNavigator.getInstance();
+ /** The default namespace prefix to namespace URI mappings. */
+ private static NamespaceContext NS_CONTEXT;
+
+ static {
+ SimpleNamespaceContext ctx = new SimpleNamespaceContext();
+ ctx.addNamespace(XMLNamespaceConstants.MOA_PREFIX, XMLNamespaceConstants.MOA_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.MOA_CONFIG_PREFIX, XMLNamespaceConstants.MOA_CONFIG_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.MOA_ID_CONFIG_PREFIX, XMLNamespaceConstants.MOA_ID_CONFIG_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.SL10_PREFIX, XMLNamespaceConstants.SL10_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.SL11_PREFIX, XMLNamespaceConstants.SL11_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.SL12_PREFIX, XMLNamespaceConstants.SL12_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.ECDSA_PREFIX, XMLNamespaceConstants.ECDSA_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.PD_PREFIX, XMLNamespaceConstants.PD_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.SAML_PREFIX, XMLNamespaceConstants.SAML_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.SAMLP_PREFIX, XMLNamespaceConstants.SAMLP_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.DSIG_PREFIX, XMLNamespaceConstants.DSIG_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.XSLT_PREFIX, XMLNamespaceConstants.XSLT_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.XSI_PREFIX, XMLNamespaceConstants.XSI_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.DSIG_FILTER2_PREFIX, XMLNamespaceConstants.DSIG_FILTER2_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.DSIG_EC_PREFIX, XMLNamespaceConstants.DSIG_EC_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.MD_PREFIX, XMLNamespaceConstants.MD_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.MDP_PREFIX, XMLNamespaceConstants.MDP_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.MVV_PREFIX, XMLNamespaceConstants.MVV_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.STB_PREFIX, XMLNamespaceConstants.STB_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.WRR_PREFIX, XMLNamespaceConstants.WRR_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.STORK_PREFIX, XMLNamespaceConstants.STORK_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.STORKP_PREFIX, XMLNamespaceConstants.STORKP_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.SAML2_PREFIX, XMLNamespaceConstants.SAML2_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.SAML2P_PREFIX, XMLNamespaceConstants.SAML2P_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.XENC_PREFIX, XMLNamespaceConstants.XENC_NS_URI);
+ ctx.addNamespace(XMLNamespaceConstants.XADES_1_1_1_NS_PREFIX, XMLNamespaceConstants.XADES_1_1_1_NS_URI);
+ NS_CONTEXT = ctx;
+ }
+
+ /**
+ * Return a NodeIterator over the nodes matching the XPath
+ * expression.
+ *
+ * All namespace URIs and prefixes declared in the Constants
+ * interface are used for resolving namespaces.
+ *
+ * @param contextNode The root node from which to evaluate the XPath
+ * expression.
+ * @param exp The XPath expression to evaluate.
+ * @return An iterator over the resulting nodes.
+ * @throws XPathException An error occurred evaluating the XPath expression.
+ */
+ public static NodeIterator selectNodeIterator(Node contextNode, String exp)
+ throws XPathException {
+
+ return selectNodeIterator(contextNode, NS_CONTEXT, exp);
+ }
+
+ /**
+ * Return a NodeIterator over the nodes matching the XPath
+ * expression.
+ *
+ * @param contextNode The root node from which to evaluate the XPath
+ * expression.
+ * @param namespaceElement An element from which to build the
+ * namespace mapping for evaluating the XPath expression
+ * @param exp The XPath expression to evaluate.
+ * @return An iterator over the resulting nodes.
+ * @throws XPathException An error occurred evaluating the XPath expression.
+ */
+ public static NodeIterator selectNodeIterator(
+ Node contextNode,
+ Element namespaceElement,
+ String exp)
+ throws XPathException {
+
+ try {
+ SimpleNamespaceContext ctx = new SimpleNamespaceContext();
+ ctx.addElementNamespaces(documentNavigator, namespaceElement);
+ return selectNodeIterator(contextNode, ctx, exp);
+
+ } catch (JaxenException e) {
+ throw new XPathException("XPath operation FAILED. Reason: " + e.getMessage(), e);
+
+ }
+ }
+
+ /**
+ * Return a NodeIterator over the nodes matching the XPath
+ * expression.
+ *
+ * @param contextNode The root node from which to evaluate the XPath
+ * expression.
+ * @param namespaceMapping A namespace prefix to namespace URI mapping
+ * (String to String) for evaluating the XPath
+ * expression.
+ * @param exp The XPath expression to evaluate.
+ * @return An iterator over the resulting nodes.
+ * @throws XPathException An error occurred evaluating the XPath expression.
+ */
+ public static NodeIterator selectNodeIterator(
+ Node contextNode,
+ Map namespaceMapping,
+ String exp)
+ throws XPathException {
+
+ SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping);
+
+ return selectNodeIterator(contextNode, ctx, exp);
+ }
+
+ /**
+ * Return a NodeIterator over the nodes matching the XPath
+ * expression.
+ *
+ * @param contextNode The root node from which to evaluate the XPath
+ * expression.
+ * @param nsContext The NamespaceContext for resolving namespace
+ * prefixes to namespace URIs for evaluating the XPath expression.
+ * @param exp The XPath expression to evaluate.
+ * @return An iterator over the resulting nodes.
+ * @throws XPathException An error occurred evaluating the XPath expression.
+ */
+ private static NodeIterator selectNodeIterator(
+ Node contextNode,
+ NamespaceContext nsContext,
+ String exp)
+ throws XPathException {
+
+ try {
+ DOMXPath xpath = new DOMXPath(exp);
+ List nodes;
+
+ xpath.setNamespaceContext(nsContext);
+ nodes = xpath.selectNodes(contextNode);
+ return new NodeIteratorAdapter(nodes.listIterator());
+
+ } catch (JaxenException e) {
+ throw new XPathException("XPath operation FAILED. Reason: " + e.getMessage(), e);
+
+ }
+ }
+
+ /**
+ * Return a NodeList of all the nodes matching the XPath
+ * expression.
+ *
+ * All namespace URIs and prefixes declared in the Constants
+ * interface are used for resolving namespaces.
+ *
+ * @param contextNode The root node from which to evaluate the XPath
+ * expression.
+ * @param exp The XPath expression to evaluate.
+ * @return A NodeList containing the matching nodes.
+ * @throws XPathException An error occurred evaluating the XPath expression.
+ */
+ public static NodeList selectNodeList(Node contextNode, String exp)
+ throws XPathException {
+
+ return selectNodeList(contextNode, NS_CONTEXT, exp);
+ }
+
+ /**
+ * Return a NodeList of all the nodes matching the XPath
+ * expression.
+ *
+ * @param contextNode The root node from which to evaluate the XPath
+ * expression.
+ * @param namespaceElement An element from which to build the
+ * namespace mapping for evaluating the XPath expression
+ * @param exp The XPath expression to evaluate.
+ * @return A NodeList containing the matching nodes.
+ * @throws XPathException An error occurred evaluating the XPath expression.
+ */
+ public static NodeList selectNodeList(
+ Node contextNode,
+ Element namespaceElement,
+ String exp)
+ throws XPathException {
+
+ try {
+ SimpleNamespaceContext ctx = new SimpleNamespaceContext();
+
+ ctx.addElementNamespaces(documentNavigator, namespaceElement);
+ return selectNodeList(contextNode, ctx, exp);
+
+ } catch (JaxenException e) {
+ throw new XPathException("XPath operation FAILED. Reason: " + e.getMessage(), e);
+
+ }
+ }
+
+ /**
+ * Return a NodeList of all the nodes matching the XPath
+ * expression.
+ *
+ * @param contextNode The root node from which to evaluate the XPath
+ * expression.
+ * @param namespaceMapping A namespace prefix to namespace URI mapping
+ * (String to String) for evaluating the XPath
+ * expression.
+ * @param exp The XPath expression to evaluate.
+ * @return A NodeList containing the matching nodes.
+ * @throws XPathException An error occurred evaluating the XPath expression.
+ */
+ public static NodeList selectNodeList(
+ Node contextNode,
+ Map namespaceMapping,
+ String exp)
+ throws XPathException {
+
+ SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping);
+
+ return selectNodeList(contextNode, ctx, exp);
+ }
+
+ /**
+ * Return a NodeList of all the nodes matching the XPath
+ * expression.
+ *
+ * @param contextNode The root node from which to evaluate the XPath
+ * expression.
+ * @param nsContext The NamespaceContext for resolving namespace
+ * prefixes to namespace URIs for evaluating the XPath expression.
+ * @param exp The XPath expression to evaluate.
+ * @return A NodeList containing the matching nodes.
+ * @throws XPathException An error occurred evaluating the XPath expression.
+ */
+ private static NodeList selectNodeList(Node contextNode, NamespaceContext nsContext, String exp) throws XPathException {
+ try {
+ DOMXPath xpath = new DOMXPath(exp);
+ List nodes;
+ xpath.setNamespaceContext(nsContext);
+ nodes = xpath.selectNodes(contextNode);
+ return new NodeListAdapter(nodes);
+
+ } catch (JaxenException e) {
+ throw new XPathException("XPath operation FAILED. Reason: " + e.getMessage(), e);
+
+ }
+ }
+
+ /**
+ * Select the first node matching an XPath expression.
+ *
+ * All namespace URIs and prefixes declared in the Constants
+ * interface are used for resolving namespaces.
+ *
+ * @param contextNode The root node from which to evaluate the XPath
+ * expression.
+ * @param exp The XPath expression to evaluate.
+ * @return Node The first node matching the XPath expression, or
+ * null, if no node matched.
+ * @throws XPathException An error occurred evaluating the XPath expression.
+ */
+ public static Node selectSingleNode(Node contextNode, String exp)
+ throws XPathException {
+
+ return selectSingleNode(contextNode, NS_CONTEXT, exp);
+ }
+
+ /**
+ * Select the first node matching an XPath expression.
+ *
+ * @param contextNode The root node from which to evaluate the XPath
+ * expression.
+ * @param namespaceElement An element from which to build the
+ * namespace mapping for evaluating the XPath expression
+ * @param exp The XPath expression to evaluate.
+ * @return Node The first node matching the XPath expression, or
+ * null, if no node matched.
+ * @throws XPathException An error occurred evaluating the XPath expression.
+ */
+ public static Node selectSingleNode(
+ Node contextNode,
+ Element namespaceElement,
+ String exp)
+ throws XPathException {
+
+ try {
+ SimpleNamespaceContext ctx = new SimpleNamespaceContext();
+ ctx.addElementNamespaces(documentNavigator, namespaceElement);
+ return selectSingleNode(contextNode, ctx, exp);
+
+ } catch (JaxenException e) {
+ throw new XPathException("XPath operation FAILED. Reason: " + e.getMessage(), e);
+
+ }
+ }
+
+ /**
+ * Select the first node matching an XPath expression.
+ *
+ * @param contextNode The root node from which to evaluate the XPath
+ * expression.
+ * @param namespaceMapping A namespace prefix to namespace URI mapping
+ * (String to String) for evaluating the XPath
+ * expression.
+ * @param exp The XPath expression to evaluate.
+ * @return Node The first node matching the XPath expression, or
+ * null, if no node matched.
+ * @throws XPathException An error occurred evaluating the XPath expression.
+ */
+ public static Node selectSingleNode(
+ Node contextNode,
+ Map namespaceMapping,
+ String exp)
+ throws XPathException {
+
+ SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping);
+
+ return selectSingleNode(contextNode, ctx, exp);
+ }
+
+ /**
+ * Select the first node matching an XPath expression.
+ *
+ * @param contextNode The root node from which to evaluate the XPath
+ * expression.
+ * @param nsContext The NamespaceContext for resolving namespace
+ * prefixes to namespace URIs for evaluating the XPath expression.
+ * @param exp The XPath expression to evaluate.
+ * @return Node The first node matching the XPath expression, or
+ * null, if no node matched.
+ * @throws XPathException An error occurred evaluating the XPath expression.
+ */
+ public static Node selectSingleNode(
+ Node contextNode,
+ NamespaceContext nsContext,
+ String exp)
+ throws XPathException {
+
+ try {
+ DOMXPath xpath = new DOMXPath(exp);
+ xpath.setNamespaceContext(nsContext);
+ return (Node) xpath.selectSingleNode(contextNode);
+
+ } catch (JaxenException e) {
+ throw new XPathException("XPath operation FAILED. Reason: " + e.getMessage(), e);
+
+ }
+ }
+
+ /**
+ * Return the value of a DOM element whose location is given by an XPath
+ * expression.
+ *
+ * @param root The root element from which to evaluate the XPath.
+ * @param xpath The XPath expression pointing to the element whose value
+ * to return.
+ * @param def The default value to return, if no element can be found using
+ * the given xpath.
+ * @return The element value, if it can be located using the
+ * xpath. Otherwise, def is returned.
+ */
+ public static String getElementValue(
+ Element root,
+ String xpath,
+ String def) {
+
+ Element elem = (Element) XPathUtils.selectSingleNode(root, xpath);
+ return elem != null ? DOMUtils.getText(elem) : def;
+ }
+
+ /**
+ * Return the value of a DOM attribute whose location is given by an XPath
+ * expression.
+ *
+ * @param root The root element from which to evaluate the XPath.
+ * @param xpath The XPath expression pointing to the attribute whose value to
+ * return.
+ * @param def The default value to return, if no attribute can be found using
+ * the given xpath.
+ * @return The element value, if it can be located using the
+ * xpath. Otherwise, def is returned.
