diff options
author | lalber <lukas.alber@iaik.tugraz.at> | 2020-10-20 07:47:44 +0200 |
---|---|---|
committer | lalber <lukas.alber@iaik.tugraz.at> | 2020-10-20 07:47:44 +0200 |
commit | f696b4085fd10b3b9d627437f439b222903e13e1 (patch) | |
tree | 16ab04251dab734e2ce0614a4c71668f3b68ae81 /eidas_modules/authmodule-eIDAS-v2/src/main | |
parent | 8ff69c460d5081feb3ece7757b3673ae81cde7da (diff) | |
download | National_eIDAS_Gateway-f696b4085fd10b3b9d627437f439b222903e13e1.tar.gz National_eIDAS_Gateway-f696b4085fd10b3b9d627437f439b222903e13e1.tar.bz2 National_eIDAS_Gateway-f696b4085fd10b3b9d627437f439b222903e13e1.zip |
stuck on how to test
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
12 files changed, 1698 insertions, 73 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java index 763d8dab..5a551649 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java @@ -33,9 +33,7 @@ import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.UnrecoverableKeyException; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; +import java.util.*; import javax.annotation.PostConstruct; import javax.net.ssl.KeyManager; @@ -56,7 +54,10 @@ import javax.xml.ws.BindingProvider; import javax.xml.ws.Dispatch; import javax.xml.ws.handler.Handler; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.time.StopWatch; import org.apache.cxf.configuration.jsse.TLSClientParameters; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; @@ -79,15 +80,7 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; -import szrservices.GetBPK; -import szrservices.GetBPKResponse; -import szrservices.GetIdentityLinkEidas; -import szrservices.GetIdentityLinkEidasResponse; -import szrservices.IdentityLinkType; -import szrservices.ObjectFactory; -import szrservices.PersonInfoType; -import szrservices.SZR; -import szrservices.SZRException_Exception; +import szrservices.*; @Service("SZRClientForeIDAS") public class SzrClient { @@ -109,9 +102,11 @@ public class SzrClient { private String szrUrl = null; private QName qname = null; + final ObjectMapper mapper = new ObjectMapper(); + /** * Get IdentityLink of a person. - * + * * @param personInfo Person identification information * @return IdentityLink * @throws SzrCommunicationException In case of a SZR error @@ -165,7 +160,7 @@ public class SzrClient { } catch (final Exception e) { log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); - throw new SzrCommunicationException("ernb.02", new Object[] { e.getMessage() }, e); + throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); } @@ -173,19 +168,19 @@ public class SzrClient { /** * Get bPK of person. - * + * * @param personInfo Person identification information - * @param target requested bPK target - * @param vkz Verfahrenskennzeichen + * @param target requested bPK target + * @param vkz Verfahrenskennzeichen * @return bPK for this person * @throws SzrCommunicationException In case of a SZR error */ - public String getBpk(PersonInfoType personInfo, String target, String vkz) + public List<String> getBpk(PersonInfoType personInfo, String target, String vkz) throws SzrCommunicationException { try { final GetBPK parameters = new GetBPK(); parameters.setPersonInfo(personInfo); - parameters.setBereichsKennung(target); + parameters.getBereichsKennung().add(target); parameters.setVKZ(vkz); final GetBPKResponse result = this.szr.getBPK(parameters); @@ -193,16 +188,98 @@ public class SzrClient { } catch (final SZRException_Exception e) { log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); - throw new SzrCommunicationException("ernb.02", new Object[] { e.getMessage() }, e); + throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); } } + /** + * Request a encryped baseId from SRZ. + * + * @param personInfo Minimum dataset of person + * @return encrypted baseId + * @throws SzrCommunicationException In case of a SZR error + */ + public String getEncryptedStammzahl(final PersonInfoType personInfo) + throws SzrCommunicationException { + + final String resp; + try { + resp = this.szr.getStammzahlEncrypted(personInfo, false); + } catch (SZRException_Exception e) { + throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); + } + + if (resp == null || StringUtils.isEmpty(resp)) { + throw new SzrCommunicationException("ernb.01", new Object[]{"Stammzahl response empty"}); // TODO error handling + } + + return resp; + + } + + + /** + * Signs content. + * + * @param vsz ? TODO + * @param bindingPubKey binding PublikKey as PKCS1# (ASN.1) container + * @param eidStatus Status of the E-ID + * @return bPK for this person + * @throws SzrCommunicationException In case of a SZR error + */ + public String getBcBind(final String vsz, final String bindingPubKey, final String eidStatus) + throws SzrCommunicationException { + + final String ATTR_NAME_VSZ = "urn:eidgvat:attributes.vsz.value"; + final String ATTR_NAME_PUBKEYS = "urn:eidgvat:attributes.user.pubkeys"; + final String ATTR_NAME_STATUS = "urn:eidgvat:attributes.eid.status"; + final String KEY_BC_BIND = "bcBindReq"; + final String JOSE_HEADER_USERCERTPINNING_TYPE = "urn:at.gv.eid:bindtype"; + final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind"; + + final Map<String, Object> bcBindMap = new HashMap<>(); + bcBindMap.put(ATTR_NAME_VSZ, vsz); + bcBindMap.put(ATTR_NAME_STATUS, eidStatus); + bcBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey)); + + try { + final String serializedBcBind = mapper.writeValueAsString(bcBindMap); + final SignContent req = new SignContent(); + final SignContentEntry bcBindInfo = new SignContentEntry(); + bcBindInfo.setKey(KEY_BC_BIND); + bcBindInfo.setValue(serializedBcBind); + req.getIn().add(bcBindInfo); + req.setAppendCert(false); + final JwsHeaderParam bcBindJoseHeader = new JwsHeaderParam(); + bcBindJoseHeader.setKey(JOSE_HEADER_USERCERTPINNING_TYPE); + bcBindJoseHeader.setValue(JOSE_HEADER_USERCERTPINNING_EIDASBIND); + req.getJWSHeaderParam().add(bcBindJoseHeader); + + log.trace("Requesting SZR to sign bcBind datastructure ... "); + final SignContentResponseType resp = szr.signContent(req.isAppendCert(), req.getJWSHeaderParam(), req.getIn()); + log.trace("Receive SZR response on bcBind siging operation "); + + if (resp == null + || resp.getOut().isEmpty() + || resp.getOut().get(0).getValue() == null) { + throw new SzrCommunicationException("ernb.01", new Object[]{"BcBind response empty"}); //TODO check error handling + } + + return resp.getOut().get(0).getValue(); + + } catch (final JsonProcessingException | SZRException_Exception e) { + log.warn("Requesting bcBind by using SZR FAILED. Reason: {}", e.getMessage(), null, e); + throw new SzrCommunicationException("ernb.02", + new Object[]{e.getMessage()}, e); + } + } + @PostConstruct private void initialize() { log.info("Starting SZR-Client initialization .... "); - final URL url = SzrClient.class.getResource("/szr_client/SZR-1.1.WSDL"); + final URL url = SzrClient.class.getResource("/szr_client/SZR_v4.0.wsdl"); final boolean useTestSzr = basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE, diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index 88c3515b..e4a22cbc 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -19,28 +19,10 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; -import java.io.InputStream; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang3.StringUtils; -import org.joda.time.DateTime; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.ImmutableSet; - import at.asitplus.eidas.specific.connector.MsConnectorEventCodes; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; @@ -60,6 +42,8 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; @@ -67,20 +51,38 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeValue; import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import lombok.extern.slf4j.Slf4j; +import lombok.val; +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; +import org.w3c.dom.Element; +import org.w3c.dom.Node; import szrservices.IdentityLinkType; import