aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2018-07-20 10:56:04 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2018-07-20 10:56:04 +0200
commit31bc1246bb56fcd8807678e3f7516023bdfaed44 (patch)
tree0c3ed662a5be943a4ceb70d021e1bb7ac9dc1015 /eidas_modules/authmodule-eIDAS-v2/src/main
parent2945c875bda2c8236d0b3fd630358fcaca85f4a8 (diff)
downloadNational_eIDAS_Gateway-31bc1246bb56fcd8807678e3f7516023bdfaed44.tar.gz
National_eIDAS_Gateway-31bc1246bb56fcd8807678e3f7516023bdfaed44.tar.bz2
National_eIDAS_Gateway-31bc1246bb56fcd8807678e3f7516023bdfaed44.zip
add SZR client
add different logging backends define errorcodes and error messages update to eIDAS Ref. impl 2.1
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java66
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java8
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationSpringResourceProvider.java2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java89
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/SZRCommunicationException.java15
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAttributeException.java15
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAuthenticationException.java8
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASValidationException.java14
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java114
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java372
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/szr/SZRService.java139
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java391
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java425
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java163
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/utils/LoggingHandler.java52
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/utils/eIDASResponseUtils.java98
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java135
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml19
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/additional-attributes.xml42
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/eidas-attributes.xml379
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml30
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml51
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.WSDL901
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp1.xsd133
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/templates/eidas_node_forward.html30
25 files changed, 3227 insertions, 464 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java
index de7d9100..b1cd128f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java
@@ -7,13 +7,60 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+
public class Constants {
+ public static final String EXECUTIONCONTEXT_SELECTED_COUNTRY = "selectedCountry";
+ public static final String DATA_REQUESTERID = "req_requesterId";
+ public static final String DATA_PROVIDERNAME = "req_providerName";
+ public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA";
+ public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision";
+ public static final String DATA_FULL_EIDAS_RESPONSE = "resp_fulleIDASResponse";
+
+
+ //templates for post-binding forwarding
+ public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html";
+ public static final String TEMPLATE_POST_FORWARD_ENDPOINT = "endPoint";
+ public static final String TEMPLATE_POST_FORWARD_TOKEN_NAME = "tokenName";
+ public static final String TEMPLATE_POST_FORWARD_TOKEN_VALUE = "tokenValue";
+
+
//configuration properties
public static final String CONIG_PROPS_EIDAS_PREFIX="auth.eIDAS";
public static final String CONIG_PROPS_EIDAS_NODE= CONIG_PROPS_EIDAS_PREFIX + ".node_v2";
public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode";
+ public static final String CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS = CONIG_PROPS_EIDAS_NODE + ".publicSectorTargets";
+ public static final String CONIG_PROPS_EIDAS_NODE_ENTITYID = CONIG_PROPS_EIDAS_NODE + ".entityId";
+ public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_URL = CONIG_PROPS_EIDAS_NODE + ".forward.endpoint";
+ public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD = CONIG_PROPS_EIDAS_NODE + ".forward.method";
+ public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_ONLYNATURAL = CONIG_PROPS_EIDAS_NODE + ".attributes.requested.onlynatural.";
+ public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_REPRESENTATION = CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation.";
+ public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME = CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName";;
+ public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER = CONIG_PROPS_EIDAS_NODE + ".workarounds.useRequestIdAsTransactionIdentifier";
+ public static final String FORWARD_METHOD_POST = "POST";
+ public static final String FORWARD_METHOD_GET = "GET";
+
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT= CONIG_PROPS_EIDAS_PREFIX + ".szrclient";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE= CONIG_PROPS_EIDAS_SZRCLIENT + ".useTestService";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES= CONIG_PROPS_EIDAS_SZRCLIENT + ".debug.logfullmessages";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY= CONIG_PROPS_EIDAS_SZRCLIENT + ".debug.useDummySolution";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_INSERTERNB= CONIG_PROPS_EIDAS_SZRCLIENT + ".debug.insertERnB";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION= CONIG_PROPS_EIDAS_SZRCLIENT + ".timeout.connection";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE= CONIG_PROPS_EIDAS_SZRCLIENT + ".timeout.response";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_PROD= CONIG_PROPS_EIDAS_SZRCLIENT + ".endpoint.prod";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_TEST= CONIG_PROPS_EIDAS_SZRCLIENT + ".endpoint.test";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PATH = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.keyStore.path";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.keyStore.password";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.trustStore.path";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.trustStore.password";
+
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.documenttype";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.vkz";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.issuingdate";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.issuingauthority";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY= CONIG_PROPS_EIDAS_SZRCLIENT + ".params.usedummykeys";
//http endpoint descriptions
public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/light/sp/post";
@@ -42,4 +89,23 @@ public class Constants {
// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri());
}
});
+
+ public static final String POLICY_DEFAULT_ALLOWED_TARGETS =
+ EAAFConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+", "\\\\+") + ".*";
+
+ //SAML2 Constants
+ public static final String SUCCESS_URI = "urn:oasis:names:tc:SAML:2.0:status:Success";
+
+ public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION = "30"; //seconds
+ public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE = "60"; //seconds
+
+
+ //Default values for SZR communication
+ public static final String SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE = "ELEKTR_DOKUMENT";
+
+ //TODO remove!!!
+ public static final String SZR_CONSTANTS_DEFAULT_ISSUING_DATE = "2014-01-01";
+ public static final String SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY = "ms-specific eIDAS-Node for AT";
+ public final static byte[] SZR_CONSTANTS_DEFAULT_PUBL_KEY = new byte[] {48, -127, -97, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 3, -127, -115, 0, 48, -127, -119, 2, -127, -127, 0, -106, 114, -113, -1, -84, 116, 35, 3, 70, -81, 81, -110, -10, -59, 114, 4, -109, 86, 127, -50, 125, 47, 4, 80, 79, 53, 117, -36, 15, -16, -61, 110, 39, 89, 29, -43, 37, -127, 80, -109, -38, 65, 125, -119, 44, -111, -21, 47, -98, 38, -112, -24, 107, -110, 17, -10, 51, -4, -36, -72, -28, -18, -14, 117, -67, 76, -31, 32, 92, 104, -21, 68, 31, -12, 30, -104, -104, 42, -107, 126, 84, 50, 85, -117, 44, -100, -4, 102, -100, 52, -68, 77, -32, 9, -16, -30, -104, -90, 107, -88, 7, 97, -94, 72, -61, -40, 80, -112, -65, -25, -72, -19, -95, -54, 31, 15, 24, -105, 123, -81, 23, -123, 92, -103, -101, 47, 47, -105, 2, 3, 1, 0, 1};
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java
index 1ce2f949..fef9cbfa 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java
@@ -4,8 +4,8 @@ package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2;
import org.apache.commons.lang3.StringUtils;
-import at.gv.egovernment.moa.id.auth.modules.AuthModule;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
/**
* @author tlenz
@@ -33,8 +33,8 @@ public class eIDASAuthenticationModulImpl implements AuthModule {
*/
@Override
public String selectProcess(ExecutionContext context) {
- if (StringUtils.isNotBlank((String) context.get("ccc")) ||
- StringUtils.isNotBlank((String) context.get("CCC")))
+ if (StringUtils.isNotBlank((String) context.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY)) ||
+ StringUtils.isNotBlank((String) context.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY)))
return "eIDASAuthentication_v2";
else
return null;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationSpringResourceProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationSpringResourceProvider.java
index b491b8d8..e067acfb 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationSpringResourceProvider.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationSpringResourceProvider.java
@@ -22,7 +22,7 @@ public class eIDASAuthenticationSpringResourceProvider implements SpringResource
@Override
public Resource[] getResourcesToLoad() {
- ClassPathResource eIDASAuthConfig = new ClassPathResource("/eidas_v2_auth.beans", eIDASAuthenticationSpringResourceProvider.class);
+ ClassPathResource eIDASAuthConfig = new ClassPathResource("/eidas_v2_auth.beans.xml", eIDASAuthenticationSpringResourceProvider.class);
return new Resource[] {eIDASAuthConfig};
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java
index 51d1bd0c..77f799e7 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java
@@ -8,14 +8,25 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.text.StringEscapeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
-import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
+import com.google.common.collect.ImmutableSortedSet;
+
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry;
+import eu.eidas.auth.commons.EidasParameterKeys;
+import eu.eidas.auth.commons.light.ILightResponse;
+import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
+import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
+import eu.eidas.specificcommunication.protocol.impl.SpecificConnectorCommunicationServiceImpl;
+
/**
* @author tlenz
@@ -25,9 +36,10 @@ import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalControll
public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
private static final Logger log = LoggerFactory.getLogger(eIDASSignalServlet.class);
+ @Autowired private ApplicationContext context;
+ @Autowired private eIDASAttributeRegistry attrRegistry;
-
- public eIDASSignalServlet() {
+ public eIDASSignalServlet() {
super();
log.debug("Registering servlet " + getClass().getName() +
" with mappings '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_POST +
@@ -39,11 +51,11 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT
},
method = {RequestMethod.POST, RequestMethod.GET})
- public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ public void restoreEidasAuthProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException {
signalProcessManagement(req, resp);
}
- @Override
+
/**
* Protocol specific implementation to get the pending-requestID
* from http request object
@@ -52,31 +64,68 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
* @return The Pending-request id
*
*/
+ @Override
public String getPendingRequestId(HttpServletRequest request) {
- String sessionId = super.getPendingRequestId(request);
+ //String sessionId = super.getPendingRequestId(request);
try {
-
- // use SAML2 relayState
- if (sessionId == null) {
- log.trace("No transaction identifier from pendingReq. Search for SAML2 'RelayState' ...");
- sessionId = StringEscapeUtils.escapeHtml4(request.getParameter("RelayState"));
-
- if (StringUtils.isEmpty(sessionId))
- log.info("NO transaction identifier found! Stopping process ....");
- else
- log.debug("Find transaction identifier in SAML2 'RelayState': " + sessionId);
+ //get token from Request
+ final String tokenBase64 = request.getParameter(EidasParameterKeys.TOKEN.toString());
+ if (StringUtils.isEmpty(tokenBase64)) {
+ log.warn("NO eIDAS message token found.");
+ throw new eIDASAuthenticationException("eidas.04", null);
+ }
+ log.trace("Receive eIDAS-node token: " + tokenBase64 + " Starting transaction-restore process ... ");
- } else
- log.trace("Find transaction identifier from pendingReq.");
+
+
+ final SpecificConnectorCommunicationServiceImpl specificConnectorCommunicationService =
+ (SpecificConnectorCommunicationServiceImpl) context.getBean(SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString());
+ ILightResponse eIDASResponse = specificConnectorCommunicationService.getAndRemoveResponse(tokenBase64,
+ ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes()));
+
+ String pendingReqId = null;
+ if (StringUtils.isEmpty(eIDASResponse.getRelayState())) {
+ log.debug("eIDAS Node returns no RelayState. ");
+
+ if (authConfig.getBasicMOAIDConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER,
+ false)) {
+ log.trace("Use lightRequestId to recover session ... ");
+ pendingReqId = transactionStorage.get(eIDASResponse.getInResponseToId(), String.class);
+ if (StringUtils.isNotEmpty(pendingReqId)) {
+ log.debug("Restoring session with lightRequestId ... ");
+ transactionStorage.remove(eIDASResponse.getInResponseToId());
+
+ }
+ }
+
+ } else {
+ log.debug("Find transaction identifier in SAML2 'RelayState': " + eIDASResponse.getRelayState());
+ pendingReqId = eIDASResponse.getRelayState();
+
+ }
+ if (StringUtils.isNotEmpty(pendingReqId)) {
+ request.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eIDASResponse);
+ return pendingReqId;
+
+ }
+
+ log.info("NO transaction identifier found! Stopping process ....");
+ log.trace("FullResponse: " + eIDASResponse.toString());
+
+ } catch (SpecificCommunicationException e) {
+ log.warn("Can NOT load eIDAS Response from cache.", e);
+ log.debug("eIDAS response token was: " + request.getParameter(EidasParameterKeys.TOKEN.toString()));
+
} catch (Exception e) {
log.warn("Unable to retrieve moa session id.", e);
}
- return sessionId;
+ return null;
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/SZRCommunicationException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/SZRCommunicationException.java
new file mode 100644
index 00000000..a0c3cf88
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/SZRCommunicationException.java
@@ -0,0 +1,15 @@
+package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception;
+
+public class SZRCommunicationException extends eIDASAuthenticationException {
+
+ private static final long serialVersionUID = 1L;
+
+ public SZRCommunicationException(String internalMsgId, Object[] params) {
+ super(internalMsgId, params);
+ }
+
+ public SZRCommunicationException(String internalMsgId, Object[] params, Throwable e) {
+ super(internalMsgId, params, e);
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAttributeException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAttributeException.java
new file mode 100644
index 00000000..f1d4280f
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAttributeException.java
@@ -0,0 +1,15 @@
+package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception;
+
+public class eIDASAttributeException extends eIDASAuthenticationException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public eIDASAttributeException(String attrbuteName) {
+ super("eidas.00", new Object[] {attrbuteName});
+
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAuthenticationException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAuthenticationException.java
index fff6773e..939e7471 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAuthenticationException.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAuthenticationException.java
@@ -9,12 +9,12 @@ public class eIDASAuthenticationException extends EAAFAuthenticationException{
*/
private static final long serialVersionUID = 1L;
- public eIDASAuthenticationException(String internalMsgId, Object[] params, String msg) {
- super(internalMsgId, params, msg);
+ public eIDASAuthenticationException(String internalMsgId, Object[] params) {
+ super(internalMsgId, params);
}
- public eIDASAuthenticationException(String internalMsgId, Object[] params, String msg, Throwable e) {
- super(internalMsgId, params, msg, e);
+ public eIDASAuthenticationException(String internalMsgId, Object[] params, Throwable e) {
+ super(internalMsgId, params, e);
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASValidationException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASValidationException.java
new file mode 100644
index 00000000..7b81eacd
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASValidationException.java
@@ -0,0 +1,14 @@
+package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception;
+
+public class eIDASValidationException extends eIDASAuthenticationException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public eIDASValidationException(String internalMsgId, Object[] params) {
+ super(internalMsgId, params);
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java
new file mode 100644
index 00000000..b3855635
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java
@@ -0,0 +1,114 @@
+package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.service;
+
+import java.io.File;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants;
+import eu.eidas.auth.commons.attribute.AttributeRegistries;
+import eu.eidas.auth.commons.attribute.AttributeRegistry;
+
+@Service("attributeRegistry")
+public class eIDASAttributeRegistry {
+ private static final Logger log = LoggerFactory.getLogger(eIDASAttributeRegistry.class);
+ @Autowired private IConfiguration basicConfig;
+
+ private AttributeRegistry coreAttributeRegistry;
+
+ private String eidasAttributesFile;
+ private String additionalAttributesFile;
+
+ @PostConstruct
+ private void initialize() throws RuntimeException {
+ try {
+ if (eidasAttributesFile.isEmpty()) {
+ log.error("Basic eIDAS addribute definition NOT defined");
+ throw new EAAFConfigurationException("Basic eIDAS addribute definition NOT defined");
+
+ }
+
+ boolean additionalAttrAvailabe = false;
+ if (!additionalAttributesFile.isEmpty()) {
+ File file = new File(additionalAttributesFile);
+ if (file.exists())
+ additionalAttrAvailabe = true;
+
+ }
+
+ if (!additionalAttrAvailabe) {
+ log.info("Start eIDAS ref. impl. Core without additional eIDAS attribute definitions ... ");
+ coreAttributeRegistry = AttributeRegistries.fromFiles(eidasAttributesFile, null);
+
+ } else {
+ //load attribute definitions
+ log.info("Start eIDAS ref. impl. Core with additional eIDAS attribute definitions ... ");
+ coreAttributeRegistry = AttributeRegistries.fromFiles(eidasAttributesFile, null, additionalAttributesFile);
+
+ }
+
+ } catch (Throwable e) {
+ log.error("Can NOT initialize eIDAS attribute definition." , e);
+ new RuntimeException("Can NOT initialize eIDAS attribute definition.", e);
+
+ }
+ }
+
+
+ public AttributeRegistry getCoreAttributeRegistry() {
+ return coreAttributeRegistry;
+ }
+
+ public Map<String, Boolean> getAttributeSetFromConfiguration() {
+ Map<String, Boolean> result = new HashMap<String, Boolean>();
+
+ /*TODO: select set for representation if mandates should be used.