+ */
+ public static String getAttributeValue(
+ Element root,
+ String xpath,
+ String def) {
+
+ Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath);
+ return attr != null ? attr.getValue() : def;
+ }
+
+ /**
+ * Returns the namespace prefix used within XPathUtils for referring to
+ * the namespace of the specified (Security Layer command) element.
+ *
+ * This namespace prefix can be used in various XPath expression evaluation methods
+ * within XPathUtils without explicitely binding it to the particular
+ * namespace.
+ *
+ * @param contextElement The (Security Layer command) element.
+ *
+ * @return the namespace prefix used within XPathUtils for referring to
+ * the namespace of the specified (Security Layer command) element.
+ *
+ * throws XpathException If the specified element has a namespace other than the ones
+ * known by this implementation as valid Security Layer namespaces (cf.
+ * @link Constants#SL10_NS_URI, @link Constants#SL11_NS_URI, @link Constants#SL12_NS_URI).
+ */
+ public static String getSlPrefix (Element contextElement) throws XPathException
+ {
+ String sLNamespace = contextElement.getNamespaceURI();
+ String sLPrefix = null;
+
+ if (sLNamespace.equals(XMLNamespaceConstants.SL10_NS_URI))
+ sLPrefix = XMLNamespaceConstants.SL10_PREFIX;
+
+ else if (sLNamespace.equals(XMLNamespaceConstants.SL12_NS_URI))
+ sLPrefix = XMLNamespaceConstants.SL12_PREFIX;
+
+ else if (sLNamespace.equals(XMLNamespaceConstants.SL11_NS_URI))
+ sLPrefix = XMLNamespaceConstants.SL11_PREFIX;
+
+ else
+ throw new XPathException("XPath operation FAILED. Reason: ");
+
+ return sLPrefix;
+ }
+
+
+ /**
+ * Return the SecurityLayer namespace prefix of the context element.
+ * If the context element is not the element that lies within the
+ * SecurityLayer namespace. The Securitylayer namespace is derived from
+ * the xmlns:sl10, sl11 or sl
+ * attribute of the context element.
+ *
+ * The returned prefix is needed for evaluating XPATH expressions.
+ *
+ * @param contextElement The element to get a prefix for the Securitylayer namespace,
+ * that is used within the corresponding document.
+ *
+ * @return The string sl10, sl11 or sl,
+ * depending on the SecurityLayer namespace of the contextElement.
+ *
+ * throws XPathException If no (vlalid) SecurityLayer namespace prefix or namespace
+ * is defined.
+ */
+ public static String getSlPrefixFromNoRoot (Element contextElement) throws XPathException {
+
+ String slPrefix = checkSLnsDeclaration(contextElement, XMLNamespaceConstants.SL10_PREFIX, XMLNamespaceConstants.SL10_NS_URI);
+ if (slPrefix == null)
+ slPrefix = checkSLnsDeclaration(contextElement, XMLNamespaceConstants.SL11_PREFIX, XMLNamespaceConstants.SL11_NS_URI);
+
+ if (slPrefix == null)
+ slPrefix = checkSLnsDeclaration(contextElement, XMLNamespaceConstants.SL12_PREFIX, XMLNamespaceConstants.SL12_NS_URI);
+
+ return slPrefix;
+
+ }
+
+ /**
+ * Checks if the context element has an attribute xmlns:slPrefix and
+ * if the prefix of that attribute corresponds with a valid SecurityLayer namespace.
+ *
+ * @param contextElement The element to be checked.
+ * @param slPrefix The prefix which should be checked. Must be a valid SecurityLayer
+ * namespace prefix.
+ * @param slNameSpace The SecurityLayer namespace that corresponds to the specified prefix.
+ *
+ * @return The valid SecurityLayer prefix or null if this prefix is
+ * not used.
+ * @throws XPathException
+ */
+ private static String checkSLnsDeclaration(Element contextElement, String slPrefix, String slNameSpace)
+ throws XPathException
+ {
+ String nsAtt = "xmlns:" + slPrefix;
+ String nameSpace = contextElement.getAttribute(nsAtt);
+ if (nameSpace == "") {
+ return null;
+
+ } else {
+ // check if namespace is correct
+ if (nameSpace.equals(slNameSpace))
+ return slPrefix;
+ else
+ throw new XPathException("Unknown Namespace declaration");
+
+ }
+ }
+
+}
diff --git a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 00000000..d827c51f
--- /dev/null
+++ b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egiz.eaaf.core.impl.idp.EAAFCoreSpringResourceProvider
\ No newline at end of file
diff --git a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
new file mode 100644
index 00000000..2decf67c
--- /dev/null
+++ b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -0,0 +1,11 @@
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BirthdateAttributeBuilder
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.GivenNameAttributeBuilder
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PrincipalNameAttributeBuilder
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPVersionAttributeBuilder
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDeIDASQAALevelAttributeBuilder
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder
diff --git a/eaaf_core/src/main/resources/eaaf_core.beans.xml b/eaaf_core/src/main/resources/eaaf_core.beans.xml
new file mode 100644
index 00000000..56ca556c
--- /dev/null
+++ b/eaaf_core/src/main/resources/eaaf_core.beans.xml
@@ -0,0 +1,40 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/eaaf_core/src/main/resources/process/ProcessDefinition.xsd b/eaaf_core/src/main/resources/process/ProcessDefinition.xsd
new file mode 100644
index 00000000..d6ab7ae4
--- /dev/null
+++ b/eaaf_core/src/main/resources/process/ProcessDefinition.xsd
@@ -0,0 +1,53 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/Core-1.2.xsd b/eaaf_core/src/main/resources/schemas/Core-1.2.xsd
new file mode 100644
index 00000000..864fee6d
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/Core-1.2.xsd
@@ -0,0 +1,881 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/Core.20020225.xsd b/eaaf_core/src/main/resources/schemas/Core.20020225.xsd
new file mode 100644
index 00000000..00b508dd
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/Core.20020225.xsd
@@ -0,0 +1,399 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/Core.20020831.xsd b/eaaf_core/src/main/resources/schemas/Core.20020831.xsd
new file mode 100644
index 00000000..a533bf22
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/Core.20020831.xsd
@@ -0,0 +1,153 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.ancient.xsd b/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.ancient.xsd
new file mode 100644
index 00000000..833d327f
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.ancient.xsd
@@ -0,0 +1,122 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.wrong.xsd b/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.wrong.xsd
new file mode 100644
index 00000000..db83c9df
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.wrong.xsd
@@ -0,0 +1,122 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.xsd b/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.xsd
new file mode 100644
index 00000000..7a01b23d
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/ECDSAKeyValue.xsd
@@ -0,0 +1,122 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.2.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.2.xsd
new file mode 100644
index 00000000..43741d84
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.2.xsd
@@ -0,0 +1,350 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter der
+ Authentisierungs-Komponente
+
+
+
+
+ enthält Konfigurationsparameter der
+ Proxy-Komponente
+
+
+
+
+
+ enthält Parameter für die Kommunikation zw.
+ Proxykomponente und Authenttisierungskomponente
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der
+ Proxy-Komponente zur Auth-Komponente (vgl.
+ AuthComponent/MOA-SP/ConnectionParameter)
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die OA
+
+
+
+
+
+
+
+
+
+
+
+
+ spezifiziert den Algorithmus ("pkix" oder "chaining") für die
+ Zertifikatspfadvalidierung
+
+
+
+
+
+ ein vom SystemDefaultMode abweichender ChiningMode kann
+ für jeden TrustAnchor gesetzt werden
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ verweist auf ein Verzeichnis, das vertrauenswürdige CA
+ (Zwischen-CA, Wurzel-CA) Zertifikate enthält.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Kommunikation mit dem
+ Security-Layer
+
+
+
+
+
+ das Attribut filename verweist auf eine Datei mit globalem
+ Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo
+ werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks
+ inkludiert
+
+
+
+
+
+
+
+
+
+
+ enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA
+ SP Modul
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der
+ AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server;
+ wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden;
+ wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben
+ werden; wird das Element nicht verwendet dann wird MOA-SP über das API
+ aufgerufen
+
+
+
+
+ enthält Parameter für die Überprüfung der
+ Personenbindung
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Überprüfung des
+ AUTH-Blocks
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Informationen über akzeptierte Signers des
+ IdentityLinks
+
+
+
+
+
+ akzeptierte Signer des IdentityLinks werden per
+ X509SubjectName (Kodierung nach RFC 2253) identifiziert
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die
+ Authentisierungs-Komponente betreffen
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der
+ TLS-Verbindung enthält (keine CA-Zertifikate)
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem KeyStore, der den privaten Schlüssel, der für
+ die TLS-Client-Authentisierung verwendetwird, enthält
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.3.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.3.xsd
new file mode 100644
index 00000000..02f750e3
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.3.xsd
@@ -0,0 +1,424 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter der
+ Authentisierungs-Komponente
+
+
+
+
+ enthält Konfigurationsparameter der
+ Proxy-Komponente
+
+
+
+
+
+ enthält Parameter für die Kommunikation zw.
+ Proxykomponente und Authenttisierungskomponente
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der
+ Proxy-Komponente zur Auth-Komponente (vgl.
+ AuthComponent/MOA-SP/ConnectionParameter)
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die OA
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ spezifiziert den Algorithmus ("pkix" oder "chaining") für die
+ Zertifikatspfadvalidierung
+
+
+
+
+
+ ein vom SystemDefaultMode abweichender ChiningMode kann
+ für jeden TrustAnchor gesetzt werden
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ verweist auf ein Verzeichnis, das vertrauenswürdige CA
+ (Zwischen-CA, Wurzel-CA) Zertifikate enthält.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Kommunikation mit dem
+ Security-Layer
+
+
+
+
+
+
+
+
+
+ enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA
+ SP Modul
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der
+ AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server;
+ wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden;
+ wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben
+ werden; wird das Element nicht verwendet dann wird MOA-SP über das API
+ aufgerufen
+
+
+
+
+ enthält Parameter für die Überprüfung der
+ Personenbindung
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Überprüfung des
+ AUTH-Blocks
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Informationen über akzeptierte Signers des
+ IdentityLinks
+
+
+
+
+
+ akzeptierte Signer des IdentityLinks werden per
+ X509SubjectName (Kodierung nach RFC 2253) identifiziert
+
+
+
+
+
+
+
+
+
+ das Attribut filename verweist auf eine Datei mit globalem
+ Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo
+ werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks
+ inkludiert
+
+
+
+
+
+
+
+
+
+
+
+ das Attribut URL spezifiziert die Lage des Templates
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die
+ Authentisierungs-Komponente betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der
+ TLS-Verbindung enthält (keine CA-Zertifikate)
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem KeyStore, der den privaten Schlüssel, der für
+ die TLS-Client-Authentisierung verwendetwird, enthält
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.2.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.2.xsd
new file mode 100644
index 00000000..f80d6ef8
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.2.xsd
@@ -0,0 +1,616 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter der Authentisierungs-Komponente
+
+
+
+
+ enthält Konfigurationsparameter der Proxy-Komponente
+
+
+
+
+
+ enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die OA
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung
+
+
+
+
+
+ ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Kommunikation mit dem Security-Layer
+
+
+
+
+
+
+
+
+
+ enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen
+
+
+
+
+ enthält Parameter für die Überprüfung der Personenbindung
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Überprüfung des AUTH-Blocks
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Informationen über akzeptierte Signers des IdentityLinks
+
+
+
+
+
+ akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert
+
+
+
+
+
+
+
+ enthält Defaultparameter für die Überprüfung weiterer Infoboxen
+
+
+
+
+
+
+ das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert
+
+
+
+
+
+
+
+
+
+
+
+
+ das Attribut URL spezifiziert die Lage des Templates
+
+
+
+
+
+ Verifikation zusätzlicher Infoboxen
+
+
+
+
+ Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen
+
+
+
+
+
+
+
+
+
+ Parameter für Überprüfung weiterer Infoboxen
+
+
+
+
+
+
+ Parameter zur Überprüfung einzelner Infoboxen
+
+
+
+
+ optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet
+
+
+
+
+ TrustProfil, das für die Überprüfung der Infobox verwendet werden soll
+
+
+
+
+ Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen
+
+
+
+
+
+ Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden
+
+
+
+
+
+
+
+
+
+ Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.
+
+
+
+
+
+ Legt fest ob Machtgeber und Machtnehmer in den Anmeldedaten ausgetauscht werden sollen. Lediglich die übermittelte Vollmacht gibt dann Aufschluss darüber, dass eine Vertretung vorliegt. Ziel dieses Schalters ist, dass bisherige Applikationen mit Vollmachten und beruflicher Parteienvertretung nachgerüstet werden können, ohne der Erfordernis Änderungen durchführen zu müssen.
+
+
+
+
+ Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.