szrservices.PersonInfoType; import szrservices.TravelDocumentType; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.InputStream; +import java.security.KeyStoreException; +import java.util.Base64; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + /** * Task that creates the IdentityLink for an eIDAS authenticated person. - * - * @author tlenz * + * @author tlenz */ @Slf4j @Component("CreateIdentityLinkTask") @@ -95,7 +97,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { /* * (non-Javadoc) - * + * * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. * egovernment.moa.id.process.api.ExecutionContext, * javax.servlet.http.HttpServletRequest, @@ -103,7 +105,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { */ @Override public void execute(ExecutionContext executionContext, - HttpServletRequest request, HttpServletResponse response) + HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); @@ -217,43 +219,64 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo); + String eidMode = pendingReq.getServiceProviderConfiguration().getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old"); + if (eidMode.equals("new")) { - final Element idlFromSzr = (Element) result.getAssertion(); - identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); + String vsz = szrClient.getEncryptedStammzahl(personInfo); - // write ERnB inputdata into revisionlog - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { - revisionsLogger.logEvent(pendingReq, - MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, - (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); - revisionsLogger.logEvent(pendingReq, - MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym()); + // build Keystore + String pK64 = getPkFromKeystore(); + // setzte Keystore in config ?path? lade rein + // key pair art siehe jose utils - } - // get bPK from SZR - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { - bpk = szrClient.getBpk( - personInfo, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), - basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, - "no VKZ defined")); + String signedEidasBind = szrClient.getBcBind(vsz, pK64, "urn:eidgvat:eid.status.eidas"); //eidstatus TODO as config? + + //build AuthBlock JWS + ObjectMapper mapper = new ObjectMapper(); + String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier()); + +// JoseUtils.createSignature(new Pair<>(ks, ks.getProvider()), "connectorkeypair", passord.chararray(), jwsPayload, false, ); //TODO joseutils kopiern } else { - log.debug("Calculating bPK from baseId ... "); - new BpkBuilder(); - final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier( - identityLink.getIdentificationValue(), - identityLink.getIdentificationType(), - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); - bpk = bpkCalc.getFirst(); - } + final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo); + final Element idlFromSzr = (Element) result.getAssertion(); + identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); + + // write ERnB inputdata into revisionlog + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { + revisionsLogger.logEvent(pendingReq, + MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, + (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); + revisionsLogger.logEvent(pendingReq, + MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym()); + + } + + // get bPK from SZR + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { + bpk = szrClient.getBpk( + personInfo, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), + basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, + "no VKZ defined")).get(0); + + } else { + log.debug("Calculating bPK from baseId ... "); + new BpkBuilder(); + final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier( + identityLink.getIdentificationValue(), + identityLink.getIdentificationType(), + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + bpk = bpkCalc.getFirst(); + + } + } } if (identityLink == null) { @@ -307,6 +330,20 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } + private String getPkFromKeystore() throws EaafException, KeyStoreException { + EaafKeyStoreFactory keyStoreFactory = new EaafKeyStoreFactory(); + KeyStoreConfiguration configuration = new KeyStoreConfiguration(); + + final String current = new java.io.File(".").toURI().toString(); + configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks"); + + configuration.setSoftKeyStorePassword("f/+saJBc3a}*/T^s"); + configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS); + val ks = keyStoreFactory.buildNewKeyStore(configuration); + val publicKey = ks.getFirst().getCertificate("connectorkeypair").getPublicKey(); + return Base64.getEncoder().encodeToString(publicKey.getEncoded()); + } + private String extendBpkByPrefix(String bpk, String type) { String bpkType = null; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/JoseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/JoseUtils.java new file mode 100644 index 00000000..e81c4c92 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/JoseUtils.java @@ -0,0 +1,305 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils; + +import at.gv.egiz.eaaf.core.exception.EaafKeyUsageException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.utils.X509Utils; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.jose4j.jca.ProviderContext; +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jws.AlgorithmIdentifiers; +import org.jose4j.jws.JsonWebSignature; +import org.jose4j.jwx.Headers; +import org.jose4j.jwx.JsonWebStructure; +import org.jose4j.keys.resolvers.X509VerificationKeyResolver; +import org.jose4j.lang.JoseException; +import org.springframework.util.Base64Utils; + +import javax.annotation.Nonnull; +import java.io.IOException; +import java.security.Key; +import java.security.KeyStore; +import java.security.Provider; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.RSAPrivateKey; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +/** + * {@link JoseUtils} provides static methods JWS and JWE processing. + * + * @author tlenz + * + */ +@Slf4j +public class JoseUtils { + + /** + * Create a JWS signature. + * + * <p> + * Use {@link AlgorithmIdentifiers.RSA_PSS_USING_SHA256} in case + * of a RSA based key and + * {@link AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256} + * in case of an ECC based key. + * </p> + * + * @param keyStore KeyStore that should be used + * @param keyAlias Alias of the private key + * @param keyPassword Password to access the key + * @param payLoad PayLoad to sign + * @param addFullCertChain If true the full certificate chain will be + * added, otherwise only the + * X509CertSha256Fingerprint is added into JOSE + * header + * @param friendlyNameForLogging FriendlyName for the used KeyStore for logging + * purposes only + * @return Signed PayLoad in serialized form + * @throws EaafException In case of a key-access or key-usage error + * @throws JoseException In case of a JOSE error + */ + public static String createSignature(@Nonnull Pair<KeyStore, Provider> keyStore, + @Nonnull final String keyAlias, @Nonnull final char[] keyPassword, + @Nonnull final String payLoad, boolean addFullCertChain, + @Nonnull String friendlyNameForLogging) throws EaafException, JoseException { + return createSignature(keyStore, keyAlias, keyPassword, payLoad, addFullCertChain, Collections.emptyMap(), + AlgorithmIdentifiers.RSA_PSS_USING_SHA256, AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256, + friendlyNameForLogging); + + } + + /** + * Create a JWS signature. + * + * <p> + * Use {@link AlgorithmIdentifiers.RSA_PSS_USING_SHA256} in case + * of a RSA based key and + * {@link AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256} + * in case of an ECC based key. + * </p> + * + * @param keyStore KeyStore that should be used + * @param keyAlias Alias of the private key + * @param keyPassword Password to access the key + * @param payLoad