+ * It's an open task in respect to requested eIDAS attributes and isRequired flag,
+ * because there can be a decision problem in case of natural or legal person representation!
+ * From an Austrian use-case point of view, an Austrian service provider can support mandates for
+ * natural and legal persons at the same time. However, we CAN NOT request attributes for natural AND
+ * legal persons on the same time, because it's not possible to represent both simultaneously.
+ */
+ Map<String, String> configAttributes =
+ basicConfig.getBasicMOAIDConfigurationWithPrefix(
+ Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_ONLYNATURAL);
+ for (String el: configAttributes.values()) {
+ if (StringUtils.isNotEmpty(el.trim())) {
+ List<String> attrDef = KeyValueUtils.getListOfCSVValues(el.trim());
+ boolean isRequired = false;
+ if (attrDef.size() == 2)
+ isRequired = Boolean.parseBoolean(attrDef.get(1));
+
+ result.put(attrDef.get(0), isRequired);
+
+ }
+ }
+
+ log.trace("Load #" + result.size() + " requested attributes from configuration");
+ return result;
+
+ }
+
+
+ public void setEidasAttributesFile(String eidasAttributesFile) {
+ this.eidasAttributesFile = eidasAttributesFile;
+ }
+
+ public void setAdditionalAttributesFile(String additionalAttributesFile) {
+ this.additionalAttributesFile = additionalAttributesFile;
+ }
+
+
+}
+
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java
new file mode 100644
index 00000000..86f0d0bb
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java
@@ -0,0 +1,372 @@
+package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.szr;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.UnrecoverableKeyException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import javax.annotation.PostConstruct;
+import javax.annotation.Resource;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import javax.xml.namespace.QName;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Dispatch;
+import javax.xml.ws.WebServiceContext;
+import javax.xml.ws.handler.Handler;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.jaxws.DispatchImpl;
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
+import org.apache.xpath.XPathAPI;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.w3._2000._09.xmldsig.KeyValueType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.core.api.data.XMLNamespaceConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.utils.LoggingHandler;
+import szrservices.GetBPK;
+import szrservices.GetBPKResponse;
+import szrservices.GetIdentityLink;
+import szrservices.GetIdentityLinkResponse;
+import szrservices.IdentityLinkType;
+import szrservices.PersonInfoType;
+import szrservices.SZR;
+import szrservices.SZRException_Exception;
+
+@Service("SZRClientForeIDAS")
+public class SZRClient {
+ private static final Logger log = LoggerFactory.getLogger(SZRClient.class);
+
+ private static final String CLIENT_DEFAULT = "DefaultClient";
+ private static final String CLIENT_RAW = "RawClient";
+
+ @Autowired private IConfiguration basicConfig;
+ @Resource private WebServiceContext wsContext;
+
+ //client for anything, without identitylink
+ private SZR szr = null;
+
+ //RAW client is needed for identitylink
+ private Dispatch<Source> dispatch = null;
+
+
+ private SZRService szrService = null;
+ private String szrURL = null;
+ private QName qname = null;
+
+ public IdentityLinkType getIdentityLink(PersonInfoType personInfo, List<KeyValueType> keyValue, Boolean insertERnP) throws SZRCommunicationException {
+ try {
+ return szr.getIdentityLink(
+ personInfo,
+ keyValue,
+ insertERnP);
+
+ } catch (SZRException_Exception e) {
+ log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e);
+ throw new SZRCommunicationException("ernb.02", new Object[] {e.getMessage()}, e);
+
+ }
+
+ }
+
+ public IdentityLinkType getIdentityLinkInRawMode(PersonInfoType personInfo, List<KeyValueType> keyValue, Boolean insertERnP) throws SZRCommunicationException {
+ try {
+ GetIdentityLink getIDL = new GetIdentityLink();
+ getIDL.setInsertERnP(insertERnP);
+ getIDL.setPersonInfo(personInfo);
+ getIDL.getKeyValue().addAll(keyValue);
+
+ JAXBContext jaxbContext = JAXBContext.newInstance(GetIdentityLink.class);
+ Marshaller jaxbMarshaller = jaxbContext.createMarshaller();
+
+ final ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+ jaxbMarshaller.marshal(getIDL, outputStream);
+ outputStream.flush();
+
+ Source source = new StreamSource(new ByteArrayInputStream(outputStream.toByteArray()));
+ outputStream.close();
+
+ log.trace("Requesting SZR ... ");
+ Source response = dispatch.invoke(source);
+ log.trace("Receive RAW response from SZR");
+
+ byte[] szrResponse = sourceToByteArray(response);
+ JAXBContext ctx = JAXBContext.newInstance(IdentityLinkType.class
+ .getPackage().getName());
+ GetIdentityLinkResponse jaxbElement = (GetIdentityLinkResponse) ctx
+ .createUnmarshaller().unmarshal(new ByteArrayInputStream(szrResponse));
+
+
+ //build response
+ log.trace(new String(szrResponse));
+ log.trace("Signature successfully created. Extracting from MOA-SS container.");
+
+ // ok, we have success
+ Document doc = DOMUtils.parseDocument(
+ new ByteArrayInputStream(szrResponse),
+ true, XMLNamespaceConstants.ALL_SCHEMA_LOCATIONS, null, null
+ );
+ String xpathExpression = "//saml:Assertion";
+ Element nsNode = doc.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "saml:NSNode");
+
+ log.trace("Selecting signed doc " + xpathExpression);
+ Element documentNode = (Element) XPathAPI.selectSingleNode(doc,
+ xpathExpression, nsNode);
+ log.trace("Signed document: " + DOMUtils.serializeNode(documentNode));
+
+
+ IdentityLinkType idl = new IdentityLinkType();
+ idl.setAssertion(documentNode);
+ idl.setPersonInfo(jaxbElement.getGetIdentityLinkReturn().getPersonInfo());
+
+ return idl;
+
+
+ //IdentityLinkType idlResp = this.szr.getIdentityLink(personInfo, keyValue, insertERnP);
+
+ } catch ( Exception e) {
+ log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e);
+ throw new SZRCommunicationException("ernb.02", new Object[] {e.getMessage()}, e);
+
+ }
+
+ }
+
+ public String getBPK(PersonInfoType personInfo, String target, String vkz) throws SZRCommunicationException {
+ try {
+ GetBPK parameters = new GetBPK();
+ parameters.setPersonInfo(personInfo);
+ parameters.setBereichsKennung(target);
+ parameters.setVKZ(vkz);
+ GetBPKResponse result = this.szr.getBPK(parameters);
+
+ return result.getGetBPKReturn();
+
+ } catch (SZRException_Exception e) {
+ log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e);
+ throw new SZRCommunicationException("ernb.02", new Object[] {e.getMessage()}, e);
+
+ }
+
+ }
+
+
+ @PostConstruct
+ private void initialize() {
+ log.info("Starting SZR-Client initialization .... ");
+ URL url = SZRClient.class.getResource("/szr_client/SZR-1.WSDL");
+
+ boolean useTestSZR = basicConfig.getBasicMOAIDConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE,
+ true);
+
+ if (useTestSZR) {
+ log.debug("Initializing SZR test environment configuration.");
+ qname = SZRService.SZRTestumgebung;
+ szrService = new SZRService(url, new QName("urn:SZRServices", "SZRService"));
+ szr = szrService.getSZRTestumgebung();
+ szrURL = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_TEST);
+
+
+ } else {
+ log.debug("Initializing SZR productive configuration.");
+ qname = SZRService.SZRProduktionsumgebung;
+ szrService = new SZRService(url, new QName("urn:SZRServices", "SZRService"));
+ szr = szrService.getSZRProduktionsumgebung();
+ szrURL = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_PROD);
+
+ }
+
+ //create raw client;
+ dispatch = szrService.createDispatch(qname, Source.class, javax.xml.ws.Service.Mode.PAYLOAD);
+
+ if (StringUtils.isEmpty(szrURL)) {
+ log.error("No SZR service-URL found. SZR-Client initalisiation failed.");
+ throw new RuntimeException("No SZR service URL found. SZR-Client initalisiation failed.");
+
+ }
+
+ log.info("Use SZR service-URL: " + szrURL);
+ injectBindingProvider((BindingProvider) szr, CLIENT_DEFAULT);
+ injectBindingProvider((BindingProvider) dispatch, CLIENT_RAW);
+
+ log.debug("Inject HTTP client settings ... ");
+ injectHTTPClient(szr, CLIENT_DEFAULT);
+ injectHTTPClient(dispatch, CLIENT_RAW);
+
+ log.info("SZR-Client initialization successfull");
+ }
+
+ private void injectHTTPClient(Object raw, String clientType) {
+ //extract client from implementation
+ Client client = null;
+ if (raw instanceof DispatchImpl<?>)
+ client = ((DispatchImpl<?>)raw).getClient();
+ else if (raw instanceof Client)
+ client = ClientProxy.getClient(raw);
+ else
+ throw new RuntimeException("SOAP Client for SZR connection is of UNSUPPORTED type: " + raw.getClass().getName());
+
+ //set basic connection policies
+ HTTPConduit http = (HTTPConduit) client.getConduit();
+
+ //set timeout policy
+ HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+ httpClientPolicy.setConnectionTimeout(
+ Integer.parseInt(basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION,
+ Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION)) * 1000);
+ httpClientPolicy.setReceiveTimeout(
+ Integer.parseInt(basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE,
+ Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE)) * 1000);
+ http.setClient(httpClientPolicy);
+
+ //inject SSL context in case of https
+ if (szrURL.toLowerCase().startsWith("https")) {
+ log.debug("Adding SSLContext to client: " + clientType +" ... ");
+ TLSClientParameters tlsParams = new TLSClientParameters();
+ tlsParams.setSSLSocketFactory(createSSLContext(clientType).getSocketFactory());
+ http.setTlsClientParameters(tlsParams );
+ log.info("SSLContext initialized for client: " + clientType);
+
+ }
+
+ }
+
+ private void injectBindingProvider(BindingProvider bindingProvider, String clientType) {
+ Map<String, Object> requestContext = bindingProvider.getRequestContext();
+ requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, szrURL);
+
+ log.trace("Adding JAX-WS request/response trace handler to client: " + clientType);
+ List<Handler> handlerList = bindingProvider.getBinding().getHandlerChain();
+ if (handlerList == null) {
+ handlerList = new ArrayList<Handler>();
+ bindingProvider.getBinding().setHandlerChain(handlerList);
+
+ }
+
+ //add logging handler to trace messages if required
+ if (basicConfig.getBasicMOAIDConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES,
+ false)) {
+ LoggingHandler loggingHandler = new LoggingHandler();
+ handlerList.add(loggingHandler);
+
+ }
+ }
+
+ private SSLContext createSSLContext(String clientType) {
+ try {
+ SSLContext context = SSLContext.getInstance("TLS");
+
+ //initialize key-mangager for SSL client-authentication
+ KeyManager[] keyManager = null;
+ String keyStorePath = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PATH);
+ String keyStorePassword = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PASSWORD);
+ if (StringUtils.isNotEmpty(keyStorePath)) {
+ log.trace("Find keyStore path: " + keyStorePath + " Injecting SSL client certificate ... ");
+ try {
+ KeyStore keyStore = KeyStoreUtils.loadKeyStore(
+ FileUtils.makeAbsoluteURL(keyStorePath, basicConfig.getConfigurationRootDirectory()),
+ keyStorePassword);
+
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+ kmf.init(keyStore, keyStorePassword.toCharArray());
+ keyManager = kmf.getKeyManagers();
+ log.debug("SSL client certificate injected to client: " + clientType);
+
+ } catch (KeyStoreException | IOException | UnrecoverableKeyException e) {
+ log.error("Can NOT load SSL client certificate from path: " + keyStorePath);
+ throw new RuntimeException("Can NOT load SSL client certificate from path: " + keyStorePath, e);
+
+ }
+ }
+
+
+ //initialize SSL TrustStore
+ TrustManager[] trustManager = null;
+ String trustStorePath = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH);
+ String trustStorePassword = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD);
+ if (StringUtils.isNotEmpty(trustStorePath)) {
+ log.trace("Find trustStore path: " + trustStorePath + " Injecting SSL TrustStore ... ");
+ try {
+ KeyStore trustStore = KeyStoreUtils.loadKeyStore(
+ FileUtils.makeAbsoluteURL(trustStorePath, basicConfig.getConfigurationRootDirectory()),
+ trustStorePassword);
+
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
+ tmf.init(trustStore);
+ trustManager = tmf.getTrustManagers();
+ log.debug("SSL TrustStore injected to client: " + clientType);
+
+ } catch (KeyStoreException | IOException e) {
+ log.error("Can NOT open SSL TrustStore from path: " + trustStorePath);
+ throw new RuntimeException("Can NOT open SSL TrustStore from path: " + trustStorePath, e);
+
+ }
+
+ }
+
+
+ context.init(keyManager, trustManager, new SecureRandom());
+ return context;
+
+ } catch (NoSuchAlgorithmException | KeyManagementException e) {
+ log.error("SSLContext initialization FAILED.", e);
+ throw new RuntimeException("SSLContext initialization FAILED.", e);
+
+ }
+
+ }
+
+ private byte[] sourceToByteArray(Source result) throws TransformerException {
+ TransformerFactory factory = TransformerFactory.newInstance();
+ Transformer transformer = factory.newTransformer();
+ transformer.setOutputProperty("omit-xml-declaration", "yes");
+ transformer.setOutputProperty("method", "xml");
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ StreamResult streamResult = new StreamResult();