+
+
+
+
+ Eigentlicher Konfigurationsteil für berufliche Parteienvertretung
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Spezifiziert die Lage von XML Schemas
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente betreffen
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden
+
+
+
+
+
+
+
+
+
+
+ Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll
+
+
+
+
+
+
+
+
+
+ Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors
+
+
+
+
+ Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden
+
+
+
+
+ Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)
+
+
+
+
+ Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert
+
+
+
+
+
+
+
+
+ Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors
+
+
+
+
+
+ Optionale Verbindungsparameter zu speziellem (SZR-)Gateway
+
+
+
+
+
+ OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren
+
+
+
+
+
+ Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist
+
+
+
+
+
+
+
+ Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)
+
+
+
+
+
+
+
+ Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.3.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.3.xsd
new file mode 100644
index 00000000..03f3a24a
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.3.xsd
@@ -0,0 +1,612 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter der Authentisierungs-Komponente
+
+
+
+
+ enthält Konfigurationsparameter der Proxy-Komponente
+
+
+
+
+
+ enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die OA
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung
+
+
+
+
+
+ ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Kommunikation mit dem Security-Layer
+
+
+
+
+
+
+
+
+
+ enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen
+
+
+
+
+ enthält Parameter für die Überprüfung der Personenbindung
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Überprüfung des AUTH-Blocks
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Informationen über akzeptierte Signers des IdentityLinks
+
+
+
+
+
+ akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert
+
+
+
+
+
+
+
+ enthält Defaultparameter für die Überprüfung weiterer Infoboxen
+
+
+
+
+
+
+ das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert
+
+
+
+
+
+
+
+
+
+
+
+
+ das Attribut URL spezifiziert die Lage des Templates
+
+
+
+
+
+ Verifikation zusätzlicher Infoboxen
+
+
+
+
+ Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen
+
+
+
+
+
+
+
+
+
+ Parameter für Überprüfung weiterer Infoboxen
+
+
+
+
+
+
+ Parameter zur Überprüfung einzelner Infoboxen
+
+
+
+
+ optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet
+
+
+
+
+ TrustProfil, das für die Überprüfung der Infobox verwendet werden soll
+
+
+
+
+ Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen
+
+
+
+
+
+ Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden
+
+
+
+
+
+
+
+
+
+ Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.
+
+
+
+
+
+ Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.
+
+
+
+
+ Eigentlicher Konfigurationsteil für berufliche Parteienvertretung
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Spezifiziert die Lage von XML Schemas
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente betreffen
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden
+
+
+
+
+
+
+
+
+
+
+ Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll
+
+
+
+
+
+
+
+
+
+ Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors
+
+
+
+
+ Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden
+
+
+
+
+ Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)
+
+
+
+
+ Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert
+
+
+
+
+
+
+
+
+ Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors
+
+
+
+
+
+ Optionale Verbindungsparameter zu speziellem (SZR-)Gateway
+
+
+
+
+
+ OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren
+
+
+
+
+
+ Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist
+
+
+
+
+
+
+
+ Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)
+
+
+
+
+
+
+
+ Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.7.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.7.xsd
new file mode 100644
index 00000000..d2af3b93
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.7.xsd
@@ -0,0 +1,625 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter der Authentisierungs-Komponente
+
+
+
+
+ enthält Konfigurationsparameter der Proxy-Komponente
+
+
+
+
+
+ enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die OA
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung
+
+
+
+
+
+ ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Kommunikation mit dem Security-Layer
+
+
+
+
+
+
+
+
+
+ enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen
+
+
+
+
+ enthält Parameter für die Überprüfung der Personenbindung
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Überprüfung des AUTH-Blocks
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Informationen über akzeptierte Signers des IdentityLinks
+
+
+
+
+
+ akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert
+
+
+
+
+
+
+
+ enthält Defaultparameter für die Überprüfung weiterer Infoboxen
+
+
+
+
+
+
+
+ Default Verbindungsparameter zum SZR-Gateway (GetIdentityLink)
+
+
+
+
+
+
+
+
+
+ das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert
+
+
+
+
+
+
+
+
+
+
+
+
+ das Attribut URL spezifiziert die Lage des Templates
+
+
+
+
+
+ Verifikation zusätzlicher Infoboxen
+
+
+
+
+ Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen
+
+
+
+
+
+
+
+
+
+ Parameter für Überprüfung weiterer Infoboxen
+
+
+
+
+
+
+ Parameter zur Überprüfung einzelner Infoboxen
+
+
+
+
+ optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet
+
+
+
+
+ TrustProfil, das für die Überprüfung der Infobox verwendet werden soll
+
+
+
+
+ Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen
+
+
+
+
+
+ Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden
+
+
+
+
+
+
+
+
+
+ Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.
+
+
+
+
+
+ Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.
+
+
+
+
+ Eigentlicher Konfigurationsteil für berufliche Parteienvertretung
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Spezifiziert die Lage von XML Schemas
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente betreffen
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden
+
+
+
+
+
+
+
+
+
+
+ Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll
+
+
+
+
+
+
+
+
+
+ Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors
+
+
+
+
+ Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden
+
+
+
+
+ Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)
+
+
+
+
+ Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert
+
+
+
+
+
+
+
+
+ Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors
+
+
+
+
+
+ Optionale Verbindungsparameter zu speziellem (SZR-)Gateway
+
+
+
+
+
+ OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren
+
+
+
+
+
+ Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist
+
+
+
+
+
+
+
+ Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)
+
+
+
+
+
+
+
+ Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.xsd
new file mode 100644
index 00000000..899f237c
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.4.xsd
@@ -0,0 +1,505 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter der
+ Authentisierungs-Komponente
+
+
+
+
+ enthält Konfigurationsparameter der
+ Proxy-Komponente
+
+
+
+
+
+ enthält Parameter für die Kommunikation zw.
+ Proxykomponente und Authenttisierungskomponente
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der
+ Proxy-Komponente zur Auth-Komponente (vgl.
+ AuthComponent/MOA-SP/ConnectionParameter)
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die OA
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ spezifiziert den Algorithmus ("pkix" oder "chaining") für die
+ Zertifikatspfadvalidierung
+
+
+
+
+
+ ein vom SystemDefaultMode abweichender ChiningMode kann
+ für jeden TrustAnchor gesetzt werden
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ verweist auf ein Verzeichnis, das vertrauenswürdige CA
+ (Zwischen-CA, Wurzel-CA) Zertifikate enthält.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Kommunikation mit dem
+ Security-Layer
+
+
+
+
+
+
+
+
+
+ enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA
+ SP Modul
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der
+ AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server;
+ wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden;
+ wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben
+ werden; wird das Element nicht verwendet dann wird MOA-SP über das API
+ aufgerufen
+
+
+
+
+ enthält Parameter für die Überprüfung der
+ Personenbindung
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Überprüfung des
+ AUTH-Blocks
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Informationen über akzeptierte Signers des
+ IdentityLinks
+
+
+
+
+
+ akzeptierte Signer des IdentityLinks werden per
+ X509SubjectName (Kodierung nach RFC 2253) identifiziert
+
+
+
+
+
+
+
+ enthält Defaultparameter für die Überprüfung weiterer Infoboxen
+
+
+
+
+
+
+ das Attribut filename verweist auf eine Datei mit globalem
+ Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo
+ werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks
+ inkludiert
+
+
+
+
+
+
+
+
+
+
+
+ das Attribut URL spezifiziert die Lage des Templates
+
+
+
+
+
+ Verifikation zusätzlicher Infoboxen
+
+
+
+
+ Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen
+
+
+
+
+
+
+
+
+
+ Parameter für Überprüfung weiterer Infoboxen
+
+
+
+
+
+ optionalervName, der für Fehlermeldungen verwendet werden soll;
+ z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird
+ das Identifier-Attribut verwendet
+
+
+
+
+ TrustProfil, das für die Überprüfung der Infobox
+ verwendet werden soll
+
+
+
+
+ Validatorklasse, die für die Prüfung der Infobox
+ verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname
+ vom Default Package- und Klassennamen abweichen
+
+
+
+
+
+ Infobox spezifische Parameter, die der jeweiligen Prüfapplikation
+ übergeben werden
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Spezifiziert die Lage von XML Schemas
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die
+ Authentisierungs-Komponente betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der
+ TLS-Verbindung enthält (keine CA-Zertifikate)
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem KeyStore, der den privaten Schlüssel, der für
+ die TLS-Client-Authentisierung verwendetwird, enthält
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.0.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
new file mode 100644
index 00000000..f5daf09b
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
@@ -0,0 +1,665 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter der Authentisierungs-Komponente
+
+
+
+
+ enthält Konfigurationsparameter der Proxy-Komponente
+
+
+
+
+
+ enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die OA
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung
+
+
+
+
+
+ ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Kommunikation mit dem Security-Layer
+
+
+
+
+
+
+
+
+
+ enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen
+
+
+
+
+ enthält Parameter für die Überprüfung der Personenbindung
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Überprüfung des AUTH-Blocks
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Informationen über akzeptierte Signers des IdentityLinks
+
+
+
+
+
+ akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert
+
+
+
+
+
+
+
+ enthält Defaultparameter für die Überprüfung weiterer Infoboxen
+
+
+
+
+
+
+
+ Verbindungsparameter zum SZR-Gateway (GetIdentityLink)
+
+
+
+
+
+
+
+
+
+
+ Verbindungsparameter zum Online-Vollmachten-Service
+
+
+
+
+
+
+
+
+
+ das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ das Attribut URL spezifiziert die Lage des Templates
+
+
+
+
+
+ Verifikation zusätzlicher Infoboxen
+
+
+
+
+ Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen
+
+
+
+
+
+
+
+
+
+ Parameter für Überprüfung weiterer Infoboxen
+
+
+
+
+
+
+ Parameter zur Überprüfung einzelner Infoboxen
+
+
+
+
+ optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet
+
+
+
+
+ TrustProfil, das für die Überprüfung der Infobox verwendet werden soll
+
+
+
+
+ Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen
+
+
+
+
+
+ Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden
+
+
+
+
+
+
+
+
+
+ Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.
+
+
+
+
+
+ Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.
+
+
+
+
+ Eigentlicher Konfigurationsteil für berufliche Parteienvertretung
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Spezifiziert die Lage von XML Schemas
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente betreffen
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden
+
+
+
+
+
+
+
+
+
+
+ Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll
+
+
+
+
+
+
+
+
+
+ Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors
+
+
+
+
+ Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden
+
+
+
+
+ Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)
+
+
+
+
+ Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert
+
+
+
+
+
+
+
+
+ Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors
+
+
+
+
+
+ Optionale Verbindungsparameter zu speziellem (SZR-)Gateway
+
+
+
+
+
+ OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren
+
+
+
+
+
+ Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist
+
+
+
+
+
+
+
+ Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)
+
+
+
+
+
+
+
+ Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.1.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.1.xsd
new file mode 100644
index 00000000..fec3b6d0
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.1.xsd
@@ -0,0 +1,659 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter der Authentisierungs-Komponente
+
+
+
+
+
+
+
+
+
+
+ enthält Konfigurationsparameter der Proxy-Komponente
+
+
+
+
+
+ enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die OA
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung
+
+
+
+
+
+ ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Kommunikation mit dem Security-Layer
+
+
+
+
+
+
+
+
+
+ enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen
+
+
+
+
+ enthält Parameter für die Überprüfung der Personenbindung
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Überprüfung des AUTH-Blocks
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Informationen über akzeptierte Signers des IdentityLinks
+
+
+
+
+
+ akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert
+
+
+
+
+
+
+
+ enthält Defaultparameter für die Überprüfung weiterer Infoboxen
+
+
+
+
+
+
+
+ Verbindungsparameter zum SZR-Gateway (GetIdentityLink)
+
+
+
+
+
+
+
+
+
+
+ Verbindungsparameter zum Online-Vollmachten-Service
+
+
+
+
+
+
+
+
+
+ das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert
+
+
+
+
+
+
+
+
+
+
+
+
+ das Attribut URL spezifiziert die Lage des Templates
+
+
+
+
+
+ Verifikation zusätzlicher Infoboxen
+
+
+
+
+ Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen
+
+
+
+
+
+
+
+
+
+ Parameter für Überprüfung weiterer Infoboxen
+
+
+
+
+
+
+ Parameter zur Überprüfung einzelner Infoboxen
+
+
+
+
+ optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet
+
+
+
+
+ TrustProfil, das für die Überprüfung der Infobox verwendet werden soll
+
+
+
+
+ Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen
+
+
+
+
+
+ Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden
+
+
+
+
+
+
+
+
+
+ Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.
+
+
+
+
+
+ Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.
+
+
+
+
+ Eigentlicher Konfigurationsteil für berufliche Parteienvertretung
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Spezifiziert die Lage von XML Schemas
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente betreffen
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden
+
+
+
+
+
+
+
+
+
+
+ Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll
+
+
+
+
+
+
+
+
+
+ Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors
+
+
+
+
+ Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden
+
+
+
+
+ Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)
+
+
+
+
+ Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert
+
+
+
+
+
+
+
+
+ Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors
+
+
+
+
+
+ Optionale Verbindungsparameter zu speziellem (SZR-)Gateway
+
+
+
+
+
+ OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren
+
+
+
+
+
+ Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist
+
+
+
+
+
+
+
+ Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)
+
+
+
+
+
+
+
+ Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.2.xsd b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.2.xsd
new file mode 100644
index 00000000..93339922
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-ID-Configuration-1.5.2.xsd
@@ -0,0 +1,757 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter der Authentisierungs-Komponente
+
+
+
+
+
+
+
+
+
+ enthält Konfigurationsparameter der Proxy-Komponente
+
+
+
+
+
+ enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die OA
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung
+
+
+
+
+
+ ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Kommunikation mit dem Security-Layer
+
+
+
+
+
+
+
+
+
+ enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul
+
+
+
+
+
+ enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen
+
+
+
+
+ enthält Parameter für die Überprüfung der Personenbindung
+
+
+
+
+
+
+
+
+
+ enthält Parameter für die Überprüfung des AUTH-Blocks
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Informationen über akzeptierte Signers des IdentityLinks
+
+
+
+
+
+ akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert
+
+
+
+
+
+
+
+ enthält Defaultparameter für die Überprüfung weiterer Infoboxen
+
+
+
+
+
+
+
+ Verbindungsparameter zum SZR-Gateway (GetIdentityLink)
+
+
+
+
+ Verbindungsparameter zu den Country-PEPS (C-PEPS)
+
+
+
+
+
+
+
+
+
+
+ Verbindungsparameter zum Online-Vollmachten-Service
+
+
+
+
+
+
+
+
+
+ das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert
+
+
+
+
+
+
+
+
+
+
+
+
+ das Attribut URL spezifiziert die Lage des Templates
+
+
+
+
+
+ Verifikation zusätzlicher Infoboxen
+
+
+
+
+ Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen
+
+
+
+
+
+
+
+
+
+ Parameter für Überprüfung weiterer Infoboxen
+
+
+
+
+
+
+ Parameter zur Überprüfung einzelner Infoboxen
+
+
+
+
+ optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet
+
+
+
+
+ TrustProfil, das für die Überprüfung der Infobox verwendet werden soll
+
+
+
+
+ Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen
+
+
+
+
+
+ Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden
+
+
+
+
+
+
+
+
+
+ Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.