PayLoad to sign + * @param addFullCertChain If true the full certificate chain will be + * added, otherwise only the + * X509CertSha256Fingerprint is added into JOSE + * header + * @param joseHeaders HeaderName and HeaderValue that should be set + * into JOSE header + * @param friendlyNameForLogging FriendlyName for the used KeyStore for logging + * purposes only + * @return Signed PayLoad in serialized form + * @throws EaafException In case of a key-access or key-usage error + * @throws JoseException In case of a JOSE error + */ + public static String createSignature(@Nonnull Pair<KeyStore, Provider> keyStore, + @Nonnull final String keyAlias, @Nonnull final char[] keyPassword, + @Nonnull final String payLoad, boolean addFullCertChain, + @Nonnull final Map<String, String> joseHeaders, + @Nonnull String friendlyNameForLogging) throws EaafException, JoseException { + return createSignature(keyStore, keyAlias, keyPassword, payLoad, addFullCertChain, joseHeaders, + AlgorithmIdentifiers.RSA_PSS_USING_SHA256, AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256, + friendlyNameForLogging); + + } + + /** + * Create a JWS signature. + * + * @param keyStore KeyStore that should be used + * @param keyAlias Alias of the private key + * @param keyPassword Password to access the key + * @param payLoad PayLoad to sign + * @param addFullCertChain If true the full certificate chain will be + * added, otherwise only the + * X509CertSha256Fingerprint is added into JOSE + * header + * @param joseHeaders HeaderName and HeaderValue that should be set + * into JOSE header + * @param rsaAlgToUse Signing algorithm that should be used in case + * of a signing key based on RSA + * @param eccAlgToUse Signing algorithm that should be used in case + * of a signing key based on ECC + * @param friendlyNameForLogging FriendlyName for the used KeyStore for logging + * purposes only + * @return Signed PayLoad in serialized form + * @throws EaafException In case of a key-access or key-usage error + * @throws JoseException In case of a JOSE error + */ + public static String createSignature(@Nonnull Pair<KeyStore, Provider> keyStore, + @Nonnull final String keyAlias, @Nonnull final char[] keyPassword, + @Nonnull final String payLoad, boolean addFullCertChain, + @Nonnull final Map<String, String> joseHeaders, + @Nonnull final String rsaAlgToUse, @Nonnull final String eccAlgToUse, + @Nonnull String friendlyNameForLogging) throws EaafException, JoseException { + + final JsonWebSignature jws = new JsonWebSignature(); + + // set payload + jws.setPayload(payLoad); + + // set JOSE headers + for (final Entry<String, String> el : joseHeaders.entrySet()) { + log.trace("Set JOSE header: {} with value: {} into JWS", el.getKey(), el.getValue()); + jws.setHeader(el.getKey(), el.getValue()); + + } + + // set signing information + final Pair<Key, X509Certificate[]> signingCred = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + keyStore.getFirst(), keyAlias, keyPassword, true, friendlyNameForLogging); + jws.setKey(signingCred.getFirst()); + jws.setAlgorithmHeaderValue(getKeyOperationAlgorithmFromCredential( + jws.getKey(), rsaAlgToUse, eccAlgToUse, friendlyNameForLogging)); + + // set special provider if required + if (keyStore.getSecond() != null) { + log.trace("Injecting special Java Security Provider: {}", keyStore.getSecond().getName()); + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getSuppliedKeyProviderContext().setSignatureProvider( + keyStore.getSecond().getName()); + jws.setProviderContext(providerCtx); + + } + + if (addFullCertChain) { + jws.setCertificateChainHeaderValue(signingCred.getSecond()); + + } + + jws.setX509CertSha256ThumbprintHeaderValue(signingCred.getSecond()[0]); + + return jws.getCompactSerialization(); + + } + + /** + * Verify a JOSE signature. + * + * @param serializedContent Serialized content that should be verified + * @param trustedCerts Trusted certificates that should be used for + * verification + * @param constraints {@link AlgorithmConstraints} for verification + * @return {@link JwsResult} object + * @throws JoseException In case of a signature verification error + * @throws IOException In case of a general error + */ + public static JwsResult validateSignature(@Nonnull final String serializedContent, + @Nonnull final List<X509Certificate> trustedCerts, @Nonnull final AlgorithmConstraints constraints) + throws JoseException, IOException { + final JsonWebSignature jws = new JsonWebSignature(); + // set payload + jws.setCompactSerialization(serializedContent); + + // set security constrains + jws.setAlgorithmConstraints(constraints); + + // load signinc certs + Key selectedKey = null; + final List<X509Certificate> x5cCerts = jws.getCertificateChainHeaderValue(); + final String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue(); + if (x5cCerts != null) { + log.debug("Found x509 certificate in JOSE header ... "); + log.trace("Sorting received X509 certificates ... "); + final List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + + if (trustedCerts.contains(sortedX5cCerts.get(0))) { + selectedKey = sortedX5cCerts.get(0).getPublicKey(); + + } else { + log.info("Can NOT find JOSE certificate in truststore."); + if (log.isDebugEnabled()) { + try { + log.debug("Cert: {}", Base64Utils.encodeToString(sortedX5cCerts.get(0).getEncoded())); + + } catch (final CertificateEncodingException e) { + log.warn("Can not create DEBUG output", e); + + } + } + } + + } else if (StringUtils.isNotEmpty(x5t256)) { + log.debug("Found x5t256 fingerprint in JOSE header .... "); + final X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver( + trustedCerts); + selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList()); + + } else { + throw new JoseException("JWS contains NO signature certificate or NO certificate fingerprint"); + + } + + if (selectedKey == null) { + throw new JoseException("Can NOT select verification key for JWS. Signature verification FAILED"); + + } + + // set verification key + jws.setKey(selectedKey); + + // load payLoad + return new JwsResult( + jws.verifySignature(), + jws.getUnverifiedPayload(), + jws.getHeaders(), + x5cCerts); + + } + + /** + * Select signature algorithm for a given credential. + * + * @param key {@link X509Credential} that will be used for + * key operations + * @param rsaSigAlgorithm RSA based algorithm that should be used in case + * of RSA credential + * @param ecSigAlgorithm EC based algorithm that should be used in case + * of RSA credential + * @param friendlyNameForLogging KeyStore friendlyName for logging purposes + * @return either the RSA based algorithm or the EC based algorithm + * @throws EaafKeyUsageException In case of an unsupported private-key type + */ + private static String getKeyOperationAlgorithmFromCredential(Key key, + String rsaSigAlgorithm, String ecSigAlgorithm, String friendlyNameForLogging) + throws EaafKeyUsageException { + if (key instanceof RSAPrivateKey) { + return rsaSigAlgorithm; + + } else if (key instanceof ECPrivateKey) { + return ecSigAlgorithm; + + } else { + log.warn("Could NOT select the cryptographic algorithm from Private-Key type"); + throw new EaafKeyUsageException(EaafKeyUsageException.ERROR_CODE_01, + friendlyNameForLogging, + "Can not select cryptographic algorithm"); + + } + + } + + private JoseUtils() { + + } + + @Getter + @AllArgsConstructor + public static class JwsResult { + final boolean valid; + final String payLoad; + final Headers fullJoseHeader; + final List<X509Certificate> x5cCerts; + + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR_v4.0.wsdl b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR_v4.0.wsdl new file mode 100644 index 00000000..e7f296bd --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR_v4.0.wsdl @@ -0,0 +1,441 @@ +<?xml version="1.0" encoding="UTF-8"?> +<definitions targetNamespace="urn:SZRServices" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:pvp="http://egov.gv.at/pvp1.