+ streamResult.setOutputStream(out);
+ transformer.transform(result, streamResult);
+ return out.toByteArray();
+ }
+
+
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/szr/SZRService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/szr/SZRService.java
new file mode 100644
index 00000000..8e4911b9
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/szr/SZRService.java
@@ -0,0 +1,139 @@
+package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.szr;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+import javax.xml.ws.WebEndpoint;
+import javax.xml.ws.WebServiceClient;
+import javax.xml.ws.WebServiceFeature;
+
+import szrservices.SZR;
+
+/**
+ * This class was generated by Apache CXF 3.1.16
+ * 2018-07-10T09:36:01.466+02:00
+ * Generated source version: 3.1.16
+ *
+ */
+@WebServiceClient(name = "SZRService",
+ wsdlLocation = "./src/main/resources/szr_client/SZR-1.WSDL",
+ targetNamespace = "urn:SZRServices")
+public class SZRService extends Service {
+
+ public final static URL WSDL_LOCATION;
+
+ public final static QName SERVICE = new QName("urn:SZRServices", "SZRService");
+ public final static QName SZRProduktionsumgebung = new QName("urn:SZRServices", "SZRProduktionsumgebung");
+ public final static QName SZRTestumgebung = new QName("urn:SZRServices", "SZRTestumgebung");
+ public final static QName SZRBusinesspartnerTestumgebung = new QName("urn:SZRServices", "SZRBusinesspartnerTestumgebung");
+ static {
+ URL url = SZRService.class.getResource("./src/main/resources/szr_client/SZR-1.WSDL");
+ if (url == null) {
+ url = SZRService.class.getClassLoader().getResource("/szr_client/SZR-1.WSDL");
+ }
+ if (url == null) {
+ java.util.logging.Logger.getLogger(SZRService.class.getName())
+ .log(java.util.logging.Level.INFO,
+ "Can not initialize the default wsdl from {0}", "/szr_client/SZR-1.WSDL");
+ }
+ WSDL_LOCATION = url;
+
+ }
+
+ public SZRService(URL wsdlLocation) {
+ super(wsdlLocation, SERVICE);
+ }
+
+ public SZRService(URL wsdlLocation, QName serviceName) {
+ super(wsdlLocation, serviceName);
+ }
+
+ public SZRService() {
+ super(WSDL_LOCATION, SERVICE);
+ }
+
+ public SZRService(WebServiceFeature ... features) {
+ super(WSDL_LOCATION, SERVICE, features);
+ }
+
+ public SZRService(URL wsdlLocation, WebServiceFeature ... features) {
+ super(wsdlLocation, SERVICE, features);
+ }
+
+ public SZRService(URL wsdlLocation, QName serviceName, WebServiceFeature ... features) {
+ super(wsdlLocation, serviceName, features);
+ }
+
+
+
+
+ /**
+ *
+ * @return
+ * returns SZR
+ */
+ @WebEndpoint(name = "SZRProduktionsumgebung")
+ public SZR getSZRProduktionsumgebung() {
+ return super.getPort(SZRProduktionsumgebung, SZR.class);
+ }
+
+ /**
+ *
+ * @param features
+ * A list of {@link javax.xml.ws.WebServiceFeature} to configure on the proxy. Supported features not in the <code>features</code> parameter will have their default values.
+ * @return
+ * returns SZR
+ */
+ @WebEndpoint(name = "SZRProduktionsumgebung")
+ public SZR getSZRProduktionsumgebung(WebServiceFeature... features) {
+ return super.getPort(SZRProduktionsumgebung, SZR.class, features);
+ }
+
+
+ /**
+ *
+ * @return
+ * returns SZR
+ */
+ @WebEndpoint(name = "SZRTestumgebung")
+ public SZR getSZRTestumgebung() {
+ return super.getPort(SZRTestumgebung, SZR.class);
+ }
+
+ /**
+ *
+ * @param features
+ * A list of {@link javax.xml.ws.WebServiceFeature} to configure on the proxy. Supported features not in the <code>features</code> parameter will have their default values.
+ * @return
+ * returns SZR
+ */
+ @WebEndpoint(name = "SZRTestumgebung")
+ public SZR getSZRTestumgebung(WebServiceFeature... features) {
+ return super.getPort(SZRTestumgebung, SZR.class, features);
+ }
+
+
+ /**
+ *
+ * @return
+ * returns SZR
+ */
+ @WebEndpoint(name = "SZRBusinesspartnerTestumgebung")
+ public SZR getSZRBusinesspartnerTestumgebung() {
+ return super.getPort(SZRBusinesspartnerTestumgebung, SZR.class);
+ }
+
+ /**
+ *
+ * @param features
+ * A list of {@link javax.xml.ws.WebServiceFeature} to configure on the proxy. Supported features not in the <code>features</code> parameter will have their default values.
+ * @return
+ * returns SZR
+ */
+ @WebEndpoint(name = "SZRBusinesspartnerTestumgebung")
+ public SZR getSZRBusinesspartnerTestumgebung(WebServiceFeature... features) {
+ return super.getPort(SZRBusinesspartnerTestumgebung, SZR.class, features);
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java
index dfd945c9..b31b6a21 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java
@@ -3,41 +3,80 @@
package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.tasks;
import java.io.InputStream;
+import java.math.BigInteger;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import org.springframework.util.Base64Utils;
+import org.w3._2000._09.xmldsig.KeyValueType;
+import org.w3._2000._09.xmldsig.RSAKeyValueType;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
-
-/**
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+
+import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType;
+import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.AttributeValue;
+import eu.eidas.auth.commons.light.ILightResponse;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+import szrservices.IdentityLinkType;
+import szrservices.PersonInfoType;
+import szrservices.TravelDocumentType;
+
+/**
* @author tlenz
- *
+ *
*/
@Component("CreateIdentityLinkTask")
public class CreateIdentityLinkTask extends AbstractAuthServletTask {
-
+ private static final Logger log = LoggerFactory.getLogger(CreateIdentityLinkTask.class);
+
+ //@Autowired private eIDASAttributeRegistry attrRegistry;
+ @Autowired private IConfiguration basicConfig;
+ @Autowired private SZRClient szrClient;
+
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
@@ -46,115 +85,293 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
try{
- defaultTaskInitialization(request, executionContext);
-
- //get eIDAS attributes from MOA-Session
- ImmutableAttributeMap eIDASAttributes = moasession.getGenericDataFromSession(
- AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST,
- ImmutableAttributeMap.class);
-
- IIdentityLink identityLink = null;
-
+ AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ ILightResponse eIDASResponse = authProcessData.getGenericDataFromSession(
+ Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
+ Map<String, Object> simpleAttrMap = converteIDASAttrToSimpleMap(eIDASResponse.getAttributes().getAttributeMap());
+
+ IIdentityLink identityLink = null;
+ String bPK = null;
+
+ //extract attributes
+ Object eIdentifierObj = simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
+ Object familyNameObj = simpleAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME);
+ Object givenNameObj = simpleAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME);
+ Object dateOfBirthObj = simpleAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH);
+
+ //check if availabe
+ if (eIdentifierObj == null || !(eIdentifierObj instanceof String))
+ throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
+
+ if (familyNameObj == null || !(familyNameObj instanceof String))
+ throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME);
+
+ if (givenNameObj == null || !(givenNameObj instanceof String))
+ throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME);
+
+ if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime))
+ throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH);
+
//connect SZR-Gateway
- //TODO: implement SZR-Gateway communication!!!!
- if(true) {
-
+ if(basicConfig.getBasicMOAIDConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) {
+ log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!");
// create fake IdL
// - fetch IdL template from resources
InputStream s = CreateIdentityLinkTask.class.getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml");
Element idlTemplate = DOMUtils.parseXmlValidating(s);
- identityLink = new IdentityLinkAssertionParser(idlTemplate).parseIdentityLink();
+ identityLink = new SimpleIdentityLinkAssertionParser(idlTemplate).parseIdentityLink();
// replace data
Element idlassertion = identityLink.getSamlAssertion();
// - set fake baseID;
- Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
-
-
- Object eIdentifier = eIDASAttributes.getFirstValue(
- SAMLEngineUtils.getMapOfAllAvailableAttributes().get(
- Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
- if (eIdentifier == null || !(eIdentifier instanceof String))
- throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
- prIdentification.getFirstChild().setNodeValue((String) eIdentifier);
+ Node prIdentification = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ prIdentification.getFirstChild().setNodeValue((String) eIdentifierObj);
//build personal identifier which looks like a baseID
// String fakeBaseID = new BPKBuilder().buildBPK(eIdentifier, "baseID");
// Logger.info("Map eIDAS eIdentifier:" + eIdentifier + " to fake baseID:" + fakeBaseID);
// prIdentification.getFirstChild().setNodeValue(fakeBaseID);
-
+
// - set last name
- Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
- Object familyName = eIDASAttributes.getFirstValue(
- SAMLEngineUtils.getMapOfAllAvailableAttributes().get(
- Constants.eIDAS_ATTR_CURRENTFAMILYNAME));
- if (familyName == null || !(familyName instanceof String))
- throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME);
- prFamilyName.getFirstChild().setNodeValue((String) familyName);
+ Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
+ prFamilyName.getFirstChild().setNodeValue((String) familyNameObj);
// - set first name
- Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
- Object givenName = eIDASAttributes.getFirstValue(
- SAMLEngineUtils.getMapOfAllAvailableAttributes().get(
- Constants.eIDAS_ATTR_CURRENTGIVENNAME));
- if (givenName == null || !(givenName instanceof String))
- throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME);
- prGivenName.getFirstChild().setNodeValue((String) givenName);
+ Node prGivenName = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
+ prGivenName.getFirstChild().setNodeValue((String) givenNameObj);
// - set date of birth
- Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
- Object dateOfBirth = eIDASAttributes.getFirstValue(
- SAMLEngineUtils.getMapOfAllAvailableAttributes().get(
- Constants.eIDAS_ATTR_DATEOFBIRTH));
- if (dateOfBirth == null || !(dateOfBirth instanceof DateTime))
- throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH);
-
- String formatedDateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirth).toDate());
+ Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
+ String formatedDateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirthObj).toDate());
prDateOfBirth.getFirstChild().setNodeValue(formatedDateOfBirth);
- identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink();
+ identityLink = new SimpleIdentityLinkAssertionParser(idlassertion).parseIdentityLink();
- //resign IDL
- IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
- Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), authConfig.getStorkFakeIdLResigningKey());
- identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
-
+ Pair<String, String> bPKCalc = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+ identityLink.getIdentificationValue(),
+ identityLink.getIdentificationType(),
+ pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+ bPK = bPKCalc.getFirst();
+
+
} else {
//contact SZR Gateway
- Logger.debug("Starting connecting SZR Gateway");
+ log.debug("Starting connecting SZR Gateway");
+ PersonInfoType personInfo = new PersonInfoType();
+ PersonNameType personName = new PersonNameType();
+ PhysicalPersonType naturalPerson = new PhysicalPersonType();
+ TravelDocumentType eDocument = new TravelDocumentType();
+
+ naturalPerson.setName(personName );
+ personInfo.setPerson(naturalPerson );
+ personInfo.setTravelDocument(eDocument );
+
+ //parse some eID attributes
+ String dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirthObj).toDate());
+ Trible<String, String, String> eIdentifier =
+ eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIdentifierObj);
+ String uniqueId = (String)eIdentifierObj;
+ String citizenCountry = eIdentifier.getFirst();
+
+ //person information
+ personName.setFamilyName((String)familyNameObj);
+ personName.setGivenName((String)givenNameObj);
+ naturalPerson.setDateOfBirth(dateOfBirth);
+ eDocument.setIssuingCountry(citizenCountry);
+ eDocument.setDocumentNumber(uniqueId);
+
+ //eID document information
+ eDocument.setDocumentType(basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE,
+ Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE));
+
+ //TODO: that should be removed
+ eDocument.setIssueDate(basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE,
+ Constants.SZR_CONSTANTS_DEFAULT_ISSUING_DATE));
+ eDocument.setIssuingAuthority(basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY,
+ Constants.SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY));
+
+ //TODO: keys are not available in eIDAS
+ List<KeyValueType> keyValue = dummyCodeForKeys();
+
+ /*TODO:
+ * Validate if IDL signature is valid after using this method
+ * MAYBE we had to switch to 'getIdentityLinkInRawMode' method!