+
+
+
+
+
+ Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.
+
+
+
+
+ Eigentlicher Konfigurationsteil für berufliche Parteienvertretung
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Spezifiziert die Lage von XML Schemas
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente betreffen
+
+
+
+
+
+ enthält Parameter über die OA, die die Proxy-Komponente betreffen
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)
+
+
+
+
+
+
+
+
+
+
+
+ URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden
+
+
+
+
+
+
+
+
+
+
+ Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll
+
+
+
+
+
+
+
+
+
+ Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors
+
+
+
+
+ Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden
+
+
+
+
+ Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)
+
+
+
+
+ Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert
+
+
+
+
+
+
+
+
+ Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors
+
+
+
+
+
+ Optionale Verbindungsparameter zu speziellem (SZR-)Gateway
+
+
+
+
+
+ OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren
+
+
+
+
+
+ Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist
+
+
+
+
+
+
+
+ Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)
+
+
+
+
+
+
+
+ Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird
+
+
+
+
+
+
+ Enthält Informationen zu einem KeyStore bzw. Key zur STORK SAML AuthnRequest Signaturerstellung
+
+
+
+
+
+
+
+
+ Enthält Informationen zur Verfikation von Signaturen einer STORK SAML Response
+
+
+
+
+
+
+
+ Enthält Informationen zur Erstellung und Verifikation von STORK SAML Messages
+
+
+
+
+
+
+
+
+
+
+ URL zu einem KeyStore, der den privaten Schlüssel zum Erstellen einer Signatur enthält
+
+
+
+
+
+
+
+
+
+
+
+ Name zum Key eines KeyStores, der den privaten Schlüssel zum Erstellen einer Signatur darstellt
+
+
+
+
+
+
+
+
+
+
+
+ Enthält Informationen zu einem Citizen Country PEPS (C-PEPS)
+
+
+
+
+
+
+
+
+
+
+
+ Contains STORK related information
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-1.3.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-1.3.xsd
new file mode 100644
index 00000000..5a58e4f8
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-1.3.xsd
@@ -0,0 +1,469 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage
+
+
+
+ Resultat, falls die Signaturerstellung erfolgreich war
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert
+
+
+
+
+
+
+
+
+
+
+ only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.
+
+
+
+
+
+
+
+
+
+ mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert
+
+
+
+
+
+
+
+
+
+
+ only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Resultat, falls die Signaturerstellung gescheitert ist
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.
+
+
+
+
+ Profilbezeichner für einen Transformationsweg
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.
+
+
+
+ Der Transformationsparameter explizit angegeben.
+
+
+
+
+ Der Hashwert des Transformationsparameters.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Explizite Angabe des Transformationswegs
+
+
+
+
+
+
+ Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-1.4.7.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-1.4.7.xsd
new file mode 100644
index 00000000..32b4d68e
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-1.4.7.xsd
@@ -0,0 +1,471 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage
+
+
+
+ Resultat, falls die Signaturerstellung erfolgreich war
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert
+
+
+
+
+
+
+
+
+
+
+ only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.
+
+
+
+
+
+
+
+
+
+ mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert
+
+
+
+
+
+
+
+
+
+
+ only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Resultat, falls die Signaturerstellung gescheitert ist
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.
+
+
+
+
+ Profilbezeichner für einen Transformationsweg
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.
+
+
+
+ Der Transformationsparameter explizit angegeben.
+
+
+
+
+ Der Hashwert des Transformationsparameters.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Explizite Angabe des Transformationswegs
+
+
+
+
+
+
+ Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-2.0.0.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-2.0.0.xsd
new file mode 100644
index 00000000..73d145ec
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-2.0.0.xsd
@@ -0,0 +1,572 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage
+
+
+
+ Resultat, falls die Signaturerstellung erfolgreich war
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage
+
+
+
+ Resultat, falls die Signaturerstellung erfolgreich war
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert
+
+
+
+
+
+
+
+
+
+
+ only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.
+
+
+
+
+
+
+
+
+
+ mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert
+
+
+
+
+
+
+
+
+
+
+ only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Resultat, falls die Signaturerstellung gescheitert ist
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.
+
+
+
+
+ Profilbezeichner für einen Transformationsweg
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.
+
+
+
+ Der Transformationsparameter explizit angegeben.
+
+
+
+
+ Der Hashwert des Transformationsparameters.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Explizite Angabe des Transformationswegs
+
+
+
+
+
+
+ Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.3.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.3.xsd
new file mode 100644
index 00000000..291e75a7
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.3.xsd
@@ -0,0 +1,253 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.3.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.3.xsd
new file mode 100644
index 00000000..884b20a9
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.3.xsd
@@ -0,0 +1,312 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.5.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.5.xsd
new file mode 100644
index 00000000..7c3270fd
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.5.xsd
@@ -0,0 +1,268 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.7.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.7.xsd
new file mode 100644
index 00000000..063f0e13
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.4.7.xsd
@@ -0,0 +1,268 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.5.1.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.5.1.xsd
new file mode 100644
index 00000000..bfa48e9d
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-1.5.1.xsd
@@ -0,0 +1,282 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-2.0.0.xsd b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-2.0.0.xsd
new file mode 100644
index 00000000..7270d288
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOA-SPSS-config-2.0.0.xsd
@@ -0,0 +1,353 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/MOAIdentities.xsd b/eaaf_core/src/main/resources/schemas/MOAIdentities.xsd
new file mode 100644
index 00000000..470295be
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/MOAIdentities.xsd
@@ -0,0 +1,51 @@
+
+
+
+
+
+ MOAIdentities provides a mapping from identities to parameters used in the XMLLoginParameterResolver of MOA-ID
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/PersonData.xsd b/eaaf_core/src/main/resources/schemas/PersonData.xsd
new file mode 100644
index 00000000..0e3bc6b3
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/PersonData.xsd
@@ -0,0 +1,426 @@
+
+
+
+
+
+
+
+
+
+
+
+
+ unique identifier
+
+
+
+
+ actual value of the identifier.
+
+
+
+
+
+
+
+
+
+
+
+ type of value (eg 'ZMR', 'SV-Nummer', 'Martrikelnummer', database identification, ...)
+
+
+
+
+ authority, which is reponsible for generation of the identifier (eg university in case of 'MatrikelNummer')
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
+
+
+ element of person type
+
+
+
+
+ main structure of person data
+
+
+
+
+ unique identification entities
+
+
+
+
+
+
+
+
+
+ element of physical person type
+
+
+
+
+ physical person
+
+
+
+
+
+
+ data related to the person's name
+
+
+
+
+ Former name, Artist name, changes of Given name ...
+
+
+
+
+
+
+
+
+
+
+
+ status of a person in the cycle of life
+
+
+
+
+ gender
+
+
+
+
+ date of birth
+
+
+
+
+ place of birth
+
+
+
+
+ country of birth
+
+
+
+
+ nationality of Person (Staatsbürgerschaft)
+
+
+
+
+ confession (religion) of Person
+
+
+
+
+ relatives (parents, ...)
+
+
+
+
+
+ type of the relationship
+
+
+
+
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
+
+ element of corporate body type
+
+
+
+
+ juridical person, organisation
+
+
+
+
+
+
+ category (eg organisation, function, sector, ...)
+
+
+
+
+ name of corporate body (whole name)
+
+
+
+
+ alternative names of corporate body (abbreviations, short name, synonyms, ...)
+
+
+
+
+ type of company (eg AG, OHG, ...)
+
+
+
+
+ part of an organisation, see also X.500 ou (eg departement, section, branch, ...)
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
+
+
+ element of signed person datastructure type
+
+
+
+
+ signed person datastructure. The first Identification elements (from the base type) denote the record as such (e.g. database key for this record) - not to be mistaken for identifiers of the person or of an address (they have their own Identification elements).
+
+
+
+
+
+
+
+
+ one or more electronic signatures applied on fields above
+
+
+
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
+
+
+
+
+
+ simple type for sex (gender) of person
+
+
+
+
+
+
+
+
+
+ simple type for dates (union), which may omit day and/or month
+
+
+
+
+
+ simple type for marital status of a person
+
+
+
+
+
+
+
+
+
+
+ pattern type for enlargement of type definitions
+
+
+
+
+
+
+
+ known relations (family + functional)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ known + any other relation
+
+
+
+
+
+ known types of alternative names
+
+
+
+
+
+
+
+
+
+
+
+ known + any other alternative name types
+
+
+
+
+
+
+ element of address type
+
+
+
+
+ main structure of address data
+
+
+
+
+ unique identification entities
+
+
+
+
+
+
+
+
+ element of postal address type
+
+
+
+
+ postal address
+
+
+
+
+
+
+ type of address - category (eg 'Wohnsitz', 'Zentrale', ...)
+
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
+
+ element of telephone address type
+
+
+
+
+ phone numbers
+
+
+
+
+
+
+ type of phononumber - category (eg 'Festnetz', 'Mobile', 'fax', ...)
+
+
+
+
+ phonenumber
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
+
+ element of internet address type
+
+
+
+
+ internet based communication
+
+
+
+
+
+
+ certificate for secure communication
+
+
+
+
+ email-Address, Web, FTP, LDAP, ...
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/PersonData_20_en_moaWID.xsd b/eaaf_core/src/main/resources/schemas/PersonData_20_en_moaWID.xsd
new file mode 100644
index 00000000..885c2b76
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/PersonData_20_en_moaWID.xsd
@@ -0,0 +1,1229 @@
+
+
+
+
+
+
+
+
+ This version of person deploys only global elements. All types derived from abstract types have been replaced by substitution groups
+
+
+
+
+ dummy abstract Peson Data element needed for bi-lingual schema (substitution groups)
+
+
+
+
+ element of signed person datastructure type
+
+
+
+
+ element of signed person datastructure type
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ element of person type, essential abstract, subsitute PhysicalPerson or CorporateBody instead or use with xsi:type="..."
+
+
+
+
+
+ element of physical person type, dreived from Person (abstract)
+
+
+
+
+ element of physical person type, dreived from Person (abstract)
+
+
+
+
+ element of corporate body type, derived from Person
+
+
+
+
+ element of corporate body type, derived from Person
+
+
+
+
+
+ data related to the person's name
+
+
+
+
+ data related to the person's name
+
+
+
+
+ Former name, Artist name, changes of Given name ..., compare AlternativName
+
+
+
+
+
+
+
+
+
+
+
+ relatives (parents, ...), compare Verwandter
+
+
+
+
+
+ type of the relationship, compare Verwandschftsgrad
+
+
+
+
+
+
+
+
+
+ element of address type, essentially abstract. Use InternetAddress, TelephoneAddress, PostalAddress, TypedPostalAddress instead, or use Address with xsi:type Attribute
+
+
+
+
+ Postal or ZMR Address, compare PostAdresse
+
+
+
+
+ Postal or ZMR Address, compare PostAdresse
+
+
+
+
+ Typed Postal or ZMR Address, compare TypisiertePostAdresse
+
+
+
+
+ InternetAdress such as e-mail or website, compare InternetAdresse
+
+
+
+
+ Typed TelephoneAddress, compare TelefonAdresse
+
+
+
+
+ National or international bank connection, compare Bankverbindung
+
+
+
+
+
+ possibility to include common austrian primary keys in human readable way, english translation not available
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Ergänzungsregister für nicht-natürliche Personen (CorporateBody)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ teletyper or telephone for the hearing impaired
+
+
+
+
+
+ status of a person in the cycle of life, compare Familienstand
+
+
+
+
+ gender, comapre Geschlecht
+
+
+
+
+ date of birth, compare Geburtsdatum
+
+
+
+
+ date of death, compare Sterbedatum
+
+
+
+
+ place of birth, compare Geburtsort
+
+
+
+
+ country of birth, compare Geburtsland
+
+
+
+
+ state of birth, comapre Geburtsbundesland
+
+
+
+
+ nationality of Person, compare Staatsangehoerigkeit. attention! New Fomrat is complex, string value accepted for compatibility only
+
+
+
+
+ confession (religion) of Person - xs:token? gibt es wirklich keine Staaten mit Leerzeichen im Namen?
+
+
+
+
+ occupation, compare Beruf
+
+
+
+
+
+ compare InternationalerLaendercode
+
+
+
+
+ compare NationalNummer
+
+
+
+
+ compare Vorwahl
+
+
+
+
+ compare Anschlussnummer
+
+
+
+
+ Complete number, ready formated - e.g. +43 1 5131345 4664 compare FormatierteNummer
+
+
+
+
+ compare Klappe
+
+
+
+
+ unique identifier
+
+
+
+
+
+ signed person datastructure. The first Identification elements (from the base type) denote the record as such (e.g. database key for this record) - not to be mistaken for identifiers of the person or of an address (they have their own Identification elements).