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:szr="urn:SZRServices" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext" xmlns:xs="http://www.w3.org/2001/XMLSchema"> + <types> + <xs:schema> + <xs:import namespace="urn:SZRServices" schemaLocation="szr_v4.0.xsd"/> + </xs:schema> + </types> + <message name="Header"> + <part name="SecurityHeader" element="wsse:Security" /> + </message> + <message name="GetIdentityLinkRequest"> + <part element="szr:GetIdentityLink" name="parameters" /> + </message> + <message name="GetIdentityLinkResponse"> + <part element="szr:GetIdentityLinkResponse" name="parameters" /> + </message> + <message name="GetIdentityLinkEidasRequest"> + <part element="szr:GetIdentityLinkEidas" name="parameters" /> + </message> + <message name="GetIdentityLinkEidasResponse"> + <part element="szr:GetIdentityLinkEidasResponse" name="parameters" /> + </message> + <message name="GetBPKRequest"> + <part element="szr:GetBPK" name="parameters" /> + </message> + <message name="GetBPKResponse"> + <part element="szr:GetBPKResponse" name="parameters" /> + </message> + <message name="GetBPKsRequest"> + <part element="szr:GetBPKs" name="parameters" /> + </message> + <message name="GetBPKsResponse"> + <part element="szr:GetBPKsResponse" name="parameters" /> + </message> + <message name="GetBPKKombiRequest"> + <part element="szr:GetBPKKombi" name="parameters" /> + </message> + <message name="GetBPKKombiResponse"> + <part element="szr:GetBPKKombiResponse" name="parameters" /> + </message> + <message name="GetBPKZPVRequest"> + <part element="szr:GetBPKZPV" name="parameters" /> + </message> + <message name="GetBPKZPVResponse"> + <part element="szr:GetBPKZPVResponse" name="parameters" /> + </message> + <message name="GetBPKFromStammzahlEncryptedRequest"> + <part element="szr:GetBPKFromStammzahlEncrypted" name="parameters" /> + </message> + <message name="GetBPKFromStammzahlEncryptedResponse"> + <part element="szr:GetBPKFromStammzahlEncryptedResponse" name="parameters" /> + </message> + <message name="SignContentRequest"> + <part element="szr:SignContent" name="parameters" /> + </message> + <message name="SignContentResponse"> + <part element="szr:SignContentResponse" name="parameters" /> + </message> + <message name="BPKzuBasiszahlRequest"> + <part element="szr:BPKzuBasiszahl" name="parameters" /> + </message> + <message name="BPKzuBasiszahlResponse"> + <part element="szr:BPKzuBasiszahlResponse" name="parameters" /> + </message> + <message name="BasiszahlZuBPKRequest"> + <part element="szr:BasiszahlZuBPK" name="parameters" /> + </message> + <message name="BasiszahlZuBPKResponse"> + <part element="szr:BasiszahlZuBPKResponse" name="parameters" /> + </message> + <message name="ValidateIdentityLinkRequest"> + <part element="szr:ValidateIdentityLink" name="parameters" /> + </message> + <message name="ValidateIdentityLinkResponse"> + <part element="szr:ValidateIdentityLinkResponse" name="parameters" /> + </message> + <message name="TransformBPKRequest"> + <part element="szr:TransformBPK" name="parameters" /> + </message> + <message name="TransformBPKResponse"> + <part element="szr:TransformBPKResponse" name="parameters" /> + </message> + <message name="GetVKZPermissionRequest"> + <part element="szr:GetVKZPermission" name="parameters" /> + </message> + <message name="GetVKZPermissionResponse"> + <part element="szr:GetVKZPermissionResponse" name="parameters" /> + </message> + <message name="ZMRAnwendungsIntegrationRequest"> + <part element="szr:ZMRAnwendungsIntegration" name="parameters" /> + </message> + <message name="ZMRAnwendungsIntegrationResponse"> + <part element="szr:ZMRAnwendungsIntegrationResponse" name="parameters" /> + </message> + <message name="GetStammzahlRequest"> + <part element="szr:GetStammzahl" name="parameters" /> + </message> + <message name="GetStammzahlResponse"> + <part element="szr:GetStammzahlResponse" name="parameters" /> + </message> + <message name="GetStammzahlEncryptedRequest"> + <part element="szr:GetStammzahlEncrypted" name="parameters" /> + </message> + <message name="GetStammzahlEncryptedResponse"> + <part element="szr:GetStammzahlEncryptedResponse" name="parameters" /> + </message> + <message name="GetVersionRequest"> + <part element="szr:GetVersion" name="parameters" /> + </message> + <message name="GetVersionResponse"> + <part element="szr:GetVersionResponse" name="parameters" /> + </message> + <message name="SZRException"> + <part element="szr:SZRException" name="fault" /> + </message> + <portType name="SZR"> + <operation name="GetIdentityLink"> + <input message="szr:GetIdentityLinkRequest" name="GetIdentityLinkRequest" /> + <output message="szr:GetIdentityLinkResponse" name="GetIdentityLinkResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetIdentityLinkEidas"> + <input message="szr:GetIdentityLinkEidasRequest" name="GetIdentityLinkEidasRequest" /> + <output message="szr:GetIdentityLinkEidasResponse" name="GetIdentityLinkEidasResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPK"> + <jaxws:bindings xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"> + <jaxws:enableWrapperStyle>false</jaxws:enableWrapperStyle> + </jaxws:bindings> + <input message="szr:GetBPKRequest" name="GetBPKRequest" /> + <output message="szr:GetBPKResponse" name="GetBPKResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKs"> + <input message="szr:GetBPKsRequest" name="GetBPKsRequest" /> + <output message="szr:GetBPKsResponse" name="GetBPKsResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKKombi"> + <input message="szr:GetBPKKombiRequest" name="GetBPKKombiRequest" /> + <output message="szr:GetBPKKombiResponse" name="GetBPKKombiResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKZPV"> + <input message="szr:GetBPKZPVRequest" name="GetBPKZPVRequest" /> + <output message="szr:GetBPKZPVResponse" name="GetBPKZPVResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKFromStammzahlEncrypted"> + <input message="szr:GetBPKFromStammzahlEncryptedRequest" name="GetBPKFromStammzahlEncryptedRequest" /> + <output message="szr:GetBPKFromStammzahlEncryptedResponse" name="GetBPKFromStammzahlEncryptedResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="SignContent"> + <input message="szr:SignContentRequest" name="SignContentRequest" /> + <output message="szr:SignContentResponse" name="SignContentResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="ValidateIdentityLink"> + <input message="szr:ValidateIdentityLinkRequest" name="ValidateIdentityLinkRequest" /> + <output message="szr:ValidateIdentityLinkResponse" name="ValidateIdentityLinkResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="TransformBPK"> + <input message="szr:TransformBPKRequest" name="TransformBPKRequest" /> + <output message="szr:TransformBPKResponse" name="TransformBPKResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetVKZPermission"> + <input message="szr:GetVKZPermissionRequest" name="GetVKZPermissionRequest" /> + <output message="szr:GetVKZPermissionResponse" name="GetVKZPermissionResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="BPKzuBasiszahl"> + <input message="szr:BPKzuBasiszahlRequest" name="BPKzuBasiszahlRequest" /> + <output message="szr:BPKzuBasiszahlResponse" name="BPKzuBasiszahlResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="BasiszahlZuBPK"> + <input message="szr:BasiszahlZuBPKRequest" name="BasiszahlZuBPKRequest" /> + <output message="szr:BasiszahlZuBPKResponse" name="BasiszahlZuBPKResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="ZMRAnwendungsIntegration"> + <input message="szr:ZMRAnwendungsIntegrationRequest" name="ZMRAnwendungsIntegrationRequest" /> + <output message="szr:ZMRAnwendungsIntegrationResponse" name="ZMRAnwendungsIntegrationResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetStammzahl"> + <input message="szr:GetStammzahlRequest" name="GetStammzahlRequest" /> + <output message="szr:GetStammzahlResponse" name="GetStammzahlResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetStammzahlEncrypted"> + <input