+ */
+ IdentityLinkType result = szrClient.getIdentityLink(
+ personInfo,
+ keyValue,
+ basicConfig.getBasicMOAIDConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_INSERTERNB,
+ true)
+ );
+
+ Element idlFromSZR = (Element)result.getAssertion();
+ identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink();
+
+
+ //get bPK from SZR
+ bPK = szrClient.getBPK(
+ personInfo,
+ pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
+ basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
+ "no VKZ defined"));
+
+ }
+
+ if (identityLink == null) {
+ log.error("ERnB did not return an identity link.");
+ throw new SZRCommunicationException("ernb.00", null);
+
+ }
- //TODO:!!!!!!
+ if (bPK == null) {
+ log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+ throw new SZRCommunicationException("ernb.01", null);
}
- Logger.debug("SZR communication was successfull");
+ log.debug("ERnB communication was successfull");
+
+ revisionsLogger.logEvent(pendingReq, -1);
+ authProcessData.setForeigner(true);
+ authProcessData.setIdentityLink(identityLink);
+ authProcessData.setGenericDataToSession(
+ PVPAttributeDefinitions.EID_ISSUING_NATION_NAME,
+ eIDASResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst());
+
+ //set bPK and bPKType into auth session
+ authProcessData.setGenericDataToSession(
+ PVPAttributeDefinitions.BPK_NAME,
+ extendBPKbyPrefix(
+ bPK,
+ pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())
+ );
+ authProcessData.setGenericDataToSession(
+ PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
- if (identityLink == null) {
- Logger.error("SZR Gateway did not return an identity link.");
- throw new MOAIDException("stork.10", null);
- }
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED);
- moasession.setForeigner(true);
- moasession.setIdentityLink(identityLink);
- moasession.setBkuURL("Not applicable (eIDASAuthentication)");
- //store MOA-session to database
+ //store pending-request
requestStoreage.storePendingRequest(pendingReq);
-
+
} catch (eIDASAttributeException e) {
throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
- } catch (MOAIDException | MOADatabaseException e) {
+ } catch (EAAFException e) {
throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
} catch (Exception e) {
- Logger.error("IdentityLink generation for foreign person FAILED.", e);
+ log.error("IdentityLink generation for foreign person FAILED.", e);
throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
}
}
+ private List<KeyValueType> dummyCodeForKeys() {
+ if (basicConfig.getBasicMOAIDConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY,
+ false)) {
+ List<KeyValueType> keyvalueList = new ArrayList<KeyValueType>();
+ try {
+ PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Constants.SZR_CONSTANTS_DEFAULT_PUBL_KEY);
+ KeyFactory kf = KeyFactory.getInstance("RSA");
+
+ PublicKey pb = kf.generatePublic(spec);
+
+ RSAPublicKey rsapb = (RSAPublicKey)pb;
+ BigInteger modulus = rsapb.getModulus();
+ BigInteger exponent = rsapb.getPublicExponent();
+
+ // set key values
+ RSAKeyValueType rsa = new RSAKeyValueType();
+ rsa.setExponent(new String(Base64Utils.encode(exponent.toByteArray())));
+ rsa.setModulus(new String(Base64Utils.encode(modulus.toByteArray())));
+
+ KeyValueType key = new KeyValueType();
+ key.setRSAKeyValue(rsa);
+
+ keyvalueList.add(key);
+
+ return keyvalueList;
+ } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
+ log.error("TestCode has an internal ERROR", e);
+
+ }
+
+ }
+
+ return null;
+
+ }
+
+ private String extendBPKbyPrefix(String bpk, String type) {
+ String bPKType = null;
+
+ if (type.startsWith(EAAFConstants.URN_PREFIX_WBPK))
+ bPKType = type.substring((EAAFConstants.URN_PREFIX_WBPK).length());
+
+ else if (type.startsWith(EAAFConstants.URN_PREFIX_CDID))
+ bPKType = type.substring((EAAFConstants.URN_PREFIX_CDID).length());
+
+ else if (type.startsWith(EAAFConstants.URN_PREFIX_EIDAS))
+ bPKType = type.substring((EAAFConstants.URN_PREFIX_EIDAS).length());
+
+
+ if (bPKType != null ) {
+ log.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + bPKType);
+ return bPKType + ":" + bpk;
+
+ } else {
+ log.warn("Service Provider Target with: " + type + " is NOT supported. Set bPK as it is ...");
+ return bpk;
+
+ }
+
+ }
+
+ //TODO: update for complexe attributes
+ private Map<String, Object> converteIDASAttrToSimpleMap(
+ ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap) {
+ Map<String, Object> result = new HashMap<String, Object>();
+
+ for (AttributeDefinition<?> el : attributeMap.keySet()) {
+
+ final Class parameterizedType = el.getParameterizedType();
+ if ((DateTime.class).equals(parameterizedType)) {
+ DateTime attribute = eIDASResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList());
+ if (attribute != null)
+ result.put(el.getFriendlyName(), attribute);
+ else
+ log.info("Ignore empty 'DateTime' attribute");
+
+ } else if ((PostalAddress.class).equals(parameterizedType)) {
+ PostalAddress addressAttribute = eIDASResponseUtils.translateAddressAttribute(el, attributeMap.get(el).asList());
+ if (addressAttribute != null)
+ result.put(el.getFriendlyName(), addressAttribute);
+ else
+ log.info("Ignore empty 'PostalAddress' attribute");
+
+ } else {
+ List<String> natPersonIdObj = eIDASResponseUtils.translateStringListAttribute(el, attributeMap.get(el).asList());
+ String stringAttr = natPersonIdObj.get(0);
+ if (StringUtils.isNotEmpty(stringAttr))
+ result.put(el.getFriendlyName(), stringAttr);
+ else
+ log.info("Ignore empty 'String' attribute");
+
+ }
+ }
+
+ return result;
+ }
+
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
index 358b681e..da554249 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
@@ -2,66 +2,64 @@
*******************************************************************************/
package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.tasks;
-import java.io.StringWriter;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
+import java.util.Map;
import java.util.UUID;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang3.BooleanUtils;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Component;
-import org.springframework.util.StringUtils;
+import org.springframework.web.util.UriComponentsBuilder;
-import com.google.common.net.MediaType;
+import com.google.common.collect.ImmutableSortedSet;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eidas.specific.connector.gui.StaticGuiBuilderConfiguration;
import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
-import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-import eu.eidas.auth.commons.EidasStringUtil;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry;
+import eu.eidas.auth.commons.EidasParameterKeys;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
-import eu.eidas.auth.commons.attribute.AttributeDefinition.Builder;
-import eu.eidas.auth.commons.light.impl.LightRequest;
import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
-import eu.eidas.auth.commons.protocol.IRequestMessage;
-import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance;
-import eu.eidas.auth.commons.protocol.eidas.LevelOfAssuranceComparison;
+import eu.eidas.auth.commons.light.ILightRequest;
+import eu.eidas.auth.commons.light.impl.LightRequest;
import eu.eidas.auth.commons.protocol.eidas.SpType;
-import eu.eidas.auth.commons.protocol.eidas.impl.EidasAuthenticationRequest;
+import eu.eidas.auth.commons.tx.BinaryLightToken;
+import eu.eidas.specificcommunication.BinaryLightTokenHelper;
+import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
+import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
+import eu.eidas.specificcommunication.protocol.impl.SpecificConnectorCommunicationServiceImpl;
/**
* @author tlenz
*
- */
-@Component("GenerateAuthnRequestTask")
+ */
+@Component("ConnecteIDASNodeTask")
public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
- */
+ private static final Logger log = LoggerFactory.getLogger(GenerateAuthnRequestTask.class);
+
+ @Autowired IConfiguration basicConfig;
+ @Autowired eIDASAttributeRegistry attrRegistry;
+ @Autowired ApplicationContext context;
+ @Autowired ITransactionStorage transactionStore;
+ @Autowired IGUIFormBuilder guiBuilder;
+
@Override
public void execute(ExecutionContext executionContext,
HttpServletRequest request, HttpServletResponse response)
@@ -69,245 +67,196 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
try{
//get service-provider configuration
- IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
+ ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
// get target and validate citizen countryCode
- String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
+ String citizenCountryCode = (String) executionContext.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY);
if (StringUtils.isEmpty(citizenCountryCode)) {
// illegal state; task should not have been executed without a selected country
- throw new AuthenticationException("eIDAS.03", new Object[] { "" });
+ throw new eIDASAuthenticationException("eidas.03", new Object[] { "" });
}
- CPEPS cpeps = authConfig.getStorkConfig().getCPEPSWithFullName(citizenCountryCode);
- if(null == cpeps) {
- Logger.error("PEPS unknown for country: " + citizenCountryCode);
- throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode});
- }
- Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode);
-
- //TODO: load authnReq End-Point URL from configuration
- SingleSignOnService authnReqEndpoint = null;
+ //TODO: maybe add countryCode validation before request ref. impl. eIDAS node
+ log.debug("Request eIDAS auth. for citizen of country: " + citizenCountryCode);
-
+
//TODO: switch to entityID and set new status codes
-// revisionsLogger.logEvent(oaConfig, pendingReq,
-// MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED,
-// metadataUrl);
+ //revisionsLogger.logEvent(oaConfig, pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, metadataUrl);
- // assemble requested attributes
- Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes();
-
- // - prepare attribute list
-
- // - fill container
- List<AttributeDefinition<?>> reqAttrList = new ArrayList<AttributeDefinition<?>>();
- //TODO: update requested attribute builder
-// for (StorkAttribute current : attributesFromConfig) {
-// AttributeDefinition<?> newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(current.getName());
-//
-// if (newAttribute == null) {
-// Logger.warn("eIDAS attribute with friendlyName:" + current.getName() + " is not supported.");
-//
-// } else {
-// boolean globallyMandatory = false;
-// for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes())
-// if (current.getName().equals(currentGlobalAttribute.getName())) {
-// globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory());
-// break;
-// }
-//
-// Builder<?> attrBuilder = AttributeDefinition.builder(newAttribute).required(current.getMandatory() || globallyMandatory);
-// reqAttrList.add(attrBuilder.build());
-//
-// }
-// }
-
- //request
-// if (reqAttrList.isEmpty()) {
-// Logger.info("No attributes requested by OA:" + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()
-// + " --> Request attr:" + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + " by default");
-// AttributeDefinition<?> newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
-// Builder<?> attrBuilder = AttributeDefinition.builder(newAttribute).required(true);
-// reqAttrList.add(attrBuilder.build());
-//
-// }
-
- //build requested attribute set
- ImmutableAttributeMap reqAttrMap = new ImmutableAttributeMap.Builder().putAll(reqAttrList).build();
//build eIDAS AuthnRequest
- LightRequest.Builder authnRequestBuilder = LightRequest.builder();
-
+ LightRequest.Builder authnRequestBuilder = LightRequest.builder();
authnRequestBuilder.id(UUID.randomUUID().toString());
- authnRequestBuilder.providerName(pendingReq.getAuthURL());
- String issur = pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
- authnRequestBuilder.issuer(issur);
- //TODO:
- //authnRequestBuilder.destination(authnReqEndpoint.getLocation());
-
- authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);
+ String issur = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_ENTITYID);
+ if (StringUtils.isEmpty(issur)) {
+ log.error("Found NO 'eIDAS node issuer' in configuration. Authentication NOT possible!");
+ throw new EAAFConfigurationException("Found NO 'eIDAS node issuer' in configuration. Authentication NOT possible!");
+
+ }
+ authnRequestBuilder.issuer(issur);
- //set minimum required eIDAS LoA from OA config
- String LoA = oaConfig.getQaaLevel();
- //TODO:
-// if (MiscUtil.isNotEmpty(LoA))
-// authnRequestBuilder.levelOfAssurance(LevelOfAssurance.fromString(oaConfig.getQaaLevel()));
-// else
- authnRequestBuilder.levelOfAssurance(LevelOfAssurance.HIGH.getValue());
- //TODO: check if required
- //authnRequestBuilder.levelOfAssuranceComparison(LevelOfAssuranceComparison.MINIMUM);
+ //TODO: set matching mode if eIDAS ref. impl. support this method
+
+ //TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA schemes
+ String loa = EAAFConstants.EIDAS_LOA_HIGH;
+ if (spConfig.getRequiredLoA() != null) {
+ if (spConfig.getRequiredLoA().isEmpty())
+ log.info("No eIDAS LoA requested. Use LoA HIGH as default");
+
+ else {
+ if (spConfig.getRequiredLoA().size() > 1 )
+ log.info("Currently only ONE requested LoA is supported for service provider. Use first one ... ");
+
+ loa = spConfig.getRequiredLoA().get(0);
+
+ }
+ }
+
+ log.debug("Request eIdAS node with LoA: " + loa);
+ authnRequestBuilder.levelOfAssurance(loa);
- //set correct SPType for this online application
- if (oaConfig.hasBaseIdTransferRestriction())
- authnRequestBuilder.spType(SpType.PRIVATE.getValue());
- else
+ //set correct SPType for requested target sector
+ String publicSectorTargetSelector = basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS,
+ Constants.POLICY_DEFAULT_ALLOWED_TARGETS);
+ Pattern p = Pattern.compile(publicSectorTargetSelector);
+ Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier());
+ if (m.matches()) {
+ log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'");
authnRequestBuilder.spType(SpType.PUBLIC.getValue());
+
+ //TODO: only for eIDAS ref. node 2.0 because it need 'Providername' for any SPType
+ String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
+ if (StringUtils.isNotEmpty(providerName)
+ && basicConfig.getBasicMOAIDConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME,
+ false)
+ )
+ authnRequestBuilder.providerName(providerName);
+
+ } else {
+ log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'");
+ authnRequestBuilder.spType(SpType.PRIVATE.getValue());
+ //TODO: switch to RequesterId in further version
+ //set provider name for private sector applications
+ String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
+ if (StringUtils.isNotEmpty(providerName))
+ authnRequestBuilder.providerName(providerName);
- //TODO
- //set service provider (eIDAS node) countryCode
-// authnRequestBuilder.serviceProviderCountryCode(
-// authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"));
-
- //set citizen country code for foreign uses
- authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode());
-
- //add requested attributes
- authnRequestBuilder.requestedAttributes(reqAttrMap);
-
+ }
- LightRequest lightAuthnReq = authnRequestBuilder.build();
+ //set nameIDFormat
+ authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);
+ //set citizen country code for foreign uses
+ authnRequestBuilder.citizenCountryCode(citizenCountryCode);
+ //set relay state
+ authnRequestBuilder.relayState(pendingReq.getPendingRequestId());
- //IRequestMessage authnRequest = engine.generateRequestMessage(authnRequestBuilder.build(), issur);
+ //build and add requested attribute set
+ ImmutableAttributeMap reqAttrMap = translateToEidasAttributes(attrRegistry.getAttributeSetFromConfiguration());
+ authnRequestBuilder.requestedAttributes(reqAttrMap);
- //encode AuthnRequest
-// byte[] token = authnRequest.getMessageBytes();
-// String SAMLRequest = EidasStringUtil.encodeToBase64(token);
+ //build request
+ LightRequest lightAuthnReq = authnRequestBuilder.build();
+ //put request into cache
+ BinaryLightToken token = putRequestInCommunicationCache(lightAuthnReq);
+ final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token);
+
+ //Workaround, because eIDAS node ref. impl. does not return relayState
+ if (basicConfig.getBasicMOAIDConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER,
+ false)) {
+ log.trace("Put lightRequestId into transactionstore as session-handling backup");
+ transactionStore.put(lightAuthnReq.getId(), pendingReq.getPendingRequestId(), -1);
+
+ }
-// if (SAMLConstants.SAML2_POST_BINDING_URI.equals(authnReqEndpoint.getBinding()))
-// buildPostBindingRequest(pendingReq, authnReqEndpoint, SAMLRequest, authnRequest, response);
-//
-// //TODO: redirect Binding is not completely implemented