+
+
+
+
+
+
+
+
+ one or more electronic signatures applied on fields above
+
+
+
+
+ container for your Information needs. Contained Elements must reside in a different Namespace
+
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
+
+
+
+
+ signed person datastructure. The first Identification elements (from the base type) denote the record as such (e.g. database key for this record) - not to be mistaken for identifiers of the person or of an address (they have their own Identification elements).
+
+
+
+
+
+
+
+
+ one or more electronic signatures applied on fields above
+
+
+
+
+ container for your Information needs. Contained Elements must reside in a different Namespace
+
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ unique identifier
+
+
+
+
+ actual value of the identifier.
+
+
+
+
+
+
+
+
+
+
+
+ type of value (eg 'ZMR', 'SV-Nummer', 'Martrikelnummer', database identification, ...)
+
+
+
+
+ authority, which is reponsible for generation of the identifier (eg university in case of 'MatrikelNummer')
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
+
+ main structure of person data
+
+
+
+
+ unique identification entities
+
+
+
+
+
+
+
+
+
+ physical person, compare NatuerlichePersonTyp
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
+
+ physical person, compare NatuerlichePersonTyp
+
+
+
+
+
+
+
+
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
+
+ juridical person, organisation, compare NichtNatuerlichePersonTyp
+
+
+
+
+
+
+ URI pointing to a predefined Class of CorporateBodies, compare Typ
+
+
+
+
+ name of corporate body (whole name), compare VollerName
+
+
+
+
+ alternative names of corporate body (abbreviations, short name, synonyms, ...), comapre AlternativName
+
+
+
+
+ type of company (eg AG, OHG, ...), URI pointing to predefined LegalForm, compare Rechtsform
+
+
+
+
+ part of an organisation, see also X.500 ou (eg departement, section, branch, ...) , compare Organisation
+
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
+
+ juridical person, organisation, compare NichtNatuerlichePersonTyp
+
+
+
+
+
+
+ URI pointing to a predefined Class of CorporateBodies, compare Typ
+
+
+
+
+ name of corporate body (whole name), compare VollerName
+
+
+
+
+ type of company (eg AG, OHG, ...), URI pointing to predefined LegalForm, compare Rechtsform
+
+
+
+
+ part of an organisation, see also X.500 ou (eg departement, section, branch, ...) , compare Organisation
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
+
+ container for parts of a name, comapre PersonenNameTyp
+
+
+
+
+ Complete Name (including Affixes) of the Person, especially useful for names from different cultural environments
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Every given name should be contained inside a GivenName Tag. If that is not possible due to dabase contraints, ... putting several given names inside one GivenName Element is acceptable
+
+
+
+
+ A Person in possesion of more than one GivenName frequently preferrs the use of a Name other than the first GivenName
+
+
+
+
+ MiddleNames are not commonly found in central Europe. The field is mainly for compatibility reasons
+
+
+
+
+ Every family name should be contained inside a FamilyName Tag. If that is not possible due to dabase contraints, ... putting several family names inside one FamilyName Element is acceptable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Inlcudes all Information that is not exactly a name: academic or aristocratic titles, ... the new position attribute can contain a suffx or prefix value
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ container for parts of a name, comapre PersonenNameTyp
+
+
+
+
+ Every given name should be contained inside a GivenName Tag. If that is not possible due to dabase contraints, ... putting several given names inside one GivenName Element is acceptable
+
+
+
+
+ Every family name should be contained inside a FamilyName Tag. If that is not possible due to dabase contraints, ... putting several family names inside one FamilyName Element is acceptable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Inlcudes all Information that is not exactly a name: academic or aristocratic titles, ... the new position attribute can contain a suffx or prefix value
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ comapre, StaatsangehoerigkeitTyp
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ compare BankverbindungTyp
+
+
+
+
+ Account holder, compare Inhaber
+
+
+
+
+ compare BankName
+
+
+
+
+
+ compare NationaleBankverbindung
+
+
+
+
+
+ compare Kontonummer
+
+
+
+
+ compare BLZ
+
+
+
+
+
+
+
+ compare InternationaleBankverbindung
+
+
+
+
+
+ compare IBAN
+
+
+
+
+ comapre BIC
+
+
+
+
+
+
+
+
+
+
+ main structure of address data
+
+
+
+
+ unique identification entities
+
+
+
+
+
+
+
+
+ postal address with type information, compare TypisiertePostAdresseTyp
+
+
+
+
+
+
+ type of address - category (eg 'Wohnsitz', 'Zentrale', ...)
+
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
+
+ compare PostAdresseTyp
+
+
+
+
+
+
+ Code for the country, use ISO or internatinal Postalstandard, compare Staatscode
+
+
+
+
+
+
+
+
+
+ Name of the country, use ISO Name, or international Postal Standard, compare Staatsname
+
+
+
+
+ ZIP, compare Postleitzahl
+
+
+
+
+ compare Region
+
+
+
+
+ compare Bundesland
+
+
+
+
+ compare Gemeinde
+
+
+
+
+ compare Gemeindekennzahl
+
+
+
+
+ ZMR use, compare Ortschaft
+
+
+
+
+ ZMR use, comapre OrtschaftZweisprachig
+
+
+
+
+
+
+
+
+
+
+
+
+
+ zmr use only
+
+
+
+
+ zmr use only
+
+
+
+
+
+ Addressregister database keys used to identify Addresses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ If Addressis used outside of PersonData a recipient can be specified
+
+
+
+
+
+
+
+ rather OrganizationUnit e.G Sales Departement
+
+
+
+
+ e.g. Smith Ltd
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ compare PostAdresseTyp
+
+
+
+
+
+
+ Code for the country, use ISO or internatinal Postalstandard, compare Staatscode
+
+
+
+
+
+
+
+
+
+ Name of the country, use ISO Name, or international Postal Standard, compare Staatsname
+
+
+
+
+ ZIP, compare Postleitzahl
+
+
+
+
+ compare Gemeinde
+
+
+
+
+
+
+
+ if streetname not available use name of Ortschaft
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ e.g. e-mail, webiste, compare InternetAdresseTyp
+
+
+
+
+
+
+ certificate for secure communication
+
+
+
+
+ URI: email-Address, Web, FTP, LDAP, ..., comapre Adress
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
+
+ phone numbers, conmpare TelephoneAdresseTyp
+
+
+
+
+
+
+ type of phononumber - category (eg 'Festnetz', 'Mobile', 'fax', ...)
+
+
+
+
+ phonenumber
+
+
+
+
+ any additional properties
+
+
+
+
+
+
+
+
+ like TelephoneAddresseType but with additional smsEnabled attribute
+
+
+
+
+
+
+
+
+
+ formated number or set of telephone number parts
+
+
+
+
+
+
+
+
+ set of telephone number parts
+
+
+
+
+
+
+
+
+
+
+
+
+ simple type for sex (gender) of person
+
+
+
+
+
+
+
+
+
+ simple type for dates (union), which may omit day and/or month
+
+
+
+
+
+ simple type for dates (union), which may omit day and/or month
+
+
+
+
+
+ simple type for marital status of a person
+
+
+
+
+
+
+
+
+
+
+ pattern type for enlargement of type definitions. Contents as follows
+x:sometext or 12345 or _ or other symbols
+
+
+
+
+
+
+
+
+ known relations (family + functional)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ known + any other relation
+
+
+
+
+
+ known types of alternative names
+
+
+
+
+
+
+
+
+
+
+
+ known + any other alternative name types
+
+
+
+
+
+
+ zmr use only
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/PersonName-1_2.xsd b/eaaf_core/src/main/resources/schemas/PersonName-1_2.xsd
new file mode 100644
index 00000000..7a52b858
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/PersonName-1_2.xsd
@@ -0,0 +1,115 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/PostalAddress-1_2.xsd b/eaaf_core/src/main/resources/schemas/PostalAddress-1_2.xsd
new file mode 100644
index 00000000..2203ede4
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/PostalAddress-1_2.xsd
@@ -0,0 +1,95 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/TelcomNumber-1_0.xsd b/eaaf_core/src/main/resources/schemas/TelcomNumber-1_0.xsd
new file mode 100644
index 00000000..8bc02d40
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/TelcomNumber-1_0.xsd
@@ -0,0 +1,89 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/XAdES-1.1.1.xsd b/eaaf_core/src/main/resources/schemas/XAdES-1.1.1.xsd
new file mode 100644
index 00000000..c57f09de
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/XAdES-1.1.1.xsd
@@ -0,0 +1,545 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/XAdES-1.2.2.xsd b/eaaf_core/src/main/resources/schemas/XAdES-1.2.2.xsd
new file mode 100644
index 00000000..04ddb2d3
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/XAdES-1.2.2.xsd
@@ -0,0 +1,551 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/XAdES-1.3.2.xsd b/eaaf_core/src/main/resources/schemas/XAdES-1.3.2.xsd
new file mode 100644
index 00000000..b0569151
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/XAdES-1.3.2.xsd
@@ -0,0 +1,466 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/XAdES-1.4.1.xsd b/eaaf_core/src/main/resources/schemas/XAdES-1.4.1.xsd
new file mode 100644
index 00000000..274dbdca
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/XAdES-1.4.1.xsd
@@ -0,0 +1,15 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/main/resources/schemas/XMLSchema-instance.xsd b/eaaf_core/src/main/resources/schemas/XMLSchema-instance.xsd
new file mode 100644
index 00000000..f47577b8
--- /dev/null
+++ b/eaaf_core/src/main/resources/schemas/XMLSchema-instance.xsd
@@ -0,0 +1,37 @@
+
+
+
+
+
+
+
+]>
+
+
+
+
Mit meiner elektronischen Signatur beantrage ich,
+
+
+ , geboren am
+ .
+ .
+ ,
+
+ in der Rolle als
+ (OID***= ),
+
+ den Zugang zur gesicherten Anwendung.
+
+
+
Datum und Uhrzeit:
+ .
+ .
+ ,
+ :
+ :
+
+
+
+
HPI(**):
+
+
+
+
wbPK(*):
+
+
+
+
+
Ich bin weiters ermächtigt als
+ von
+ , geboren am
+ .
+ .
+
+
+ ,
+
+ , in deren Auftrag zu handeln.
+
+
+
wbPK(*) des Vollmachtgebers:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
(*) wbPK: Das wirtschaftsbereichsspezifische Personenkennzeichen wird aus den
+ jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum
+ Wirtschaftsunternehmen.
+
+
+
(**) HPI: Der eHealth Professional Identifier wird aus den jeweiligen
+ Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der
+ Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.
+
+
+
(***) OID: Object Identifier sind standardisierte Objekt-Bezeichner und
+ beschreiben eindeutig die Rollen des GDA-Token Inhabers.
Mit meiner elektronischen Signatur beantrage ich,
+
+
+ , geboren am
+.
+.
+,
+
+in der Rolle als
+(OID***= ),
+
+den Zugang zur gesicherten Anwendung.
+
+
+
Datum und Uhrzeit:
+.
+.
+,
+:
+:
+
+
+
+
HPI(**):
+
+
+
+
wbPK(*):
+
+
+
+
+
Ich bin weiters ermächtigt als
+von
+ , geboren am
+ .
+ .
+
+
+ ,
+
+ , in deren Auftrag zu handeln.
+
+
+
wbPK(*) des Vollmachtgebers:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
(*) wbPK: Das wirtschaftsbereichsspezifische Personenkennzeichen wird aus den
+jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum
+Wirtschaftsunternehmen.
+
+
+
(**) HPI: Der eHealth Professional Identifier wird aus den jeweiligen
+Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der
+Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.
+
+
+
(***) OID: Object Identifier sind standardisierte Objekt-Bezeichner und
+beschreiben eindeutig die Rollen des GDA-Token Inhabers.