message="szr:GetStammzahlEncryptedRequest" name="GetStammzahlEncryptedRequest" /> + <output message="szr:GetStammzahlEncryptedResponse" name="GetStammzahlEncryptedResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetVersion"> + <input message="szr:GetVersionRequest" name="GetVersionRequest" /> + <output message="szr:GetVersionResponse" name="GetVersionResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + </portType> + <binding name="SZRSoapBinding" type="szr:SZR"> + <wsdlsoap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" /> + <operation name="GetIdentityLink"> + <wsdlsoap:operation soapAction="" /> + <input name="GetIdentityLinkRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetIdentityLinkResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetIdentityLinkEidas"> + <wsdlsoap:operation soapAction="" /> + <input name="GetIdentityLinkEidasRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetIdentityLinkEidasResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPK"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKs"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKsRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKsResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKKombi"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKKombiRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKKombiResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKZPV"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKZPVRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKZPVResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKFromStammzahlEncrypted"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKFromStammzahlEncryptedRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKFromStammzahlEncryptedResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="SignContent"> + <wsdlsoap:operation soapAction="" /> + <input name="SignContentRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="SignContentResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetVKZPermission"> + <wsdlsoap:operation soapAction="" /> + <input name="GetVKZPermissionRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetVKZPermissionResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="ValidateIdentityLink"> + <wsdlsoap:operation soapAction="" /> + <input name="ValidateIdentityLinkRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="ValidateIdentityLinkResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="TransformBPK"> + <wsdlsoap:operation soapAction="" /> + <input name="TransformBPKRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="TransformBPKResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="BPKzuBasiszahl"> + <wsdlsoap:operation soapAction="" /> + <input name="BPKzuBasiszahlRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="BPKzuBasiszahlResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="BasiszahlZuBPK"> + <wsdlsoap:operation soapAction="" /> + <input name="BasiszahlZuBPKRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="BasiszahlZuBPKResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="ZMRAnwendungsIntegration"> + <wsdlsoap:operation soapAction="" /> + <input name="ZMRAnwendungsIntegrationRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="ZMRAnwendungsIntegrationResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetStammzahl"> + <wsdlsoap:operation soapAction="" /> + <input name="GetStammzahlRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetStammzahlResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetStammzahlEncrypted"> + <wsdlsoap:operation soapAction="" /> + <input name="GetStammzahlEncryptedRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetStammzahlEncryptedResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetVersion"> + <wsdlsoap:operation soapAction="" /> + <input name="GetVersionRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetVersionResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + </binding> + <service name="SZRService"> + <port binding="szr:SZRSoapBinding" name="SZRBusinesspartnerTestumgebung"> + <wsdlsoap:address location="https://pvawp.bmi.gv.at/at.gv.bmi.szrsrv-b/services/SZR" /> + </port> + <port binding="szr:SZRSoapBinding" name="SZRTestumgebung"> + <wsdlsoap:address location="https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services-T/services/SZR" /> + </port> + <port binding="szr:SZRSoapBinding" name="SZRProduktionsumgebung"> + <wsdlsoap:address location="https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services/services/SZR" /> + </port> + </service> +</definitions>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp19.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp19.xsd new file mode 100644 index 00000000..596a2b99 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp19.xsd @@ -0,0 +1,133 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v2004 rel. 2 U (http://www.xmlspy.com) by BM (Bundeskanzleramt) --> +<!-- PVP Schema 1.8.10 --> +<!-- pvpToken wird über das Element <Security> aus der Spezifikation WS-Security in den SOAP-Header eingebunden --> +<!--erstellt: rainer.hoerbe@bmi.gv.at 2004-04-30 --> +<!--geändert: rainer.hoerbe@beko.at 2007-04-04: Extensions Points definiert --> +<xs:schema targetNamespace="http://egov.gv.at/pvp1.xsd" xmlns="http://egov.gv.at/pvp1.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified"> + <xs:element name="pvpToken"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="pvpTokenType" /> + </xs:complexContent> + </xs:complexType> + </xs:element> + <xs:complexType name="pvpTokenType"> + <xs:sequence> + <xs:element name="authenticate"> + <xs:complexType> + <xs:sequence> + <xs:element name="participantId" type="xs:string" /> + <xs:element name="gvOuDomain" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:choice> + <xs:element name="userPrincipal"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="pvpPrincipalType"> + <xs:sequence> + <xs:element name="gvGid" type="xs:string" /> + <xs:element name="mail" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:element name="tel" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:element name="bpk" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:element name="gvFunction" type="xs:string" minOccurs="0" maxOccurs="1" /> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + <xs:element name="systemPrincipal" type="pvpPrincipalType" /> + </xs:choice> + <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"> + <xs:annotation> + <xs:documentation>additional authentication properties</xs:documentation> + </xs:annotation> + </xs:any> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="authorize" minOccurs="0" maxOccurs="1"> + <xs:complexType> + <xs:sequence> + <xs:sequence minOccurs="0"> + <xs:element name="gvOuId" type="xs:string" /> + <xs:element name="ou" type="xs:string" /> + </xs:sequence> + <xs:element name="role" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + <xs:attribute name="value" type="xs:string" use="required" /> + </xs:complexType> + </xs:element> + <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"> + <xs:annotation> + <xs:documentation>additional authorization properties</xs:documentation> + </xs:annotation> + </xs:any> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="accounting" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:any processContents="skip" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="pvpChainedToken" type="pvpTokenType" minOccurs="0" /> + <xs:element name="pvpExtension" block="extension" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + <xs:attribute name="version" type="gvVersionType" use="required" /> + <xs:anyAttribute namespace="##any" processContents="lax" /> + </xs:complexType> + <xs:complexType name="pvpPrincipalType"> + <xs:sequence> + <xs:element name="userId" type="xs:string" /> + <xs:element name="cn" type="xs:string" /> + <xs:element