-// //else if (SAMLConstants.SAML2_REDIRECT_BINDING_URI.equals(authnReqEndpoint.getBinding()))
-// //buildRedirecttBindingRequest(pendingReq, authnReqEndpoint, token, authnRequest, response);
-//
-// else {
-// Logger.error("eIDAS-node use an unsupported binding ("
-// + authnReqEndpoint.getBinding() + "). Request eIDAS node not possible.");
-// throw new MOAIDException("eIDAS.02", new Object[]{"eIDAS-node use an unsupported binding"});
-//
-// }
+ if (basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD,
+ Constants.FORWARD_METHOD_GET
+ ).equals(Constants.FORWARD_METHOD_GET)) {
+
+ log.debug("Use http-redirect for eIDAS node forwarding ... ");
+ //send redirect
+ UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL));
+ redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64);
+ response.sendRedirect(redirectUrl.build().encode().toString());
+
+ } else {
+ log.debug("Use http-post for eIDAS node forwarding ... ");
+ StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration(
+ basicConfig,
+ pendingReq,
+ Constants.TEMPLATE_POST_FORWARD_NAME,
+ null);
+
+ config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT,
+ basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL));
+ config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME,
+ EidasParameterKeys.TOKEN.toString());
+ config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE,
+ tokenBase64);
+
+ guiBuilder.build(response, config, "BKU-Selection form");
+
+ }
-
-
-// }catch (EIDASSAMLEngineException e){
-// throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.",
-// new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e));
- } catch (MOAIDException e) {
+
+ } catch (eIDASAuthenticationException e) {
throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e);
} catch (Exception e) {
- Logger.error("eIDAS AuthnRequest generation FAILED.", e);
+ log.warn("eIDAS AuthnRequest generation FAILED.", e);
throw new TaskExecutionException(pendingReq, e.getMessage(), e);
}
+
}
+
+ private ImmutableAttributeMap translateToEidasAttributes(final Map<String, Boolean> requiredAttributes) {
+ ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder();
+ for (Map.Entry<String,Boolean> attribute : requiredAttributes.entrySet()) {
+ final String name = attribute.getKey();
+ final ImmutableSortedSet<AttributeDefinition<?>> byFriendlyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(name);
+ if (!byFriendlyName.isEmpty()) {
+ final AttributeDefinition<?> attributeDefinition = byFriendlyName.first();
+ builder.put(AttributeDefinition.builder(attributeDefinition).required(attribute.getValue()).build());
+
+ } else
+ log.warn("Can NOT request UNKNOWN attribute: " + attribute.getKey() + " Ignore it!");
+
+ }
+
+ return builder.build();
+
+ }
- /**
- * Encode the eIDAS request with POST binding
- *
- * @param pendingReq
- * @param authnReqEndpoint
- * @param SAMLRequest
- * @param authnRequest
- * @param response
- * @throws MOAIDException
- */
- private void buildPostBindingRequest(IRequest pendingReq, SingleSignOnService authnReqEndpoint,
- String SAMLRequest, IRequestMessage authnRequest, HttpServletResponse response)
- throws MOAIDException {
- //send
+ private BinaryLightToken putRequestInCommunicationCache(ILightRequest iLightRequest) throws ServletException {
+ final BinaryLightToken binaryLightToken;
try {
- VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
- Template template = velocityEngine.getTemplate("/resources/templates/eidas_postbinding_template.vm");
- VelocityContext context = new VelocityContext();
-
- String actionType = "SAMLRequest";
- context.put(actionType, SAMLRequest);
- context.put("RelayState", pendingReq.getRequestID());
- context.put("action", authnReqEndpoint.getLocation());
-
- Logger.debug("Using SingleSignOnService url as action: " + authnReqEndpoint.getLocation());
- Logger.debug("Encoded " + actionType + " original: " + SAMLRequest);
+ final SpecificConnectorCommunicationServiceImpl springManagedSpecificConnectorCommunicationService =
+ (SpecificConnectorCommunicationServiceImpl) context.getBean(SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString());
- Logger.trace("Starting template merge");
- StringWriter writer = new StringWriter();
-
- Logger.trace("Doing template merge");
- template.merge(context, writer);
-
- Logger.trace("Template merge done");
- Logger.trace("Sending html content: " + writer.getBuffer().toString());
+ binaryLightToken = springManagedSpecificConnectorCommunicationService.putRequest(iLightRequest);
-
- byte[] content = writer.getBuffer().toString().getBytes("UTF-8");
- response.setContentType(MediaType.HTML_UTF_8.toString());
- response.setContentLength(content.length);
- response.getOutputStream().write(content);
-
- revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
- MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
- authnRequest.getRequest().getId());
-
- } catch (Exception e) {
- Logger.error("Velocity general error: " + e.getMessage());
- throw new MOAIDException("eIDAS.02", new Object[]{e.getMessage()}, e);
+ } catch (SpecificCommunicationException e) {
+ log.error("Unable to process specific request");
+ throw new ServletException(e);
}
-
- }
-
- /**
- * Select a SingleSignOnService endPoint from eIDAS node metadata.
- * This endPoint receives the Authn. request
- *
- * @param idpEntity
- * @return
- */
- private SingleSignOnService selectSingleSignOnServiceFromMetadata(EntityDescriptor idpEntity) {
- //select SingleSignOn Service endpoint from IDP metadata
- SingleSignOnService endpoint = null;
- if (idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) == null) {
- return null;
-
- }
-
- for (SingleSignOnService sss :
- idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
-
- // use POST binding as default if it exists
- if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI))
- endpoint = sss;
-
- //TODO: redirect Binding is not completely implemented
- // use Redirect binding as backup
-// else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)
-// && endpoint == null )
-// endpoint = sss;
-
- }
-
- return endpoint;
- }
-
+
+ return binaryLightToken;
+ }
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java
index 055c402f..f0b37ede 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java
@@ -5,84 +5,78 @@ package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.tasks;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.opensaml.saml2.core.StatusCode;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Component;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
-import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASResponseNotSuccessException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.protocols.eidas.validator.eIDASResponseValidator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-import eu.eidas.auth.commons.EidasStringUtil;
-import eu.eidas.auth.commons.protocol.IAuthenticationResponse;
-import eu.eidas.auth.engine.ProtocolEngineI;
-import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.validator.eIDASResponseValidator;
+import eu.eidas.auth.commons.light.ILightResponse;
-@Component("ReceiveAuthnResponseTask")
+@Component("ReceiveResponseFromeIDASNodeTask")
public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
-
- @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
+ private static final Logger log = LoggerFactory.getLogger(ReceiveAuthnResponseTask.class);
- @Override
+ @Autowired private ApplicationContext context;
+ @Autowired private IConfiguration basicConfig;
+ @Autowired private eIDASAttributeRegistry attrRegistry;
+
+ @Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
-
- try{
- //get SAML Response
- String base64SamlToken = request.getParameter("SAMLResponse");
- if (MiscUtil.isEmpty(base64SamlToken)) {
- Logger.warn("No eIDAS SAMLReponse found in http request.");
- throw new MOAIDException("HTTP request includes no eIDAS SAML-Response element.", null);
+ try{
+
+// //get token from Request
+// final String tokenBase64 = request.getParameter(EidasParameterKeys.TOKEN.toString());
+// if (StringUtils.isEmpty(tokenBase64)) {
+// log.warn("NO eIDAS message token found.");
+// throw new eIDASAuthenticationException("TODO", null,
+// "NO eIDAS message token found.");
+//
+// }
+//
+// //get eIDAS response from cache
+// final SpecificConnectorCommunicationServiceImpl specificConnectorCommunicationService =
+// (SpecificConnectorCommunicationServiceImpl) context.getBean(SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString());
+// ILightResponse eIDASResponse = specificConnectorCommunicationService.getAndRemoveResponse(tokenBase64,
+// ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes()));
+
+ ILightResponse eIDASResponse = (ILightResponse) request.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE);
+ if (eIDASResponse == null) {
+ log.warn("NO eIDAS response-message found.");
+ throw new eIDASAuthenticationException("eidas.01", null);
}
- //get MOASession
- defaultTaskInitialization(request, executionContext);
+ log.debug("Receive eIDAS response with RespId:" + eIDASResponse.getId() + " for ReqId:" + eIDASResponse.getInResponseToId());
- //decode SAML response
- byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken);
-
- //get eIDAS SAML-engine
- ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
-
- //validate SAML token
- IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken,
- request.getRemoteHost(),
- Constants.CONFIG_PROPS_SKEWTIME_BEFORE,
- Constants.CONFIG_PROPS_SKEWTIME_AFTER,
- pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
-
- if (samlResp.isEncrypted()) {
- Logger.info("Received encrypted eIDAS SAML-Response.");
- //TODO: check if additional decryption operation is required
-
- }
-
-
- //check response StatusCode
- if (!samlResp.getStatusCode().equals(StatusCode.SUCCESS_URI)) {
- Logger.info("Receice eIDAS Response with StatusCode:" + samlResp.getStatusCode()
- + " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getStatusMessage());
- throw new EIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getStatusMessage()});
+
+ //check response StatusCode
+ if (!eIDASResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) {
+ log.info("Receice eIDAS Response with StatusCode:" + eIDASResponse.getStatus().getStatusCode()
+ + " Subcode:" + eIDASResponse.getStatus().getSubStatusCode() + " Msg:" + eIDASResponse.getStatus().getStatusMessage());
+ throw new eIDASAuthenticationException("eidas.02", new Object[]{eIDASResponse.getStatus().getStatusCode(), eIDASResponse.getStatus().getStatusMessage()});
}
+ // extract all Attributes from response
+
+
+
// **********************************************************
- // ******* MOA-ID specific response validation **********
+ // ******* MS-specificresponse validation **********
// **********************************************************
- String spCountry = authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT");
- eIDASResponseValidator.validateResponse(pendingReq, samlResp, spCountry);
+ String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT");
+ eIDASResponseValidator.validateResponse(pendingReq, eIDASResponse, spCountry, attrRegistry);
// **********************************************************
@@ -90,51 +84,24 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
// **********************************************************
//update MOA-Session data with received information
- Logger.debug("Store eIDAS response information into MOA-session.");
-
- moasession.setQAALevel(samlResp.getLevelOfAssurance());
-
- moasession.setGenericDataToSession(
- AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST,
- samlResp.getAttributes());
-
- moasession.setGenericDataToSession(
- AuthenticationSessionStorageConstants.eIDAS_RESPONSE,
- decSamlToken);
+ log.debug("Store eIDAS response information into pending-request.");
+ AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ authProcessData.setQAALevel(eIDASResponse.getLevelOfAssurance());
+ authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eIDASResponse);
- //set issuer nation as PVP attribute into MOASession
- moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry());
-
//store MOA-session to database
requestStoreage.storePendingRequest(pendingReq);
- revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
- MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
- samlResp.getId());
+ revisionsLogger.logEvent(pendingReq, -1, eIDASResponse.getId());
- } catch (MOAIDException e) {
+ } catch (EAAFException e) {
throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
-
- }catch (EIDASSAMLEngineException e) {
- Logger.warn("eIDAS Response validation FAILED.", e);
- Logger.debug("eIDAS response was: " + request.getParameter("SAMLResponse"));
- revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
- MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
- throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.",
- new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e));
- } catch (MOADatabaseException e) {
- revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
- MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
- throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.",
- new MOAIDException("init.04", new Object[]{""}, e));
-
} catch (Exception e) {
- Logger.warn("eIDAS Response processing FAILED.", e);
- revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
- MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
+ log.warn("eIDAS Response processing FAILED.", e);
+ revisionsLogger.logEvent(pendingReq, -1);
throw new TaskExecutionException(pendingReq, e.getMessage(),
- new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e));
+ new eIDASAuthenticationException("eidas.05", new Object[]{e.getMessage()}, e));
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/utils/LoggingHandler.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/utils/LoggingHandler.java
new file mode 100644
index 00000000..c58d369b
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/utils/LoggingHandler.java
@@ -0,0 +1,52 @@
+package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.utils;
+
+import java.io.ByteArrayOutputStream;
+import java.util.Set;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPMessage;
+import javax.xml.ws.handler.MessageContext;
+import javax.xml.ws.handler.soap.SOAPHandler;
+import javax.xml.ws.handler.soap.SOAPMessageContext;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class LoggingHandler implements SOAPHandler<SOAPMessageContext> {
+
+ Logger log = LoggerFactory.getLogger(LoggingHandler.class);
+
+ public boolean handleMessage(SOAPMessageContext context) {
+ SOAPMessage msg = context.getMessage();
+ boolean request = ((Boolean) context
+ .get(SOAPMessageContext.MESSAGE_OUTBOUND_PROPERTY)).booleanValue();
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+
+ try {
+ if (request) {
+ msg.writeTo(bos);
+ } else { // This is the response message
+ msg.writeTo(bos);
+ }
+
+ log.trace(bos.toString());
+ log.trace(new String(bos.toByteArray()));
+
+ } catch (Exception e) {
+ log.trace(e.getMessage(), e);
+ }
+ return true;
+ }
+
+ public boolean handleFault(SOAPMessageContext context) {
+ return handleMessage(context);
+ }
+
+ public void close(MessageContext context) {
+ }
+
+ public Set<QName> getHeaders() {
+ return null;
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/utils/eIDASResponseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/utils/eIDASResponseUtils.java
new file mode 100644
index 00000000..165c35cb
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/utils/eIDASResponseUtils.java
@@ -0,0 +1,98 @@
+package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.utils;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.joda.time.DateTime;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.collect.ImmutableList;
+
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.AttributeValue;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshaller;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+
+public class eIDASResponseUtils {
+ private static final Logger log = LoggerFactory.getLogger(eIDASResponseUtils.class);
+
+ public static final String PERSONALIDENIFIER_VALIDATION_PATTERN = "^[A-Z,a-z]{2}/[A-Z,a-z]{2}/.*";
+
+ /**
+ * Validate a eIDAS PersonalIdentifier attribute value
+ * This validation is done according to eIDAS SAML Attribute Profile - Section 2.2.3 Unique Identifier
+ *
+ * @param uniqueID eIDAS attribute value of a unique identifier
+ * @return true if the uniqueID matches to eIDAS to Unique Identifier specification, otherwise false
+ */
+ public static boolean validateEidasPersonalIdentifier(String uniqueID) {
+ Pattern pattern = Pattern.compile(PERSONALIDENIFIER_VALIDATION_PATTERN );
+ Matcher matcher = pattern.matcher(uniqueID);
+ return matcher.matches();
+
+ }
+
+
+ /**
+ * Parse an eIDAS PersonalIdentifier attribute value into it components.