+
+
+
+
+
+
+
+
+
+ 0q9QWyqAyyiVNNLu1rIcU+nKsEE=
+
+
+
+ WtB0/ptvoB/r/7+fauSUIBULymg=
+
+
+ mZt9DuZiDqG81scsf30qjSDdy6vKC2/n034ZZwMUAvfWOXy3+Ubsk5X5CHhz
++lyI
+
+
+ MIIEtDCCA5ygAwIBAgIDAgTEMA0GCSqGSIb3DQEBBQUAMIGXMQswCQYDVQQG
+EwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lz
+dGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR4wHAYDVQQLDBVh
+LXNpZ24tUHJlbWl1bS1TaWctMDIxHjAcBgNVBAMMFWEtc2lnbi1QcmVtaXVt
+LVNpZy0wMjAeFw0wNjA0MDQwOTUyMjhaFw0xMTA0MDQwOTUyMjhaMGkxCzAJ
+BgNVBAYTAkFUMRUwEwYDVQQDDAxUaG9tYXMgS25hbGwxDjAMBgNVBAQMBUtu
+YWxsMQ8wDQYDVQQqDAZUaG9tYXMxFTATBgNVBAUTDDUzNTE5ODkyMzM0OTEL
+MAkGA1UEDAwCREkwSTATBgcqhkjOPQIBBggqhkjOPQMBAQMyAARrnYW5sXCQ
+6M3irWaanDPi/ROXueKWiPRyZGjNH0Cp/NaiOuvrpv2RDVEKQm2tBiajggIP
+MIICCzATBgNVHSMEDDAKgAhN3+H/S9nJ3zAnBggrBgEFBQcBAwEB/wQYMBYw
+CAYGBACORgEBMAoGCCsGAQUFBwsBMHsGCCsGAQUFBwEBBG8wbTBCBggrBgEF
+BQcwAoY2aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Etc2lnbi1QcmVt
+aXVtLVNpZy0wMmEuY3J0MCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5hLXRy
+dXN0LmF0L29jc3AwWQYDVR0gBFIwUDBEBgYqKAARAQswOjA4BggrBgEFBQcC
+ARYsaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3AvYS1zaWduLVByZW1p
+dW0wCAYGBACLMAEBMIGaBgNVHR8EgZIwgY8wgYyggYmggYaGgYNsZGFwOi8v
+bGRhcC5hLXRydXN0LmF0L291PWEtc2lnbi1QcmVtaXVtLVNpZy0wMixvPUEt
+VHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2Jq
+ZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQI
+SNyH29WUoCgwDgYDVR0PAQH/BAQDAgbAMCgGA1UdCQQhMB8wHQYIKwYBBQUH
+CQExERgPMTk3ODA0MjkwMDAwMDBaMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEF
+BQADggEBAFkSCJE0YD4p4izU3ekQYPv4Z7gm/VFlpma5hXNvwkajVjHlAqo/
+ylYn8NQ4mMkD+yCDNtm8m8nr0K/yICb8Gnkbv59i6nh2AbzYBBb49VnYYGL6
+uunLH0aFUpAhy+3mDdlH8uhhIQBHwCfgwG1qa5zXY7bz4Vzkac/h6T+JVFkI
+egO8OHQDadhgJvW80qspiao2DTac6vVgx4tGvjpdmw1R2pXBYhHD5rkPHlkf
+GoeL3ak6hq4ea94Oy5VfNTIJv5MA0J2G1mwnW9B8uPWSM5EYPoWJyBOWcKBL
+SSUqOt9D/9215ZGfbchkdRZjx0dTAD3FIhgG8nA72/uCFrBzyTk=
+
+
+
+
+
+
+
+ 2008-07-14T15:51:35Z
+
+
+
+
+ inMYWBmAxMHP7mDENjLFaEtv0Zk=
+
+
+ CN=a-sign-Premium-Sig-02,OU=a-sign-Premium-Sig-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
+ 132292
+
+
+
+
+
+
+
+
+
+ application/xhtml+xml
+
+
+
+
+
+
\ No newline at end of file
diff --git a/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_MultipleStartEvents.xml b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_MultipleStartEvents.xml
new file mode 100644
index 00000000..2f492efa
--- /dev/null
+++ b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_MultipleStartEvents.xml
@@ -0,0 +1,22 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_NoStartEvents.xml b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_NoStartEvents.xml
new file mode 100644
index 00000000..3a5b9527
--- /dev/null
+++ b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_NoStartEvents.xml
@@ -0,0 +1,16 @@
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionLoop.xml b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionLoop.xml
new file mode 100644
index 00000000..541f7e2b
--- /dev/null
+++ b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionLoop.xml
@@ -0,0 +1,21 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionRefsTransition.xml b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionRefsTransition.xml
new file mode 100644
index 00000000..4b7a55e4
--- /dev/null
+++ b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionRefsTransition.xml
@@ -0,0 +1,19 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionStartsFromEndEvent.xml b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionStartsFromEndEvent.xml
new file mode 100644
index 00000000..795990a1
--- /dev/null
+++ b/eaaf_core/src/test/resources/process/test/InvalidProcessDefinition_TransitionStartsFromEndEvent.xml
@@ -0,0 +1,19 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/test/resources/process/test/SampleProcessDefinition1.xml b/eaaf_core/src/test/resources/process/test/SampleProcessDefinition1.xml
new file mode 100644
index 00000000..67134393
--- /dev/null
+++ b/eaaf_core/src/test/resources/process/test/SampleProcessDefinition1.xml
@@ -0,0 +1,18 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_core/src/test/resources/process/test/SampleProcessDefinition2.xml b/eaaf_core/src/test/resources/process/test/SampleProcessDefinition2.xml
new file mode 100644
index 00000000..51601331
--- /dev/null
+++ b/eaaf_core/src/test/resources/process/test/SampleProcessDefinition2.xml
@@ -0,0 +1,21 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
new file mode 100644
index 00000000..57d190eb
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
@@ -0,0 +1,94 @@
+
+
+
+
+ 4.0.0
+
+ at.gv.egiz.eaaf
+ eaaf_modules
+ 1.x
+
+ eaaf_module_pvp2_core
+ ${egiz.eaaf.version}
+ eaaf_module_pvp2_core
+ http://maven.apache.org
+
+ UTF-8
+
+
+
+ at.gv.egiz.eaaf
+ eaaf-core
+ ${egiz.eaaf.version}
+
+
+
+ org.opensaml
+ opensaml
+
+
+ org.opensaml
+ xmltooling
+
+
+ org.opensaml
+ openws
+
+
+ org.apache.santuario
+ xmlsec
+
+
+ org.owasp.esapi
+ esapi
+
+
+ javax.servlet
+ javax.servlet-api
+ provided
+
+
+
+
+ junit
+ junit
+ test
+
+
+
+
+ eaaf_module_pvp2_core
+
+
+
+ org.apache.maven.plugins
+ maven-compiler-plugin
+ 3.7.0
+
+ 1.8
+ 1.8
+
+
+
+
+
+ maven-surefire-plugin
+ ${surefire.version}
+
+ 1
+ --add-modules java.xml.bind
+
+
+
+ org.apache.maven.surefire
+ surefire-junit47
+ ${surefire.version}
+
+
+
+
+
+
+
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVP2SProfileCoreSpringResourceProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVP2SProfileCoreSpringResourceProvider.java
new file mode 100644
index 00000000..cfb88e87
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVP2SProfileCoreSpringResourceProvider.java
@@ -0,0 +1,30 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+public class PVP2SProfileCoreSpringResourceProvider implements SpringResourceProvider {
+
+ @Override
+ public String getName() {
+ return "EAAF PVP2 S-Profile Core SpringResourceProvider";
+ }
+
+ @Override
+ public String[] getPackagesToScan() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Resource[] getResourcesToLoad() {
+ ClassPathResource sl20AuthConfig = new ClassPathResource("/eaaf_pvp.beans.xml", PVP2SProfileCoreSpringResourceProvider.class);
+
+ return new Resource[] {sl20AuthConfig};
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java
new file mode 100644
index 00000000..f5b7baa8
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java
@@ -0,0 +1,107 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.xml.encryption.EncryptionConstants;
+import org.opensaml.xml.signature.SignatureConstants;
+
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+
+public interface PVPConstants extends PVPAttributeDefinitions {
+
+ public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
+ public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
+ public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
+ public static final String DEFAULT_ASYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
+
+ public static final String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category";
+ public static final String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken";
+ public static final String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken";
+
+ @Deprecated
+ public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
+
+ public static final String REDIRECT = "Redirect";
+ public static final String POST = "Post";
+ public static final String SOAP = "Soap";
+ public static final String METADATA = "Metadata";
+ public static final String ATTRIBUTEQUERY = "AttributeQuery";
+ public static final String SINGLELOGOUT = "SingleLogOut";
+
+ /**
+ *
+ * Get required PVP attributes for egovtoken
+ * First : PVP attribute name (OID)
+ * Second: FriendlyName
+ * Third: Required
+ *
+ */
+ public static final List> EGOVTOKEN_PVP_ATTRIBUTES =
+ Collections.unmodifiableList(new ArrayList>() {
+ private static final long serialVersionUID = 1L;
+ {
+ //currently supported attributes
+ add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
+ add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
+
+ //currently not supported attributes
+ add(Trible.newInstance(USERID_NAME, USERID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(GID_NAME, GID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PARTICIPANT_ID_NAME, PARTICIPANT_ID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(OU_GV_OU_ID_NAME, OU_GV_OU_ID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(OU_NAME, OU_FRIENDLY_NAME, false));
+ add(Trible.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false));
+
+
+ }
+ });
+
+ /**
+ *
+ * Get required PVP attributes for citizenToken
+ * First : PVP attribute name (OID)
+ * Second: FriendlyName
+ * Third: Required
+ *
+ */
+ public static final List> CITIZENTOKEN_PVP_ATTRIBUTES =
+ Collections.unmodifiableList(new ArrayList>() {
+ private static final long serialVersionUID = 1L;
+ {
+ //required attributes - eIDAS minimal-data set
+ add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
+ add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
+ add(Trible.newInstance(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true));
+ add(Trible.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true));
+ add(Trible.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true));
+
+
+ //not required attributes
+ add(Trible.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false));
+ add(Trible.newInstance(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false));
+ add(Trible.newInstance(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_TYPE_OID_NAME, MANDATE_TYPE_OID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false));
+
+
+
+ }
+ });
+
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPEventConstants.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPEventConstants.java
new file mode 100644
index 00000000..9b620a04
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPEventConstants.java
@@ -0,0 +1,11 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2;
+
+public class PVPEventConstants {
+
+ //TODO!!!
+ public static final int AUTHPROTOCOL_PVP_METADATA = 3100;
+ public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST = 3101;
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java
new file mode 100644
index 00000000..28ccd7e0
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java
@@ -0,0 +1,26 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api;
+
+import java.util.List;
+
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+
+public interface IPVP2BasicConfiguration {
+
+ public String getIDPEntityId(String authURL) throws EAAFException;
+
+ public String getIDPSSOPostService(String authURL) throws EAAFException;
+
+ public String getIDPSSORedirectService(String authURL) throws EAAFException;
+
+ public Object getIDPSSOSOAPService(String extractAuthURLFromRequest) throws EAAFException;
+
+ public List getIDPContacts() throws EAAFException;
+
+ public Organization getIDPOrganisation() throws EAAFException;
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
new file mode 100644
index 00000000..959ad747
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
@@ -0,0 +1,25 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.common.binding.decoding.URIComparator;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
+
+public interface IDecoder {
+ public InboundMessageInterface decode(HttpServletRequest req,
+ HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator)
+ throws MessageDecodingException, SecurityException, PVP2Exception;
+
+ public boolean handleDecode(String action, HttpServletRequest req);
+
+ public String getSAML2BindingName();
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java
new file mode 100644
index 00000000..a4475f20
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java
@@ -0,0 +1,51 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
+public interface IEncoder {
+
+ /**
+ *
+ * @param req The http request
+ * @param resp The http response
+ * @param request The SAML2 request object
+ * @param targetLocation URL, where the request should be transmit
+ * @param relayState token for session handling
+ * @param credentials Credential to sign the request object
+ * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
+ * @throws MessageEncodingException
+ * @throws SecurityException
+ * @throws PVP2Exception
+ */
+ public void encodeRequest(HttpServletRequest req,
+ HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
+ throws MessageEncodingException, SecurityException, PVP2Exception;
+
+ /**
+ * Encoder SAML Response
+ * @param req The http request
+ * @param resp The http response
+ * @param response The SAML2 repsonse object
+ * @param targetLocation URL, where the request should be transmit
+ * @param relayState token for session handling
+ * @param credentials Credential to sign the response object
+ * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
+ * @throws MessageEncodingException
+ * @throws SecurityException
+ */
+ public void encodeRespone(HttpServletRequest req,
+ HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
+ throws MessageEncodingException, SecurityException, PVP2Exception;
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java
new file mode 100644
index 00000000..00edb1bf
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java
@@ -0,0 +1,18 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api.message;
+
+import org.w3c.dom.Element;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface InboundMessageInterface {
+
+ public String getRelayState();
+ public String getEntityID();
+ public boolean isVerified();
+ public Element getInboundMessage();
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java
new file mode 100644
index 00000000..218e5171
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java
@@ -0,0 +1,218 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IPVPMetadataBuilderConfiguration {
+
+
+ /**
+ * Defines a unique name for this PVP Service-provider, which is used for logging
+ *
+ * @return
+ */
+ public String getSPNameForLogging();
+
+ /**
+ * Set metadata valid area
+ *
+ * @return valid until in hours [h]
+ */
+ public int getMetadataValidUntil();
+
+ /**
+ * Build a SAML2 Entities element as metadata root element
+ *
+ * @return true, if the metadata should start with entities element
+ */
+ public boolean buildEntitiesDescriptorAsRootElement();
+
+ /**
+ *
+ *
+ * @return true, if an IDP SSO-descriptor element should be generated
+ */
+ public boolean buildIDPSSODescriptor();
+
+ /**
+ *
+ *
+ * @return true, if an SP SSO-descriptor element should be generated
+ */
+ public boolean buildSPSSODescriptor();
+
+ /**
+ * Set the PVP entityID for this SAML2 metadata.