name="gvOuId" type="xs:string" /> + <xs:element name="ou" type="xs:string" /> + <xs:element name="gvOuOKZ" type="xs:string" minOccurs="0" /> + <xs:element name="gvSecClass" type="gvSecClassType" minOccurs="0" /> + <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"> + <xs:annotation> + <xs:documentation>additional principal attributes</xs:documentation> + </xs:annotation> + </xs:any> + </xs:sequence> + <xs:anyAttribute namespace="##any" processContents="lax" /> + </xs:complexType> + <xs:simpleType name="gvSecClassType"> + <xs:restriction base="xs:integer"> + <xs:enumeration value="0" /> + <xs:enumeration value="1" /> + <xs:enumeration value="2" /> + <xs:enumeration value="3" /> + </xs:restriction> + </xs:simpleType> + <xs:simpleType name="gvVersionType"> + <xs:restriction base="xs:string"> + <xs:enumeration value="1.0" /> + <xs:enumeration value="1.1" /> + <xs:enumeration value="1.2" /> + <xs:enumeration value="1.8" /> + <xs:enumeration value="1.9" /> + </xs:restriction> + </xs:simpleType> + <xs:simpleType name="logLevelType"> + <xs:restriction base="xs:integer"> + <xs:enumeration value="0" /> + <xs:enumeration value="1" /> + <xs:enumeration value="2" /> + <xs:enumeration value="3" /> + <xs:enumeration value="4" /> + <xs:enumeration value="5" /> + </xs:restriction> + </xs:simpleType> +</xs:schema> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_ecdsa.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_ecdsa.xsd new file mode 100644 index 00000000..87ee80be --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_ecdsa.xsd @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema" + targetNamespace="http://www.w3.org/2001/04/xmldsig-more#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#"> + <xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType" /> + <xs:complexType name="ECDSAKeyValueType"> + <xs:sequence> + <xs:element name="DomainParameters" type="ecdsa:DomainParamsType" + minOccurs="0" /> + <xs:element name="PublicKey" type="ecdsa:ECPointType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="DomainParamsType"> + <xs:sequence> + <xs:element name="NamedCurve" minOccurs="0" + type="ecdsa:NamedCurveType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="NamedCurveType"> + <xs:attribute name="URN" type="xs:string" use="required" /> + </xs:complexType> + <xs:complexType name="ECPointType"> + <xs:sequence minOccurs="0"> + <xs:element name="X" type="ecdsa:PrimeFieldElemType" /> + <xs:element name="Y" type="ecdsa:PrimeFieldElemType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="PrimeFieldElemType"> + <xs:attribute name="Value" type="xs:string" use="required" /> + </xs:complexType> +</xs:schema>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_persondata.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_persondata.xsd new file mode 100644 index 00000000..3c9ac932 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_persondata.xsd @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema elementFormDefault="qualified" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#" + targetNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xs="http://www.w3.org/2001/XMLSchema"> + <xs:complexType name="PhysicalPersonType"> + <xs:sequence> + <xs:element minOccurs="0" name="Identification" type="pd:IdentificationType" /> + <xs:element minOccurs="1" name="Name" type="pd:PersonNameType" /> + <xs:element minOccurs="0" name="AlternativeName" type="pd:AlternativeNameType" /> + <xs:element minOccurs="0" name="Sex" type="xs:string" /> + <xs:element minOccurs="0" name="DateOfBirth" type="xs:string" /> + <xs:element minOccurs="0" name="PlaceOfBirth" type="xs:string" /> + <xs:element minOccurs="0" name="CountryOfBirth" type="xs:string" /> + <xs:element minOccurs="0" name="Nationality" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="IdentificationType"> + <xs:sequence> + <xs:element minOccurs="0" name="Value" type="xs:string" /> + <xs:element minOccurs="0" name="Type" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="PersonNameType"> + <xs:sequence> + <xs:element minOccurs="0" name="PrefixedDegree" type="xs:string" /> + <xs:element name="GivenName" type="xs:string" nillable="true" /> + <xs:element name="FamilyName" type="xs:string" nillable="true" /> + <xs:element minOccurs="0" name="SuffixedDegree" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="AlternativeNameType"> + <xs:sequence> + <xs:element name="FamilyName" type="xs:string" nillable="true" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="PostalAddressType"> + <xs:sequence> + <xs:element minOccurs="0" name="PostalCode" type="xs:string" /> + <xs:element minOccurs="0" name="Municipality" type="xs:string" /> + <xs:element minOccurs="0" name="Locality" type="xs:string" /> + <xs:element minOccurs="0" name="StateCode3" type="xs:string" /> + <xs:element minOccurs="0" name="DeliveryAddress" type="pd:DeliveryAddressType" /> + <xs:element minOccurs="0" name="HistoricRecord" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="DeliveryAddressType"> + <xs:sequence> + <xs:element minOccurs="0" name="AddressLine" type="xs:string" /> + <xs:element minOccurs="0" name="StreetName" type="xs:string" /> + <xs:element minOccurs="0" name="BuildingNumber" type="xs:string" /> + <xs:element minOccurs="0" name="Unit" type="xs:string" /> + <xs:element minOccurs="0" name="DoorNumber" type="xs:string" /> + </xs:sequence> + </xs:complexType> +</xs:schema>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_pvp_sec.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_pvp_sec.xsd new file mode 100644 index 00000000..5001c1b8 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_pvp_sec.xsd @@ -0,0 +1,10 @@ +<xs:schema xmlns:pvp="http://egov.gv.at/pvp1.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://schemas.xmlsoap.org/ws/2002/04/secext" elementFormDefault="qualified"> + <xs:import namespace="http://egov.gv.at/pvp1.xsd" schemaLocation="pvp19.xsd"/> + <xs:element name="Security"> + <xs:complexType> + <xs:sequence> + <xs:element ref="pvp:pvpToken"/> + </xs:sequence> + </xs:complexType> + </xs:element> +</xs:schema> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-schemas.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-schemas.xml new file mode 100644 index 00000000..d40efa45 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-schemas.xml @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<bindings version="2.0" xmlns="http://java.sun.com/xml/ns/jaxb" + xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" + xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc"> + + <bindings schemaLocation="../szr_v4/szr_v4.0.xsd"> + <bindings node="/xsd:schema"> + <schemaBindings> + <package name="at.gv.util.xsd.szr_v4" /> + </schemaBindings> + </bindings> + </bindings> + + <bindings schemaLocation="../szr/szr_ecdsa.xsd"> + <bindings node="/xsd:schema"> + <schemaBindings> + <package name="at.gv.util.xsd.szr.ecdsa" /> + </schemaBindings> + </bindings> + </bindings> + + <bindings schemaLocation="../szr_v4/szr_persondata.xsd"> + <bindings node="/xsd:schema"> + <schemaBindings> + <package name="at.gv.util.xsd.szr.persondata" /> + </schemaBindings> + </bindings> + </bindings> + + <bindings schemaLocation="../szr_v4/szr_pvp_sec.xsd"> + <bindings node="/xsd:schema"> + <schemaBindings> + <package name="at.gv.util.xsd.szr.pvp19.sec" /> + </schemaBindings> + </bindings> + </bindings> + + <bindings schemaLocation="../szr_v4/pvp19.xsd"> + <bindings node="/xsd:schema"> + <schemaBindings> + <package name="at.gv.util.xsd.szr.pvp19" /> + </schemaBindings> + </bindings> + </bindings> + + <bindings schemaLocation="../szr/szr_xmldsig.xsd"> + <bindings node="/xsd:schema"> + <schemaBindings> + <package name="at.gv.util.xsd.szr.xmldsig" /> + </schemaBindings> + </bindings> + </bindings> + +</bindings>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-wsdl.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-wsdl.xml new file mode 100644 index 00000000..f95c35f0 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-wsdl.