+ * This processing is done according to eIDAS SAML Attribute Profile - Section 2.2.3 Unique Identifier
+ *
+ * @param uniqueID eIDAS attribute value of a unique identifier
+ * @return {@link Trible} that contains:
+ * <br> First : citizen country
+ * <br> Second: destination country
+ * <br> Third : unique identifier
+ * <br> or null if the attribute value has a wrong format
+ */
+ public static Trible<String, String, String> parseEidasPersonalIdentifier(String uniqueID) {
+ if (!validateEidasPersonalIdentifier(uniqueID)) {
+ log.error("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER
+ + " looks wrong formated. Value:" + ((String)uniqueID));
+ return null;
+
+ }
+ return Trible.newInstance(uniqueID.substring(0, 2), uniqueID.substring(3, 5), uniqueID.substring(6));
+
+ }
+
+ public static List<String> translateStringListAttribute(AttributeDefinition<?> attributeDefinition, ImmutableList<? extends AttributeValue<?>> attributeValues) {
+ final List<String> stringListAttribute = new ArrayList<String>();
+ AttributeValueMarshaller<?> attributeValueMarshaller = attributeDefinition.getAttributeValueMarshaller();
+ for (AttributeValue<?> attributeValue : attributeValues) {
+ String valueString = null;
+ try {
+ valueString = attributeValueMarshaller.marshal((AttributeValue) attributeValue);
+ stringListAttribute.add(valueString);
+ } catch (AttributeValueMarshallingException e) {
+ throw new IllegalStateException(e);
+
+ }
+ }
+
+ return stringListAttribute;
+
+ }
+
+ public static DateTime translateDateAttribute(AttributeDefinition<?> attributeDefinition, ImmutableList<? extends AttributeValue<?>> attributeValues) {
+ if (attributeValues.size() != 0) {
+ final AttributeValue<?> firstAttributeValue = attributeValues.get(0);
+ return (DateTime) firstAttributeValue.getValue();
+
+ }
+
+ return null;
+ }
+
+ public static PostalAddress translateAddressAttribute(AttributeDefinition<?> attributeDefinition, ImmutableList<? extends AttributeValue<?>> attributeValues) {
+ final AttributeValue<?> firstAttributeValue = attributeValues.get(0);
+ return (PostalAddress) firstAttributeValue.getValue();
+
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java
new file mode 100644
index 00000000..3791d0d7
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java
@@ -0,0 +1,135 @@
+package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.validator;
+
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.collect.ImmutableList;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASValidationException;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.AttributeValue;
+import eu.eidas.auth.commons.light.ILightResponse;
+import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASResponseValidator {
+ private static final Logger log = LoggerFactory.getLogger(eIDASResponseValidator.class);
+
+ public static void validateResponse(IRequest pendingReq, ILightResponse eIDASResponse, String spCountry, eIDASAttributeRegistry attrRegistry) throws eIDASValidationException {
+
+ /*-----------------------------------------------------|
+ * validate received LoA against minimum required LoA |
+ *_____________________________________________________|
+ */
+ LevelOfAssurance respLoA = LevelOfAssurance.fromString(eIDASResponse.getLevelOfAssurance());
+ List<String> allowedLoAs = pendingReq.getServiceProviderConfiguration().getRequiredLoA();
+ boolean loaValid = false;
+ for (String allowedLoaString : allowedLoAs) {
+ LevelOfAssurance allowedLoa = LevelOfAssurance.fromString(allowedLoaString);
+ if (respLoA.numericValue() >= allowedLoa.numericValue()) {
+ log.debug("Response contains valid LoA. Resume process ... ");
+ loaValid = true;
+ break;
+
+ } else
+ log.trace("Allowed LoA: " + allowedLoaString + " DOES NOT match response LoA: " + eIDASResponse.getLevelOfAssurance());
+
+ }
+
+ if (!loaValid) {
+ log.error("eIDAS Response LevelOfAssurance is lower than the required! "
+ + "(Resp-LoA:" + respLoA.getValue() + " Req-LoA:" + allowedLoAs.toArray() + ")");
+ throw new eIDASValidationException("eidas.06", new Object[]{respLoA.getValue()});
+
+ }
+
+
+
+ /*-----------------------------------------------------|
+ * validate 'PersonalIdentifier' attribute |
+ *_____________________________________________________|
+ */
+ AttributeDefinition<?> attrDefinition = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+ final ImmutableList<? extends AttributeValue<?>> attributeValues = eIDASResponse.getAttributes().getAttributeMap().get(attrDefinition).asList();
+ List<String> personalIdObj = eIDASResponseUtils.translateStringListAttribute(attrDefinition, attributeValues);
+
+ //check if attribute exists
+ if (personalIdObj == null || personalIdObj.isEmpty()) {
+ log.warn("eIDAS Response include NO 'PersonalIdentifier' attriubte "
+ + ".... That can be a BIG problem in further processing steps");
+ throw new eIDASValidationException("eidas.05", new Object[] {"NO 'PersonalIdentifier' attriubte"});
+
+ } else if (personalIdObj.size() > 1) {
+ log.warn("eIDAS Response include MORE THAN ONE 'PersonalIdentifier' attriubtes "
+ + ".... That can be a BIG problem in further processing steps");
+ throw new eIDASValidationException("eidas.05", new Object[] {"MORE THAN ONE 'PersonalIdentifier' attriubtes"});
+
+ } else {
+ String natPersId = personalIdObj.get(0);
+ //validate attribute value format
+ Trible<String, String, String> split =
+ eIDASResponseUtils.parseEidasPersonalIdentifier(natPersId);
+ if (split == null) {
+ throw new eIDASValidationException("eidas.07",
+ new Object[]{
+ Constants.eIDAS_ATTR_PERSONALIDENTIFIER,
+ "Wrong identifier format"});
+
+ } else {
+ //validation according to eIDAS SAML Attribute Profile, Section 2.2.3
+ if (StringUtils.isEmpty(split.getSecond())) {
+ log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER
+ + " includes NO destination country. Value:" + natPersId);
+ throw new eIDASValidationException("eidas.07",
+ new Object[]{
+ Constants.eIDAS_ATTR_PERSONALIDENTIFIER,
+ "No or empty destination country"});
+
+ }
+ if (!split.getSecond().equalsIgnoreCase(spCountry)) {
+ log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER
+ + " includes wrong destination country. Value:" + natPersId
+ + " SP-Country:" + spCountry);
+ throw new eIDASValidationException("eidas.07",
+ new Object[]{
+ Constants.eIDAS_ATTR_PERSONALIDENTIFIER,
+ "Destination country does not match to SP country"});
+
+ }
+
+ if (StringUtils.isEmpty(split.getFirst())) {
+ log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER
+ + " includes NO citizen country. Value:" + natPersId);
+ throw new eIDASValidationException("eidas.07",
+ new Object[]{
+ Constants.eIDAS_ATTR_PERSONALIDENTIFIER,
+ "No or empty citizen country"});
+
+ }
+ if (!split.getSecond().equalsIgnoreCase(spCountry)) {
+ log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER
+ + " includes a relaying-party country that does not match to service-provider country. "
+ + " Value:" + natPersId
+ + " SP Country:" + spCountry);
+ throw new eIDASValidationException("eidas.07",
+ new Object[]{
+ Constants.eIDAS_ATTR_PERSONALIDENTIFIER,
+ "Citizen country does not match to eIDAS-node country that generates the response"});
+
+ }
+ }
+ }
+
+ }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
index 958c3391..14ef4b42 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
@@ -3,18 +3,17 @@
xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
- <pd:Task id="createAuthnRequest" class="GenerateAuthnRequestTask" />
- <pd:Task id="receiveAuthnResponse" class="ReceiveAuthnResponseTask"
- async="true" />
- <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
- <pd:Task id="generateIdentityLink" class="CreateIdentityLinkTask" />
+ <pd:Task id="createAuthnRequest" class="ConnecteIDASNodeTask" />
+ <pd:Task id="receiveAuthnResponse" class="ReceiveResponseFromeIDASNodeTask" async="true" />
+ <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
+ <pd:Task id="generateIdentityLink" class="CreateIdentityLinkTask" />
<pd:StartEvent id="start" />
- <pd:Transition from="start" to="createAuthnRequest" />
- <pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" />
- <pd:Transition from="receiveAuthnResponse" to="generateIdentityLink" />
- <pd:Transition from="generateIdentityLink" to="finalizeAuthentication" />
- <pd:Transition from="finalizeAuthentication" to="end" />
+ <pd:Transition from="start" to="createAuthnRequest" />
+ <pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" />
+ <pd:Transition from="receiveAuthnResponse" to="generateIdentityLink" />
+ <pd:Transition from="generateIdentityLink" to="finalizeAuthentication" />
+ <pd:Transition from="finalizeAuthentication" to="end" />
<pd:EndEvent id="end" />
</pd:ProcessDefinition>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/additional-attributes.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/additional-attributes.xml
new file mode 100644
index 00000000..a72ac1e8
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/additional-attributes.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Copyright (c) 2017 by European Commission
+ ~
+ ~ Licensed under the EUPL, Version 1.2 or - as soon they will be
+ ~ approved by the European Commission - subsequent versions of the
+ ~ EUPL (the "Licence");
+ ~ You may not use this work except in compliance with the Licence.
+ ~ You may obtain a copy of the Licence at:
+ ~ https://joinup.ec.europa.eu/page/eupl-text-11-12
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the Licence is distributed on an "AS IS" basis,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ ~ implied.
+ ~ See the Licence for the specific language governing permissions and
+ ~ limitations under the Licence.
+ -->
+
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+<properties>
+ <comment>Dynamic attributes</comment>
+
+ <entry key="1.NameUri">http://eidas.europa.eu/attributes/naturalperson/AdditionalAttribute</entry>
+ <entry key="1.FriendlyName">AdditionalAttribute</entry>
+ <entry key="1.PersonType">NaturalPerson</entry>
+ <entry key="1.Required">false</entry>
+ <entry key="1.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry>
+ <entry key="1.XmlType.LocalPart">string</entry>
+ <entry key="1.XmlType.NamespacePrefix">xs</entry>
+ <entry key="1.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="2.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalAdditionalAttribute</entry>
+ <entry key="2.FriendlyName">LegalAdditionalAttribute</entry>
+ <entry key="2.PersonType">LegalPerson</entry>
+ <entry key="2.Required">false</entry>
+ <entry key="2.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry>
+ <entry key="2.XmlType.LocalPart">string</entry>
+ <entry key="2.XmlType.NamespacePrefix">xs</entry>
+ <entry key="2.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+</properties>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/eidas-attributes.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/eidas-attributes.xml
new file mode 100644
index 00000000..c9288d59
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/eidas-attributes.xml
@@ -0,0 +1,379 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Copyright (c) 2017 by European Commission
+ ~
+ ~ Licensed under the EUPL, Version 1.2 or - as soon they will be
+ ~ approved by the European Commission - subsequent versions of the
+ ~ EUPL (the "Licence");
+ ~ You may not use this work except in compliance with the Licence.