+ * The entityID must be an URL and must be start with the public-URL prefix of the server
+ *
+ * @return PVP entityID postfix as String
+ */
+ public String getEntityID();
+
+ /**
+ * Set a friendlyName for this PVP entity
+ *
+ * @return
+ */
+ public String getEntityFriendlyName();
+
+ /**
+ * Set the contact information for this metadata entity
+ *
+ * @return
+ */
+ public List getContactPersonInformation();
+
+ /**
+ * Set organisation information for this metadata entity
+ *
+ * @return
+ */
+ public Organization getOrgansiationInformation();
+
+
+ /**
+ * Set the credential for metadata signing
+ *
+ * @return
+ * @throws CredentialsNotAvailableException
+ */
+ public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException;
+
+ /**
+ * Set the credential for request/response signing
+ * IDP metadata: this credential is used for SAML2 response signing
+ * SP metadata: this credential is used for SAML2 response signing
+ *
+ * @return
+ * @throws CredentialsNotAvailableException
+ */
+ public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException;
+
+ /**
+ * Set the credential for response encryption
+ *
+ * @return
+ * @throws CredentialsNotAvailableException
+ */
+ public Credential getEncryptionCredentials() throws CredentialsNotAvailableException;
+
+ /**
+ * Set the IDP Post-Binding URL for WebSSO
+ *
+ * @return
+ */
+ public String getIDPWebSSOPostBindingURL();
+
+ /**
+ * Set the IDP Redirect-Binding URL for WebSSO
+ *
+ * @return
+ */
+ public String getIDPWebSSORedirectBindingURL();
+
+ /**
+ * Set the IDP Post-Binding URL for Single LogOut
+ *
+ * @return
+ */
+ public String getIDPSLOPostBindingURL();
+
+ /**
+ * Set the IDP Redirect-Binding URL for Single LogOut
+ *
+ * @return
+ */
+ public String getIDPSLORedirectBindingURL();
+
+ /**
+ * Set the SP Post-Binding URL for for the Assertion-Consumer Service
+ *
+ * @return
+ */
+ public String getSPAssertionConsumerServicePostBindingURL();
+
+ /**
+ * Set the SP Redirect-Binding URL for the Assertion-Consumer Service
+ *
+ * @return
+ */
+ public String getSPAssertionConsumerServiceRedirectBindingURL();
+
+ /**
+ * Set the SP Post-Binding URL for Single LogOut
+ *
+ * @return
+ */
+ public String getSPSLOPostBindingURL();
+
+ /**
+ * Set the SP Redirect-Binding URL for Single LogOut
+ *
+ * @return
+ */
+ public String getSPSLORedirectBindingURL();
+
+ /**
+ * Set the SP SOAP-Binding URL for Single LogOut
+ *
+ * @return
+ */
+ public String getSPSLOSOAPBindingURL();
+
+
+ /**
+ * Set all SAML2 attributes which could be provided by this IDP
+ *
+ * @return
+ */
+ public List getIDPPossibleAttributes();
+
+ /**
+ * Set all nameID types which could be provided by this IDP
+ *
+ * @return a List of SAML2 nameID types
+ */
+ public List getIDPPossibleNameITTypes();
+
+ /**
+ * Set all SAML2 attributes which are required by the SP
+ *
+ * @return
+ */
+ public List getSPRequiredAttributes();
+
+ /**
+ * Set all nameID types which allowed from the SP
+ *
+ * @return a List of SAML2 nameID types
+ */
+ public List getSPAllowedNameITTypes();
+
+ /**
+ * Set the 'wantAssertionSigned' attribute in SP metadata
+ *
+ * @return
+ */
+ public boolean wantAssertionSigned();
+
+ /**
+ * Set the 'wantAuthnRequestSigned' attribute
+ *
+ * @return
+ */
+ public boolean wantAuthnRequestSigned();
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java
new file mode 100644
index 00000000..7492c0ff
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java
@@ -0,0 +1,11 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+
+public interface IPVPMetadataConfigurationFactory {
+
+ public IPVPMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authURL, AbstractCredentialProvider pvpIDPCredentials);
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java
new file mode 100644
index 00000000..4c721d45
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java
@@ -0,0 +1,37 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.XMLObject;
+
+public interface IPVPMetadataProvider extends MetadataProvider {
+
+ boolean requireValidMetadata();
+
+ void setRequireValidMetadata(boolean requireValidMetadata);
+
+ MetadataFilter getMetadataFilter();
+
+ void setMetadataFilter(MetadataFilter newFilter) throws MetadataProviderException;
+
+ XMLObject getMetadata() throws MetadataProviderException;
+
+ EntitiesDescriptor getEntitiesDescriptor(String entitiesID) throws MetadataProviderException;
+
+ EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException;
+
+ List getRole(String entityID, QName roleName) throws MetadataProviderException;
+
+ RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol) throws MetadataProviderException;
+
+}
\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
new file mode 100644
index 00000000..07321e0c
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
@@ -0,0 +1,18 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IRefreshableMetadataProvider {
+
+ /**
+ * Refresh a entity or load a entity in a metadata provider
+ *
+ * @param entityID
+ * @return true, if refresh is success, otherwise false
+ */
+ public boolean refreshMetadataProvider(String entityID);
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java
new file mode 100644
index 00000000..a13a0bac
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java
@@ -0,0 +1,11 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api.validation;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+
+public interface ISAMLValidator {
+ public void validateRequest(RequestAbstractType request) throws EAAFException;
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java
new file mode 100644
index 00000000..5388d446
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java
@@ -0,0 +1,24 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AttributQueryException extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -4302422507173728748L;
+
+ public AttributQueryException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public AttributQueryException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java
new file mode 100644
index 00000000..e230d490
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java
@@ -0,0 +1,21 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class BindingNotSupportedException extends PVP2Exception {
+
+ public BindingNotSupportedException(String binding) {
+ super("pvp2.11", new Object[] {binding});
+ this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -7227603941387879360L;
+
+
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java
new file mode 100644
index 00000000..f477b67b
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java
@@ -0,0 +1,24 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+
+public class CredentialsNotAvailableException extends EAAFException {
+
+ public CredentialsNotAvailableException(String messageId,
+ Object[] parameters) {
+ super(messageId, parameters, messageId);
+ }
+
+ public CredentialsNotAvailableException(String messageId,
+ Object[] parameters, Throwable e) {
+ super(messageId, parameters, e.getMessage(), e);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -2564476345552842599L;
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java
new file mode 100644
index 00000000..1ea49a49
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java
@@ -0,0 +1,19 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class InvalidDateFormatException extends PVP2Exception {
+
+ public InvalidDateFormatException() {
+ super("pvp2.02", null);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -6867976890237846085L;
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidPVPRequestException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidPVPRequestException.java
new file mode 100644
index 00000000..31050425
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidPVPRequestException.java
@@ -0,0 +1,16 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+public class InvalidPVPRequestException extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public InvalidPVPRequestException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIDFormatNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIDFormatNotSupportedException.java
new file mode 100644
index 00000000..140ef179
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIDFormatNotSupportedException.java
@@ -0,0 +1,22 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+import org.opensaml.saml2.core.StatusCode;
+
+import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+
+public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException {
+
+ public NameIDFormatNotSupportedException(String nameIDFormat) {
+ super("pvp2.12", new Object[] {nameIDFormat}, "NameID format not supported");
+ statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
+
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -2270762519437873336L;
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java
new file mode 100644
index 00000000..bf528e5c
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java
@@ -0,0 +1,19 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class NoMetadataInformationException extends PVP2Exception {
+
+ public NoMetadataInformationException() {
+ super("pvp2.15", null);
+ this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -4608068445208032193L;
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2Exception.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2Exception.java
new file mode 100644
index 00000000..889bda2e
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2Exception.java
@@ -0,0 +1,42 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+import org.opensaml.saml2.core.StatusCode;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+
+public abstract class PVP2Exception extends EAAFException {
+ //TODO:!!!!!
+
+ protected String statusCodeValue = StatusCode.RESPONDER_URI;
+ protected String statusMessageValue = null;
+
+ public PVP2Exception(String messageId, Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped.getMessage(), wrapped);
+ this.statusMessageValue = this.getMessage();
+ }
+
+ public PVP2Exception(String messageId, Object[] parameters) {
+ super(messageId, parameters, messageId);
+ this.statusMessageValue = this.getMessage();
+ }
+
+
+ public String getStatusCodeValue() {
+ return (this.statusCodeValue);
+ }
+
+ public String getStatusMessageValue() {
+ return (this.statusMessageValue);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 7669537952484421069L;
+
+
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2MetadataException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2MetadataException.java
new file mode 100644
index 00000000..f255a7e4
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2MetadataException.java
@@ -0,0 +1,17 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+public class PVP2MetadataException extends PVP2Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ public PVP2MetadataException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public PVP2MetadataException(String messageId, Object[] parameters, Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotAllowedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotAllowedException.java
new file mode 100644
index 00000000..8b4e74d5
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotAllowedException.java
@@ -0,0 +1,20 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+import org.opensaml.saml2.core.StatusCode;
+
+
+public class QAANotAllowedException extends PVP2Exception {
+
+ public QAANotAllowedException(String qaa_auth, String qaa_request) {
+ super("pvp2.17", new Object[] {qaa_auth, qaa_request});
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -3964192953884089323L;
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotSupportedException.java
new file mode 100644
index 00000000..9eb44a61
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotSupportedException.java
@@ -0,0 +1,20 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+import org.opensaml.saml2.core.StatusCode;
+
+
+public class QAANotSupportedException extends PVP2Exception {
+
+ public QAANotSupportedException(String qaa) {
+ super("pvp2.05", new Object[] {qaa});
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -3964192953884089323L;
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java
new file mode 100644
index 00000000..de728f84
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java
@@ -0,0 +1,32 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SchemaValidationException extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public SchemaValidationException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public SchemaValidationException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java
new file mode 100644
index 00000000..77d32f10
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java
@@ -0,0 +1,38 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SignatureValidationException extends FilterException {
+
+ /**
+ * @param string
+ */
+ public SignatureValidationException(String string) {
+ super(string);
+
+ }
+
+ /**
+ * @param e
+ */
+ public SignatureValidationException(Exception e) {
+ super(e);
+ }
+
+ /**
+ * @param string
+ * @param object
+ */
+ public SignatureValidationException(String string, Exception e) {
+ super(string, e);
+ }
+
+ private static final long serialVersionUID = 1L;
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
new file mode 100644
index 00000000..4bcbed19
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
@@ -0,0 +1,211 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.impl.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.binding.decoding.URIComparator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.security.SecurityPolicyResolver;
+import org.opensaml.ws.security.provider.BasicSecurityPolicy;
+import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.HTTPPostEncoderWithOwnTemplate;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PVPSignedRequestPolicyRule;
+
+@Service("PVPPOSTBinding")
+public class PostBinding implements IDecoder, IEncoder {
+ private static final Logger log = LoggerFactory.getLogger(PostBinding.class);
+
+ @Autowired(required=true) IConfiguration authConfig;
+ @Autowired(required=true) IGUIFormBuilder guiBuilder;
+ @Autowired(required=true) IGUIBuilderConfigurationFactory guiConfigFactory;
+
+ public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+ RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
+ throws MessageEncodingException, SecurityException {
+
+ try {
+ //load default PVP security configurations
+ EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration();
+
+ //initialize POST binding encoder with template decoration
+ IGUIBuilderConfiguration guiConfig = guiConfigFactory.getSPSpecificSAML2PostConfiguration(
+ pendingReq,
+ "pvp_postbinding_template.html",
+ authConfig.getConfigurationRootDirectory());
+
+ HTTPPostEncoderWithOwnTemplate encoder = new HTTPPostEncoderWithOwnTemplate(guiConfig, guiBuilder,
+ VelocityProvider.getClassPathVelocityEngine());
+
+ //set OpenSAML2 process parameter into binding context dao
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext context = new BasicSAMLMessageContext();
+ SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
+ service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+ service.setLocation(targetLocation);;
+
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(request);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+
+ encoder.encode(context);
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
+ }
+
+ public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
+ StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
+ throws MessageEncodingException, SecurityException {
+
+ try {
+ //load default PVP security configurations
+ EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration();
+
+ log.debug("create SAML POSTBinding response");
+
+ //initialize POST binding encoder with template decoration
+ IGUIBuilderConfiguration guiConfig = guiConfigFactory.getSPSpecificSAML2PostConfiguration(
+ pendingReq,
+ "pvp_postbinding_template.html",
+ authConfig.getConfigurationRootDirectory());
+ HTTPPostEncoderWithOwnTemplate encoder = new HTTPPostEncoderWithOwnTemplate(guiConfig, guiBuilder,
+ VelocityProvider.getClassPathVelocityEngine());
+
+ //set OpenSAML2 process parameter into binding context dao
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext context = new BasicSAMLMessageContext();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ // context.setOutboundMessage(authReq);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+
+ encoder.encode(context);
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
+ }
+
+ public InboundMessageInterface decode(HttpServletRequest req,
+ HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
+ SecurityException {
+
+ HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
+ BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(req));
+ //set metadata descriptor type
+ if (isSPEndPoint) {
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ decode.setURIComparator(comparator);
+
+ } else {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ decode.setURIComparator(comparator);
+ }
+
+ messageContext.setMetadataProvider(metadataProvider);
+
+ //set security policy context
+ BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(
+ new PVPSignedRequestPolicyRule(metadataProvider,
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider),
+ messageContext.getPeerEntityRole()));
+ SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy);
+ messageContext.setSecurityPolicyResolver(secResolver);
+
+ decode.decode(messageContext);
+
+ InboundMessage msg = null;
+ if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+ msg = new PVPSProfileRequest(inboundMessage, getSAML2BindingName());
+ msg.setEntityID(inboundMessage.getIssuer().getValue());
+
+ } else if (messageContext.getInboundMessage() instanceof StatusResponseType){
+ StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();
+ msg = new PVPSProfileResponse(inboundMessage);
+ msg.setEntityID(inboundMessage.getIssuer().getValue());
+
+ } else
+ //create empty container if request type is unknown
+ msg = new InboundMessage();
+
+ if (messageContext.getPeerEntityMetadata() != null)
+ msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+
+ else {
+ if (StringUtils.isEmpty(msg.getEntityID()))
+ log.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
+ }
+
+
+ msg.setVerified(true);
+ msg.setRelayState(messageContext.getRelayState());
+
+ return msg;
+ }
+
+ public boolean handleDecode(String action, HttpServletRequest req) {
+ return (req.getMethod().equals("POST") && action.equals(PVPConstants.POST));
+ }
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_POST_BINDING_URI;
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
new file mode 100644
index 00000000..949cbe57
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
@@ -0,0 +1,215 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.impl.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.binding.decoding.URIComparator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
+import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
+import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.security.SecurityPolicyResolver;
+import org.opensaml.ws.security.provider.BasicSecurityPolicy;
+import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PVPAuthRequestSignedRole;
+
+@Service("PVPRedirectBinding")
+public class RedirectBinding implements IDecoder, IEncoder {
+
+ private static final Logger log = LoggerFactory.getLogger(RedirectBinding.class);
+
+ public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+ RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
+ throws MessageEncodingException, SecurityException {
+
+ //load default PVP security configurations
+ EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration();
+
+ log.debug("create SAML RedirectBinding response");
+
+ HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext context = new BasicSAMLMessageContext();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(request);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+
+ encoder.encode(context);
+ }
+
+ public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
+ StatusResponseType response, String targetLocation, String relayState,
+ Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException {
+
+ //load default PVP security configurations
+ EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration();
+
+ log.debug("create SAML RedirectBinding response");
+
+ HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext context = new BasicSAMLMessageContext();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+
+ encoder.encode(context);
+
+ }
+
+ public InboundMessageInterface decode(HttpServletRequest req,
+ HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
+ SecurityException {
+
+ HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
+ new BasicParserPool());
+
+ BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(req));
+
+ //set metadata descriptor type
+ if (isSPEndPoint) {
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ decode.setURIComparator(comparator);
+
+ } else {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ decode.setURIComparator(comparator);
+ }
+
+ messageContext.setMetadataProvider(metadataProvider);
+
+ SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+ PVPAuthRequestSignedRole signedRole = new PVPAuthRequestSignedRole();
+ BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(signedRole);
+ policy.getPolicyRules().add(signatureRule);
+ SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+ policy);
+ messageContext.setSecurityPolicyResolver(resolver);
+
+ //set metadata descriptor type
+ if (isSPEndPoint)
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ else
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ try {
+ decode.decode(messageContext);
+
+ //check signature
+ signatureRule.evaluate(messageContext);
+
+ } catch (SecurityException e) {
+ if (StringUtils.isEmpty(messageContext.getInboundMessageIssuer())) {
+ throw e;
+
+ }
+
+ if (metadataProvider instanceof IRefreshableMetadataProvider) {
+ log.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + messageContext.getInboundMessageIssuer());
+ if (!((IRefreshableMetadataProvider) metadataProvider).refreshMetadataProvider(messageContext.getInboundMessageIssuer()))
+ throw e;
+
+ else {
+ log.trace("PVP2X metadata reload finished. Check validate message again.");
+ decode.decode(messageContext);
+
+ //check signature
+ signatureRule.evaluate(messageContext);
+
+ }
+ log.trace("Second PVP2X message validation finished");
+
+ } else {
+ throw e;
+
+ }
+ }
+
+ InboundMessage msg = null;
+ if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+ msg = new PVPSProfileRequest(inboundMessage, getSAML2BindingName());
+
+
+ } else if (messageContext.getInboundMessage() instanceof StatusResponseType){
+ StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();
+ msg = new PVPSProfileResponse(inboundMessage);
+
+ } else
+ //create empty container if request type is unknown
+ msg = new InboundMessage();
+
+ if (messageContext.getPeerEntityMetadata() != null)
+ msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+
+ else
+ log.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
+
+ msg.setVerified(true);
+ msg.setRelayState(messageContext.getRelayState());
+
+ return msg;
+ }
+
+ public boolean handleDecode(String action, HttpServletRequest req) {
+ return ((action.equals(PVPConstants.REDIRECT) || action.equals(PVPConstants.SINGLELOGOUT))
+ && req.getMethod().equals("GET"));
+ }
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_REDIRECT_BINDING_URI;
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
new file mode 100644
index 00000000..2c2e0d77
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
@@ -0,0 +1,148 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.impl.binding;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.binding.decoding.URIComparator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.soap11.Envelope;
+import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.signature.SignableXMLObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
+
+@Service("PVPSOAPBinding")
+public class SoapBinding implements IDecoder, IEncoder {
+
+ private static final Logger log = LoggerFactory.getLogger(SoapBinding.class);
+ public InboundMessageInterface decode(HttpServletRequest req,
+ HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
+ SecurityException, PVP2Exception {
+ HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
+ BasicSAMLMessageContext messageContext =
+ new BasicSAMLMessageContext();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(
+ req));
+ messageContext.setMetadataProvider(metadataProvider);
+
+ //TODO: update in a futher version:
+ // requires a special SignedSOAPRequestPolicyRole because
+ // messageContext.getInboundMessage() is not directly signed
+
+ //set security context
+// BasicSecurityPolicy policy = new BasicSecurityPolicy();
+// policy.getPolicyRules().add(
+// new MOAPVPSignedRequestPolicyRule(
+// TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
+// SPSSODescriptor.DEFAULT_ELEMENT_NAME));
+// SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+// policy);
+// messageContext.setSecurityPolicyResolver(resolver);
+
+ //decode message
+ soapDecoder.decode(messageContext);
+
+ Envelope inboundMessage = (Envelope) messageContext
+ .getInboundMessage();
+
+ if (inboundMessage.getBody() != null) {
+ List xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
+
+ if (!xmlElemList.isEmpty()) {
+ SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0);
+ PVPSProfileRequest request = new PVPSProfileRequest(attrReq, getSAML2BindingName());
+
+ if (messageContext.getPeerEntityMetadata() != null)
+ request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+
+ else if (attrReq instanceof RequestAbstractType) {
+ RequestAbstractType attributeRequest = (RequestAbstractType) attrReq;
+ try {
+ if (StringUtils.isNotEmpty(attributeRequest.getIssuer().getValue()) &&
+ metadataProvider.getRole(
+ attributeRequest.getIssuer().getValue(),
+ SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null)
+ request.setEntityID(attributeRequest.getIssuer().getValue());
+
+ } catch (Exception e) {
+ log.warn("No Metadata found with EntityID " + attributeRequest.getIssuer().getValue());
+ }
+ }
+
+ request.setVerified(false);
+ return request;
+
+ }
+ }
+
+ log.error("Receive empty PVP 2.1 attributequery request.");
+ throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null);
+ }
+
+ public boolean handleDecode(String action, HttpServletRequest req) {
+ return (req.getMethod().equals("POST") &&
+ (action.equals(PVPConstants.SOAP) || action.equals(PVPConstants.ATTRIBUTEQUERY)));
+ }
+
+ public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+ RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
+ throws MessageEncodingException, SecurityException, PVP2Exception {
+
+ }
+
+ public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
+ StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
+ throws MessageEncodingException, SecurityException, PVP2Exception {
+
+ //load default PVP security configurations
+ EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration();
+
+ HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext context = new BasicSAMLMessageContext();
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+
+ }
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_SOAP11_BINDING_URI;
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
new file mode 100644
index 00000000..abc47e81
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
@@ -0,0 +1,97 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeValue;
+import org.opensaml.xml.Configuration;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSInteger;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSIntegerBuilder;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+
+public class CitizenTokenBuilder {
+
+ public static XMLObject buildAttributeStringValue(String value) {
+ XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
+ XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+ stringValue.setValue(value);
+ return stringValue;
+ }
+
+ public static XMLObject buildAttributeIntegerValue(int value) {
+ XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
+ XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
+ integerValue.setValue(value);
+ return integerValue;
+ }
+
+ public static Attribute buildStringAttribute(String friendlyName,
+ String name, String value) {
+ Attribute attribute =
+ SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.getAttributeValues().add(buildAttributeStringValue(value));
+ return attribute;
+ }
+
+ public static Attribute buildIntegerAttribute(String friendlyName,
+ String name, int value) {
+ Attribute attribute =
+ SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
+ return attribute;
+ }
+
+ public static Attribute buildPVPVersion(String value) {
+ return buildStringAttribute("PVP-VERSION",
+ "urn:oid:1.2.40.0.10.2.1.1.261.10", value);
+ }
+
+ public static Attribute buildSecClass(int value) {
+ return buildIntegerAttribute("SECCLASS",
+ "", value);
+ }
+
+ public static Attribute buildPrincipalName(String value) {
+ return buildStringAttribute("PRINCIPAL-NAME",
+ "urn:oid:1.2.40.0.10.2.1.1.261.20", value);
+ }
+
+ public static Attribute buildGivenName(String value) {
+ return buildStringAttribute("GIVEN-NAME",
+ "urn:oid:2.5.4.42", value);
+ }
+
+ public static Attribute buildBirthday(String value) {
+ return buildStringAttribute("BIRTHDATE",
+ "urn:oid:1.2.40.0.10.2.1.1.55", value);
+ }
+
+ public static Attribute buildBPK(String value) {
+ return buildStringAttribute("BPK",
+ "urn:oid:1.2.40.0.10.2.1.1.149", value);
+ }
+
+ public static Attribute buildEID_CITIZEN_QAALEVEL(int value) {
+ return buildIntegerAttribute("EID-CITIZEN-QAA-LEVEL",
+ "urn:oid:1.2.40.0.10.2.1.1.261.94", value);
+ }
+
+ public static Attribute buildEID_ISSUING_NATION(String value) {
+ return buildStringAttribute("EID-ISSUING-NATION",
+ "urn:oid:1.2.40.0.10.2.1.1.261.32", value);
+ }
+
+ public static Attribute buildEID_SECTOR_FOR_IDENTIFIER(String value) {
+ return buildStringAttribute("EID-SECTOR-FOR-IDENTIFIER",
+ "urn:oid:1.2.40.0.10.2.1.1.261.34", value);
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java
new file mode 100644
index 00000000..41623f3d
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java
@@ -0,0 +1,186 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.ServiceLoader;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidDateFormatException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+
+public class PVPAttributeBuilder {
+
+ private static final Logger log = LoggerFactory.getLogger(PVPAttributeBuilder.class);
+
+ private static IAttributeGenerator generator = new SamlAttributeGenerator();
+ private static HashMap builders;
+
+ private static ServiceLoader attributBuilderLoader =
+ ServiceLoader.load(IAttributeBuilder.class);
+
+ private static void addBuilder(IAttributeBuilder builder) {
+ builders.put(builder.getName(), builder);
+ }
+
+ static {
+ builders = new HashMap();
+
+ log.info("Loading protocol attribut-builder modules:");
+ if (attributBuilderLoader != null ) {
+ Iterator moduleLoaderInterator = attributBuilderLoader.iterator();
+ while (moduleLoaderInterator.hasNext()) {
+ try {
+ IAttributeBuilder modul = moduleLoaderInterator.next();
+ log.info("Loading attribut-builder Modul Information: " + modul.getName());
+ addBuilder(modul);
+
+ } catch(Throwable e) {
+ log.error("Check configuration! " + "Some attribute-builder modul" +
+ " is not a valid IAttributeBuilder", e);
+ }
+ }
+ }
+
+ log.info("Loading attribute-builder modules done");
+
+ }
+
+
+ /**
+ * Get a specific attribute builder
+ *
+ * @param name Attribute-builder friendly name
+ *
+ * @return Attribute-builder with this name or null if builder does not exists
+ */
+ public static IAttributeBuilder getAttributeBuilder(String name) {
+ return builders.get(name);
+
+ }
+
+ public static Attribute buildAttribute(String name, ISPConfiguration oaParam,
+ IAuthData authData) throws PVP2Exception, AttributeBuilderException {
+ if (builders.containsKey(name)) {
+ try {
+ return builders.get(name).build(oaParam, authData, generator);
+ }
+ catch (AttributeBuilderException e) {
+ if (e instanceof UnavailableAttributeException) {
+ throw e;
+
+ } else if (e instanceof InvalidDateFormatAttributeException) {
+ throw new InvalidDateFormatException();
+
+ } else {
+ throw new UnavailableAttributeException(name);
+
+ }
+ }
+ }
+ return null;
+ }
+
+ public static Attribute buildEmptyAttribute(String name) {
+ if (builders.containsKey(name)) {
+ return builders.get(name).buildEmpty(generator);
+ }
+ return null;
+ }
+
+ public static Attribute buildAttribute(String name, String value) {
+ if (builders.containsKey(name)) {
+ return builders.get(name).buildEmpty(generator);
+ }
+ return null;
+ }
+
+
+
+ public static List buildSupportedEmptyAttributes() {
+ List attributes = new ArrayList();
+ Iterator builderIt = builders.values().iterator();
+ while (builderIt.hasNext()) {
+ IAttributeBuilder builder = builderIt.next();
+ Attribute emptyAttribute = builder.buildEmpty(generator);
+ if (emptyAttribute != null) {
+ attributes.add(emptyAttribute);
+ }
+ }
+ return attributes;
+ }
+
+ public static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) {
+ RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class);
+ attribute.setIsRequired(required);
+ attribute.setName(name);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ return attribute;
+ }
+
+ /**
+ * Build a set of PVP Response-Attributes
+ *