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<bindings xmlns="http://java.sun.com/xml/ns/jaxws" + xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" + xmlns:xsd="http://www.w3.org/2001/XMLSchema" + xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"> + + <enableWrapperStyle>false</enableWrapperStyle> + <package name="at.gv.util.wsdl.szr_v4"/> + +</bindings>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0.xsd new file mode 100644 index 00000000..2d25f2dc --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0.xsd @@ -0,0 +1,443 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:szr="urn:SZRServices" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="urn:SZRServices" elementFormDefault="qualified"> + <xs:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="szr_persondata.xsd"/> + <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="szr_xmldsig.xsd"/> + <xs:element name="SZRException" type="szr:SZRException"/> + <xs:complexType name="SZRException"/> + <xs:complexType name="PersonInfoType"> + <xs:sequence> + <xs:element name="Person" type="pd:PhysicalPersonType"/> + <xs:element name="RegularDomicile" type="pd:PostalAddressType" minOccurs="0"/> + <xs:element name="AddressCodes" type="szr:AddressCodesType" minOccurs="0"/> + <xs:element name="TravelDocument" type="szr:TravelDocumentType" minOccurs="0"/> + <xs:element name="DateOfBirthWildcard" type="xs:boolean" minOccurs="0"/> + <xs:element name="AuskunftssperreGesetzt" type="xs:boolean" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="TravelDocumentType"> + <xs:sequence> + <xs:element name="DocumentNumber" type="xs:string" minOccurs="0"/> + <xs:element name="DocumentType" type="xs:string" minOccurs="0"/> + <xs:element name="IssueDate" type="xs:string" minOccurs="0"/> + <xs:element name="IssuingAuthority" type="xs:string" minOccurs="0"/> + <xs:element name="IssuingCountry" type="xs:string" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="AddressCodesType"> + <xs:sequence> + <xs:element name="GKZ" type="xs:string" minOccurs="0"/> + <xs:element name="OKZ" type="xs:string" minOccurs="0"/> + <xs:element name="SKZ" type="xs:string" minOccurs="0"/> + <xs:element name="ADRCD" type="xs:string" minOccurs="0"/> + <xs:element name="SUBCD" type="xs:string" minOccurs="0"/> + <xs:element name="OBJNR" type="xs:string" minOccurs="0"/> + <xs:element name="NTZLNR" type="xs:string" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + <xs:element name="TransformBPK"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + <xs:element name="InputBPK" type="xs:string"/> + <xs:element name="InputBereichsKennung" type="xs:string"/> + <xs:element name="Begruendung" type="xs:string"/> + <xs:element name="Target" type="szr:FremdBPKRequestType" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="TransformBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="TransformBPKReturn" type="szr:FremdBPKType" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVKZPermission"> + <xs:complexType> + <xs:sequence> + <xs:element name="VKZ" type="xs:string"/> + <xs:element name="BereichsKennung" type="xs:string"/> + <xs:element name="ParticipantId" type="xs:string" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVKZPermissionResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetVKZPermissionReturn" type="szr:GetVKZPermissionResponseType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="IdentityLinkType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + <xs:element name="Assertion" type="xs:anyType"/> + <xs:element name="AdditionalInfo" type="xs:string" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="ResultRecord"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + <xs:element name="Register" type="xs:string"/> + <xs:element name="bPK" type="xs:string"/> + <xs:element name="FremdBPK" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKKombiRequestType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + <xs:element name="InsertERnP" minOccurs="0"> + <xs:simpleType> + <xs:restriction base="xs:string"> + <xs:enumeration value="NoInsert"/> + <xs:enumeration value="InsertOnNoMatch"/> + <xs:enumeration value="ForceInsert"/> + </xs:restriction> + </xs:simpleType> + </xs:element> + <xs:element name="Suchwizard" type="xs:boolean" minOccurs="0"/> + <xs:element name="VKZ" type="xs:string" nillable="true"/> + <xs:element name="BehoerdenKennzeichen" type="xs:string" minOccurs="0"/> + <xs:element name="BereichsKennung" type="xs:string" minOccurs="0"/> + <xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="Sessionid" type="xs:string" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKKombiResponseType"> + <xs:complexContent> + <xs:extension base="szr:GetBPKZPVResponseType"> + <xs:sequence> + <xs:element name="FoundWithSuchwizard" type="xs:boolean"/> + <xs:element name="Sessionid" type="xs:string"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + <xs:complexType name="GetBPKZPVRequestType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + <xs:element name="InsertERnP" type="xs:boolean" default="false" minOccurs="0"/> + <xs:element name="VKZ" type="xs:string" minOccurs="1"/> + <xs:element name="BehoerdenKennzeichen" type="xs:string" minOccurs="0"/> + <xs:element name="BereichsKennung" type="xs:string" minOccurs="0"/> + <xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKZPVResponseType"> + <xs:sequence> + <xs:element name="ResultRecord" type="szr:ResultRecord" maxOccurs="unbounded"/> + <xs:element name="InsertERnPResult" type="xs:boolean"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKFromStammzahlEncryptedRequestType"> + <xs:sequence> + <xs:element name="StammzahlEncrypted" type="xs:string" minOccurs="1"/> + <xs:element name="PersonInfo" type="szr:PersonInfoType" minOccurs="0"/> + <xs:element name="VKZ" type="xs:string" minOccurs="1"/> + <xs:element name="BereichsKennung" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="key"/> + </xs:complexType> + <xs:complexType name="GetBPKFromStammzahlEncryptedResponseType"> + <xs:sequence> + <xs:element name="bPK" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="FremdBPK" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="Fault" type="szr:Fault" minOccurs="0"/> + </xs:sequence> + <xs:attribute name="key"/> + </xs:complexType> + <xs:complexType name="Fault"> + <xs:attribute name="Code" type="xs:string"/> + <xs:attribute name="String" type="xs:string"/> + </xs:complexType> + <xs:complexType name="SignContentResponseType"> + <xs:sequence> + <xs:element name="JwsAlg" type="xs:string" minOccurs="0"/> + <xs:element name="Out" type="szr:SignContentEntry" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="SignContentEntry"> + <xs:simpleContent> + <xs:extension base="xs:string"> + <xs:attribute name="key"/> + </xs:extension> + </xs:simpleContent> + </xs:complexType> + <xs:element name="GetIdentityLink"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + <xs:element name="KeyValue" type="dsig:KeyValueType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="InsertERnP" type="xs:boolean" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetIdentityLinkResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetIdentityLinkReturn" type="szr:IdentityLinkType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetIdentityLinkEidas"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetIdentityLinkEidasResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetIdentityLinkReturn" type="szr:IdentityLinkType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPK"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + <xs:element name="BereichsKennung" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="VKZ" type="xs:string" minOccurs="0"/> + <xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="ListMultiplePersons" type="xs:boolean" minOccurs="0"/> + <xs:element