+ ~ You may obtain a copy of the Licence at:
+ ~ https://joinup.ec.europa.eu/page/eupl-text-11-12
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the Licence is distributed on an "AS IS" basis,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ ~ implied.
+ ~ See the Licence for the specific language governing permissions and
+ ~ limitations under the Licence.
+ -->
+
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+<properties>
+ <comment>eIDAS attributes</comment>
+
+ <entry key="1.NameUri">http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier</entry>
+ <entry key="1.FriendlyName">PersonIdentifier</entry>
+ <entry key="1.PersonType">NaturalPerson</entry>
+ <entry key="1.Required">true</entry>
+ <entry key="1.UniqueIdentifier">true</entry>
+ <entry key="1.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+ <entry key="1.XmlType.LocalPart">PersonIdentifierType</entry>
+ <entry key="1.XmlType.NamespacePrefix">eidas-natural</entry>
+ <entry key="1.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="2.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName</entry>
+ <entry key="2.FriendlyName">FamilyName</entry>
+ <entry key="2.PersonType">NaturalPerson</entry>
+ <entry key="2.Required">true</entry>
+ <entry key="2.TransliterationMandatory">true</entry>
+ <entry key="2.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+ <entry key="2.XmlType.LocalPart">CurrentFamilyNameType</entry>
+ <entry key="2.XmlType.NamespacePrefix">eidas-natural</entry>
+ <entry key="2.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="3.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName</entry>
+ <entry key="3.FriendlyName">FirstName</entry>
+ <entry key="3.PersonType">NaturalPerson</entry>
+ <entry key="3.Required">true</entry>
+ <entry key="3.TransliterationMandatory">true</entry>
+ <entry key="3.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+ <entry key="3.XmlType.LocalPart">CurrentGivenNameType</entry>
+ <entry key="3.XmlType.NamespacePrefix">eidas-natural</entry>
+ <entry key="3.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="4.NameUri">http://eidas.europa.eu/attributes/naturalperson/DateOfBirth</entry>
+ <entry key="4.FriendlyName">DateOfBirth</entry>
+ <entry key="4.PersonType">NaturalPerson</entry>
+ <entry key="4.Required">true</entry>
+ <entry key="4.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+ <entry key="4.XmlType.LocalPart">DateOfBirthType</entry>
+ <entry key="4.XmlType.NamespacePrefix">eidas-natural</entry>
+ <entry key="4.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller</entry>
+
+ <entry key="5.NameUri">http://eidas.europa.eu/attributes/naturalperson/BirthName</entry>
+ <entry key="5.FriendlyName">BirthName</entry>
+ <entry key="5.PersonType">NaturalPerson</entry>
+ <entry key="5.Required">false</entry>
+ <entry key="5.TransliterationMandatory">true</entry>
+ <entry key="5.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+ <entry key="5.XmlType.LocalPart">BirthNameType</entry>
+ <entry key="5.XmlType.NamespacePrefix">eidas-natural</entry>
+ <entry key="5.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="6.NameUri">http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth</entry>
+ <entry key="6.FriendlyName">PlaceOfBirth</entry>
+ <entry key="6.PersonType">NaturalPerson</entry>
+ <entry key="6.Required">false</entry>
+ <entry key="6.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+ <entry key="6.XmlType.LocalPart">PlaceOfBirthType</entry>
+ <entry key="6.XmlType.NamespacePrefix">eidas-natural</entry>
+ <entry key="6.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="7.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentAddress</entry>
+ <entry key="7.FriendlyName">CurrentAddress</entry>
+ <entry key="7.PersonType">NaturalPerson</entry>
+ <entry key="7.Required">false</entry>
+ <entry key="7.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+ <entry key="7.XmlType.LocalPart">CurrentAddressType</entry>
+ <entry key="7.XmlType.NamespacePrefix">eidas-natural</entry>
+ <entry key="7.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller</entry>
+
+ <entry key="8.NameUri">http://eidas.europa.eu/attributes/naturalperson/Gender</entry>
+ <entry key="8.FriendlyName">Gender</entry>
+ <entry key="8.PersonType">NaturalPerson</entry>
+ <entry key="8.Required">false</entry>
+ <entry key="8.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+ <entry key="8.XmlType.LocalPart">GenderType</entry>
+ <entry key="8.XmlType.NamespacePrefix">eidas-natural</entry>
+ <entry key="8.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller</entry>
+
+ <entry key="9.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier</entry>
+ <entry key="9.FriendlyName">LegalPersonIdentifier</entry>
+ <entry key="9.PersonType">LegalPerson</entry>
+ <entry key="9.Required">true</entry>
+ <entry key="9.UniqueIdentifier">true</entry>
+ <entry key="9.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+ <entry key="9.XmlType.LocalPart">LegalPersonIdentifierType</entry>
+ <entry key="9.XmlType.NamespacePrefix">eidas-legal</entry>
+ <entry key="9.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="10.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalName</entry>
+ <entry key="10.FriendlyName">LegalName</entry>
+ <entry key="10.PersonType">LegalPerson</entry>
+ <entry key="10.Required">true</entry>
+ <entry key="10.TransliterationMandatory">true</entry>
+ <entry key="10.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+ <entry key="10.XmlType.LocalPart">LegalNameType</entry>
+ <entry key="10.XmlType.NamespacePrefix">eidas-legal</entry>
+ <entry key="10.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="11.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalPersonAddress</entry>
+ <entry key="11.FriendlyName">LegalAddress</entry>
+ <entry key="11.PersonType">LegalPerson</entry>
+ <entry key="11.Required">false</entry>
+ <entry key="11.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+ <entry key="11.XmlType.LocalPart">LegalPersonAddressType</entry>
+ <entry key="11.XmlType.NamespacePrefix">eidas-legal</entry>
+ <entry key="11.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.LegalAddressAttributeValueMarshaller</entry>
+
+ <entry key="12.NameUri">http://eidas.europa.eu/attributes/legalperson/VATRegistrationNumber</entry>
+ <entry key="12.FriendlyName">VATRegistration</entry>
+ <entry key="12.PersonType">LegalPerson</entry>
+ <entry key="12.Required">false</entry>
+ <entry key="12.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+ <entry key="12.XmlType.LocalPart">VATRegistrationNumberType</entry>
+ <entry key="12.XmlType.NamespacePrefix">eidas-legal</entry>
+ <entry key="12.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="13.NameUri">http://eidas.europa.eu/attributes/legalperson/TaxReference</entry>
+ <entry key="13.FriendlyName">TaxReference</entry>
+ <entry key="13.PersonType">LegalPerson</entry>
+ <entry key="13.Required">false</entry>
+ <entry key="13.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+ <entry key="13.XmlType.LocalPart">TaxReferenceType</entry>
+ <entry key="13.XmlType.NamespacePrefix">eidas-legal</entry>
+ <entry key="13.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="14.NameUri">http://eidas.europa.eu/attributes/legalperson/D-2012-17-EUIdentifier</entry>
+ <entry key="14.FriendlyName">D-2012-17-EUIdentifier</entry>
+ <entry key="14.PersonType">LegalPerson</entry>
+ <entry key="14.Required">false</entry>
+ <entry key="14.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+ <entry key="14.XmlType.LocalPart">D-2012-17-EUIdentifierType</entry>
+ <entry key="14.XmlType.NamespacePrefix">eidas-legal</entry>
+ <entry key="14.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="15.NameUri">http://eidas.europa.eu/attributes/legalperson/LEI</entry>
+ <entry key="15.FriendlyName">LEI</entry>
+ <entry key="15.PersonType">LegalPerson</entry>
+ <entry key="15.Required">false</entry>
+ <entry key="15.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+ <entry key="15.XmlType.LocalPart">LEIType</entry>
+ <entry key="15.XmlType.NamespacePrefix">eidas-legal</entry>
+ <entry key="15.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="16.NameUri">http://eidas.europa.eu/attributes/legalperson/EORI</entry>
+ <entry key="16.FriendlyName">EORI</entry>
+ <entry key="16.PersonType">LegalPerson</entry>
+ <entry key="16.Required">false</entry>
+ <entry key="16.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+ <entry key="16.XmlType.LocalPart">EORIType</entry>
+ <entry key="16.XmlType.NamespacePrefix">eidas-legal</entry>
+ <entry key="16.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="17.NameUri">http://eidas.europa.eu/attributes/legalperson/SEED</entry>
+ <entry key="17.FriendlyName">SEED</entry>
+ <entry key="17.PersonType">LegalPerson</entry>
+ <entry key="17.Required">false</entry>
+ <entry key="17.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+ <entry key="17.XmlType.LocalPart">SEEDType</entry>
+ <entry key="17.XmlType.NamespacePrefix">eidas-legal</entry>
+ <entry key="17.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="18.NameUri">http://eidas.europa.eu/attributes/legalperson/SIC</entry>
+ <entry key="18.FriendlyName">SIC</entry>
+ <entry key="18.PersonType">LegalPerson</entry>
+ <entry key="18.Required">false</entry>
+ <entry key="18.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+ <entry key="18.XmlType.LocalPart">SICType</entry>
+ <entry key="18.XmlType.NamespacePrefix">eidas-legal</entry>
+ <entry key="18.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="19.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/PersonIdentifier</entry>
+ <entry key="19.FriendlyName">RepresentativePersonIdentifier</entry>
+ <entry key="19.PersonType">RepresentativeNaturalPerson</entry>
+ <entry key="19.Required">false</entry>
+ <entry key="19.UniqueIdentifier">true</entry>
+ <entry key="19.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+ <entry key="19.XmlType.LocalPart">PersonIdentifierType</entry>
+ <entry key="19.XmlType.NamespacePrefix">eidas-natural</entry>
+ <entry key="19.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="20.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentFamilyName</entry>
+ <entry key="20.FriendlyName">RepresentativeFamilyName</entry>
+ <entry key="20.PersonType">RepresentativeNaturalPerson</entry>
+ <entry key="20.Required">false</entry>
+ <entry key="20.TransliterationMandatory">true</entry>
+ <entry key="20.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+ <entry key="20.XmlType.LocalPart">CurrentFamilyNameType</entry>
+ <entry key="20.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+ <entry key="20.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="21.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentGivenName</entry>
+ <entry key="21.FriendlyName">RepresentativeFirstName</entry>
+ <entry key="21.PersonType">RepresentativeNaturalPerson</entry>
+ <entry key="21.Required">false</entry>
+ <entry key="21.TransliterationMandatory">true</entry>
+ <entry key="21.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+ <entry key="21.XmlType.LocalPart">CurrentGivenNameType</entry>
+ <entry key="21.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+ <entry key="21.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="22.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/DateOfBirth</entry>
+ <entry key="22.FriendlyName">RepresentativeDateOfBirth</entry>
+ <entry key="22.PersonType">RepresentativeNaturalPerson</entry>
+ <entry key="22.Required">false</entry>
+ <entry key="22.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+ <entry key="22.XmlType.LocalPart">DateOfBirthType</entry>
+ <entry key="22.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+ <entry key="22.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller</entry>
+
+ <entry key="23.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/BirthName</entry>
+ <entry key="23.FriendlyName">RepresentativeBirthName</entry>
+ <entry key="23.PersonType">RepresentativeNaturalPerson</entry>
+ <entry key="23.Required">false</entry>
+ <entry key="23.TransliterationMandatory">true</entry>
+ <entry key="23.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+ <entry key="23.XmlType.LocalPart">BirthNameType</entry>
+ <entry key="23.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+ <entry key="23.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="24.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/PlaceOfBirth</entry>
+ <entry key="24.FriendlyName">RepresentativePlaceOfBirth</entry>
+ <entry key="24.PersonType">RepresentativeNaturalPerson</entry>
+ <entry key="24.Required">false</entry>
+ <entry key="24.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+ <entry key="24.XmlType.LocalPart">PlaceOfBirthType</entry>
+ <entry key="24.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+ <entry key="24.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="25.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentAddress</entry>
+ <entry key="25.FriendlyName">RepresentativeCurrentAddress</entry>
+ <entry key="25.PersonType">RepresentativeNaturalPerson</entry>
+ <entry key="25.Required">false</entry>
+ <entry key="25.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+ <entry key="25.XmlType.LocalPart">CurrentAddressType</entry>
+ <entry key="25.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+ <entry key="25.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvCurrentAddressAttributeValueMarshaller</entry>
+
+ <entry key="26.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/Gender</entry>
+ <entry key="26.FriendlyName">RepresentativeGender</entry>
+ <entry key="26.PersonType">RepresentativeNaturalPerson</entry>
+ <entry key="26.Required">false</entry>
+ <entry key="26.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+ <entry key="26.XmlType.LocalPart">GenderType</entry>
+ <entry key="26.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+ <entry key="26.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller</entry>
+
+ <entry key="27.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonIdentifier</entry>
+ <entry key="27.FriendlyName">RepresentativeLegalPersonIdentifier</entry>