name="InsertERnP" type="xs:boolean" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKReturn" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="FremdBPK" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="PersonInfo" type="szr:PersonInfoType" minOccurs="0" maxOccurs="5"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKs"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" maxOccurs="unbounded"/> + <xs:element name="BereichsKennung" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="VKZ" type="xs:string"/> + <xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKsResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="ResultRecord" type="szr:GetBPKsResponseType" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="GetBPKsResponseType"> + <xs:sequence> + <xs:element name="BPK" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="FremdBPK" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="Fault" minOccurs="0"> + <xs:complexType> + <xs:attribute name="Code" type="xs:string"/> + <xs:attribute name="String" type="xs:string"/> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + <xs:element name="GetBPKKombi"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKKombiRequest" type="szr:GetBPKKombiRequestType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKKombiResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKKombiResponse" type="szr:GetBPKKombiResponseType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKZPV"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKZPVRequest" type="szr:GetBPKZPVRequestType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKZPVResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKZPVResponse" type="szr:GetBPKZPVResponseType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKFromStammzahlEncrypted"> + <xs:complexType> + <xs:sequence> + <xs:element name="In" type="szr:GetBPKFromStammzahlEncryptedRequestType" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKFromStammzahlEncryptedResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Out" type="szr:GetBPKFromStammzahlEncryptedResponseType" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="SignContent"> + <xs:complexType> + <xs:sequence> + <xs:element name="AppendCert" type="xs:boolean" default="false" minOccurs="0"/> + <xs:element name="JWSHeaderParam" type="szr:JwsHeaderParam" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="In" type="szr:SignContentEntry" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="JwsHeaderParam"> + <xs:attribute name="key" type="xs:string" use="required"/> + <xs:attribute name="value" type="xs:string" use="required"/> + </xs:complexType> + <xs:element name="SignContentResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="SignContentResponse" type="szr:SignContentResponseType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ValidateIdentityLink"> + <xs:complexType> + <xs:sequence> + <xs:element name="IdentityLink" type="szr:IdentityLinkType"/> + <xs:element name="BereichsKennung" type="xs:string"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ValidateIdentityLinkResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="ValidateIdentityLinkReturn" type="xs:string"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="BPKzuBasiszahl"> + <xs:complexType> + <xs:sequence> + <xs:element name="Bereich" type="xs:string"/> + <xs:element name="BPK" type="xs:string"/> + <xs:element name="BasisZahl" type="xs:string" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="BPKzuBasiszahlResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="BPKzuBasiszahlReturn" type="xs:string"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="FremdBPKRequestType"> + <xs:sequence> + <xs:element name="BereichsKennung" type="xs:string"/> + <xs:element name="VKZ" type="xs:string"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="FremdBPKType"> + <xs:sequence> + <xs:element name="BereichsKennung" type="xs:string"/> + <xs:element name="FremdBPK" type="xs:string"/> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetVKZPermissionResponseType"> + <xs:sequence> + <xs:element name="isAllowed" type="xs:boolean"/> + <xs:element name="behSchluessel" type="xs:string" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + <xs:element name="BasiszahlZuBPK"> + <xs:complexType> + <xs:sequence> + <xs:element name="VKZ" type="xs:string" minOccurs="0"/> + <xs:element name="BasisZahl" type="xs:string" maxOccurs="unbounded"/> + <xs:element name="Bereich" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="FremdBPKTargets" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="BasiszahlZuBPKReturnType"> + <xs:sequence> + <xs:element name="BPK" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="FremdBPKs" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + <xs:element name="BasiszahlZuBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="BasiszahlZuBPKReturn" type="szr:BasiszahlZuBPKReturnType" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ZMRAnwendungsIntegration"> + <xs:complexType> + <xs:sequence> + <xs:element name="Bereich" type="xs:string"/> + <xs:element name="FremdBPKTargets" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="ZMRfremdbPK" type="xs:string" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="ZMRAnwendungsIntegrationReturnType"> + <xs:sequence> + <xs:element name="BPK" type="xs:string"/> + <xs:element name="FremdBPKs" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + <xs:element name="ZMRAnwendungsIntegrationResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="ZMRAnwendungsIntegrationReturn" type="szr:ZMRAnwendungsIntegrationReturnType" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahl"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Stammzahl" type="xs:string"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlEncrypted"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType"/> + <xs:element name="InsertERnP" type="xs:boolean" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlEncryptedResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Stammzahl" type="xs:string"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVersion" nillable="true"/> + <xs:element name="GetVersionResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Version" type="xs:string"/> + <xs:element name="Revision" type="xs:string"/> + <xs:element name="Time" type="xs:string"/> + <xs:element name="IdentityLinkNotAfter" type="xs:string"/> + </xs:sequence> + </xs:complexType> + </xs:element> +</xs:schema> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_xmldsig.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_xmldsig.xsd new file mode 100644 index 00000000..96b50b40 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_xmldsig.xsd @@ -0,0 +1,31 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" + targetNamespace="http://www.w3.org/2000/09/xmldsig#" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <xs:import namespace="http://www.w3.org/2001/04/xmldsig-more#" schemaLocation="szr_ecdsa.xsd"/> + <xs:complexType name="KeyValueType"> + <xs:sequence> + <xs:element name="DSAKeyValue" minOccurs="0" + type="dsig:DSAKeyValueType" /> + <xs:element name="RSAKeyValue" minOccurs="0" + type="dsig:RSAKeyValueType" /> + <xs:element ref="ecdsa:ECDSAKeyValue" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="DSAKeyValueType"> + <xs:sequence> + <xs:element name="P" minOccurs="0" type="xs:string" /> + <xs:element name="Q" minOccurs="0" type="xs:string" /> + <xs:element name="J" minOccurs="0" type="xs:string" /> + <xs:element name="G" minOccurs="0" type="xs:string" /> + <xs:element name="Y" minOccurs="0" type="xs:string" /> + <xs:element name="PgenCounter" minOccurs="0" type="xs:string" /> + <xs:element name="Seed" minOccurs="0" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="RSAKeyValueType"> + <xs:sequence> + <xs:element name="Modulus" minOccurs="0" type="xs:string" /> + <xs:element name="Exponent" minOccurs="0" type="xs:string" /> + </xs:sequence> + </xs:complexType> +</xs:schema> |