+ <entry key="27.PersonType">RepresentativeLegalPerson</entry>
+ <entry key="27.Required">false</entry>
+ <entry key="27.UniqueIdentifier">true</entry>
+ <entry key="27.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+ <entry key="27.XmlType.LocalPart">LegalPersonIdentifierType</entry>
+ <entry key="27.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+ <entry key="27.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="28.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalName</entry>
+ <entry key="28.FriendlyName">RepresentativeLegalName</entry>
+ <entry key="28.PersonType">RepresentativeLegalPerson</entry>
+ <entry key="28.Required">false</entry>
+ <entry key="28.TransliterationMandatory">true</entry>
+ <entry key="28.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+ <entry key="28.XmlType.LocalPart">LegalNameType</entry>
+ <entry key="28.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+ <entry key="28.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="29.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress</entry>
+ <entry key="29.FriendlyName">RepresentativeLegalAddress</entry>
+ <entry key="29.PersonType">RepresentativeLegalPerson</entry>
+ <entry key="29.Required">false</entry>
+ <entry key="29.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+ <entry key="29.XmlType.LocalPart">LegalPersonAddressType</entry>
+ <entry key="29.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+ <entry key="29.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller</entry>
+
+ <entry key="30.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber</entry>
+ <entry key="30.FriendlyName">RepresentativeVATRegistration</entry>
+ <entry key="30.PersonType">RepresentativeLegalPerson</entry>
+ <entry key="30.Required">false</entry>
+ <entry key="30.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+ <entry key="30.XmlType.LocalPart">VATRegistrationNumberType</entry>
+ <entry key="30.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+ <entry key="30.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="31.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/TaxReference</entry>
+ <entry key="31.FriendlyName">RepresentativeTaxReference</entry>
+ <entry key="31.PersonType">RepresentativeLegalPerson</entry>
+ <entry key="31.Required">false</entry>
+ <entry key="31.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+ <entry key="31.XmlType.LocalPart">TaxReferenceType</entry>
+ <entry key="31.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+ <entry key="31.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="32.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/D-2012-17-EUIdentifier</entry>
+ <entry key="32.FriendlyName">RepresentativeD-2012-17-EUIdentifier</entry>
+ <entry key="32.PersonType">RepresentativeLegalPerson</entry>
+ <entry key="32.Required">false</entry>
+ <entry key="32.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+ <entry key="32.XmlType.LocalPart">D-2012-17-EUIdentifierType</entry>
+ <entry key="32.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+ <entry key="32.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="33.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LEI</entry>
+ <entry key="33.FriendlyName">RepresentativeLEI</entry>
+ <entry key="33.PersonType">RepresentativeLegalPerson</entry>
+ <entry key="33.Required">false</entry>
+ <entry key="33.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+ <entry key="33.XmlType.LocalPart">LEIType</entry>
+ <entry key="33.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+ <entry key="33.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="34.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/EORI</entry>
+ <entry key="34.FriendlyName">RepresentativeEORI</entry>
+ <entry key="34.PersonType">RepresentativeLegalPerson</entry>
+ <entry key="34.Required">false</entry>
+ <entry key="34.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+ <entry key="34.XmlType.LocalPart">EORIType</entry>
+ <entry key="34.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+ <entry key="34.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="35.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/SEED</entry>
+ <entry key="35.FriendlyName">RepresentativeSEED</entry>
+ <entry key="35.PersonType">RepresentativeLegalPerson</entry>
+ <entry key="35.Required">false</entry>
+ <entry key="35.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+ <entry key="35.XmlType.LocalPart">SEEDType</entry>
+ <entry key="35.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+ <entry key="35.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="36.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/SIC</entry>
+ <entry key="36.FriendlyName">RepresentativeSIC</entry>
+ <entry key="36.PersonType">RepresentativeLegalPerson</entry>
+ <entry key="36.Required">false</entry>
+ <entry key="36.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+ <entry key="36.XmlType.LocalPart">SICType</entry>
+ <entry key="36.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+ <entry key="36.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+ <entry key="39.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress</entry>
+ <entry key="39.FriendlyName">RepresentativeLegalAddress</entry>
+ <entry key="39.PersonType">RepresentativeLegalPerson</entry>
+ <entry key="39.Required">false</entry>
+ <entry key="39.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+ <entry key="39.XmlType.LocalPart">LegalPersonAddressType</entry>
+ <entry key="39.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+ <entry key="39.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller</entry>
+
+ <entry key="40.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber</entry>
+ <entry key="40.FriendlyName">RepresentativeVATRegistration</entry>
+ <entry key="40.PersonType">RepresentativeLegalPerson</entry>
+ <entry key="40.Required">false</entry>
+ <entry key="40.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+ <entry key="40.XmlType.LocalPart">VATRegistrationNumberType</entry>
+ <entry key="40.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+ <entry key="40.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+
+</properties>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
index 1ad8cbeb..4664bc27 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
@@ -9,6 +9,27 @@
<context:annotation-config />
+ <import resource="classpath:specificCommunicationDefinitionApplicationContext.xml"/>
+
+ <bean id="SZRClientForeIDAS"
+ class="at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient" />
+
+ <bean id="specificConnectorAttributesFile" class="java.lang.String">
+ <constructor-arg value="eidas-attributes.xml"/>
+ </bean>
+
+ <bean id="specificAdditionalAttributesFile" class="java.lang.String">
+ <constructor-arg value="additional-attributes.xml"/>
+ </bean>
+
+ <bean id="specificConnectorAttributesFileWithPath" class="java.lang.String">
+ <constructor-arg value="#{specificConnectorConfigRepository}#{specificConnectorAttributesFile}"/>
+ </bean>
+
+ <bean id="specificConnectorAdditionalAttributesFileWithPath" class="java.lang.String">
+ <constructor-arg value="#{specificConnectorConfigRepository}#{specificAdditionalAttributesFile}"/>
+ </bean>
+
<bean id="eIDASAuthModule"
class="at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.eIDASAuthenticationModulImpl">
<property name="priority" value="2" />
@@ -17,13 +38,18 @@
<bean id="eIDASSignalServlet"
class="at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.eIDASSignalServlet" />
+ <bean id="attributeRegistry"
+ class="at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry">
+ <property name="eidasAttributesFile" ref="specificConnectorAttributesFileWithPath"/>
+ <property name="additionalAttributesFile" ref="specificConnectorAdditionalAttributesFileWithPath"/>
+ </bean>
<!-- Authentication Process Tasks -->
- <bean id="GenerateAuthnRequestTask"
+ <bean id="ConnecteIDASNodeTask"
class="at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.tasks.GenerateAuthnRequestTask"
scope="prototype" />
- <bean id="ReceiveAuthnResponseTask"
+ <bean id="ReceiveResponseFromeIDASNodeTask"
class="at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.tasks.ReceiveAuthnResponseTask"
scope="prototype" />
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml
new file mode 100644
index 00000000..09084a34
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:si="http://www.w3.org/2001/XMLSchema-instance" AssertionID="szr.bmi.gv.at-AssertionID13456264458587874" IssueInstant="2012-08-22T11:07:25+01:00" Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" MinorVersion="0" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person si:type="pr:PhysicalPersonType"><pr:Identification><pr:Value>wJO/bvDJjUysG0yARn7I6w==</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type></pr:Identification><pr:Name><pr:GivenName>XXXRúùd</pr:GivenName><pr:FamilyName primary="undefined">XXXVàn Nisteĺrooy</pr:FamilyName></pr:Name><pr:DateOfBirth>1969-02-13</pr:DateOfBirth></pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"><saml:AttributeValue><ecdsa:ECDSAKeyValue><ecdsa:DomainParameters><ecdsa:NamedCurve URN="urn:oid:1.2.840.10045.3.1.7"/></ecdsa:DomainParameters><ecdsa:PublicKey><ecdsa:X Value="22280299907126338788314199678167217078072953115254374209747379168424021905237" si:type="ecdsa:PrimeFieldElemType"/><ecdsa:Y Value="40387096985250872237992703378062984723606079359080588656963239072881568409170" si:type="ecdsa:PrimeFieldElemType"/></ecdsa:PublicKey></ecdsa:ECDSAKeyValue></saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"><saml:AttributeValue><dsig:RSAKeyValue><dsig:Modulus>4Y4FL09VhczsfYQgFPuycP8quJNZBAAu1R1rFXNodI2711B6BTMjAGQn6xuFWfd3/nyFav/MLTr/
+t2VazvANS4TRFxJAcWyIx7xbxCdzZr6gJ+FCmq4g5JPrQvt50v3JX+wKSYft1gHBOWlDn90Ia4Gm
+P8MVuze21T+VVKM6ZklmS6d5PT1er/uYQFydGErmJ17xlSQG6Fi5xuftopBDyJxG1tL1KIebpLFg
+gaM2EyuB1HxH8/+Mfqa4UgeqIH65</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></saml:AttributeValue></saml:Attribute></saml:AttributeStatement>
+ <dsig:Signature>
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>KEQEPY2O3Z3IRaISSSoRZVPzsHE=</dsig:DigestValue>
+ </dsig:Reference>
+ <dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest">
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>gzGhjH1kdmPcPbgen0xojNIoJLk=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>
+ 06wqWHgplwpu3N5HMhzb6QC5NkXMO1z4N4oc1L6eDqwZlvFJ9X1XGW//QqviKO9oog3il7IzdfJwnjygR4trgGCIqx+JYCDHJCrG9l8zlxlSW0ZqfsygGXthutcQ1aeUpfO6jYuhnWOUywa8BgzukRtWT+AOJBQZPRYTb8IBmey+uAwlhFLni94eMOd81l+efCvkWi3jRajwsG8ZOaNxSZT3aEV5vj+32Aqtx2MPEVzQWtIA7GqZi+EzcdSdHQvHhg7UB+8kqbU70ENAJbEMTANFZYvLOJ0Om9KfDtPf/+R2TvTc360fNo9RnPl04pHPhCIjcGZhFZorBpUhXFwd2Q==
+ </dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIF3TCCBMWgAwIBAgIDByniMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIwIAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMB4XDTEwMDcyODExMzY0M1oXDTE1MDcyODExMzY0M1owgbYxCzAJBgNVBAYTAkFUMR4wHAYDVQQKDBVEYXRlbnNjaHV0emtvbW1pc3Npb24xIjAgBgNVBAsMGVN0YW1temFobHJlZ2lzdGVyYmVob2VyZGUxLjAsBgNVBAMMJVNpZ25hdHVyc2VydmljZSBEYXRlbnNjaHV0emtvbW1pc3Npb24xFTATBgNVBAUTDDMyNTkyODMyMzk5ODEcMBoGCSqGSIb3DQEJARYNZHNrQGRzay5ndi5hdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+dBSEBGj2jUXIK1Mp3lVxc/Za+pJMiyKrX3G1ZxgX/ikx7D9scsPYMt473LlAWl9cmCbHbJK+PV2XNNdURLMUCIX+4vUNs2MHeDTQtX8BXjJFpwJYSoaRJQ39FVS/1r5sWcra9Hhdm7w5Gtx/2ukyDX0kdkxawkhP4EQEzi/SI+Fugn+WqgQ1nAdlbxb/dcBw5w1h9b3lmuwUf4z3ooQWUD2DgA/kKd1KejNR43mLUsmvSzevPxT9zs78pOR1OacB7IszTVJPXeOEaaNZHnnB/UeO3g8LEV/3OkXcUgcMkbIIiaBHlll71Pq0COj9kqjXoe7OrRjLY5i3KwOpa6TMCAwEAAaOCAgcwggIDMBMGA1UdIwQMMAqACEkcWDpP6A0DMH8GCCsGAQUFBwEBBHMwcTAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AuYS10cnVzdC5hdC9vY3NwMEYGCCsGAQUFBzAChjpodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMmEuY3J0MFQGA1UdIARNMEswSQYGKigAEQESMD8wPQYIKwYBBQUHAgEWMWh0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Etc2lnbi1BbXRzc2lnbmF0dXIwgZ4GA1UdHwSBljCBkzCBkKCBjaCBioaBh2xkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMixvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQITAgOnhr0tbowDgYDVR0PAQH/BAQDAgSwMCAGA1UdEQQZMBeBFW1hcmN1cy5oaWxkQGRzay5ndi5hdDAJBgNVHRMEAjAAMA4GByooAAoBBwEEAwEB/zAUBgcqKAAKAQEBBAkMB0JTQi1EU0swDQYJKoZIhvcNAQEFBQADggEBAHTklnvPCH/bJSOlIPbLUEkSGuFHsektSZ8Vr22x/Yv7EzsxoQrJIiz2mQ2gQqFuExdWYxvsowjiSbiis9iUf1c0zscvDS3mIZxGs4M89XHsjHnIyb+Fuwnamw65QrFvM1tNB1ZMjxJ3x+YmHLHdtT3BEBcr3/NCRHd2S0HoBspNz9HVgJaZY1llR7poKBvnAc4g1i+QTvyVb00PtKxR9Lw/9ABInX/1pzpxqrPy7Ib2OP8z6dd3WHmIsCiSHUaj0Dxwwln6fYJjhxZ141SnbovlCLYtrsZLXoi9ljIqX4xO0PwMI2RfNc9cXxTRrRS6rEOvX7PpvgXiDXhp592Yyp4=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
+ <dsig:Object>
+ <dsig:Manifest Id="manifest">
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <dsig:XPath>not(ancestor-or-self::dsig:Signature)</dsig:XPath>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>8e7RjLnA4Mgltq5ruIJzheKGxu0=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:Manifest>
+ </dsig:Object>
+ </dsig:Signature>
+</saml:Assertion> \ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.WSDL b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.WSDL
new file mode 100644
index 00000000..4ad2645a
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.WSDL
@@ -0,0 +1,901 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<definitions targetNamespace="urn:SZRServices" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:pvp="http://egov.gv.at/pvp1.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:szr="urn:SZRServices" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+ <types>
+ <xs:schema elementFormDefault="qualified" targetNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <xs:complexType name="PhysicalPersonType">
+ <xs:sequence>
+ <xs:element minOccurs="0" name="Identification" type="pd:IdentificationType" />
+ <xs:element minOccurs="1" name="Name" type="pd:PersonNameType" />
+ <xs:element minOccurs="0" name="AlternativeName" type="pd:AlternativeNameType" />
+ <xs:element minOccurs="0" name="Sex" type="xs:string" />
+ <xs:element minOccurs="0" name="DateOfBirth" type="xs:string" />
+ <xs:element minOccurs="0" name="PlaceOfBirth" type="xs:string" />
+ <xs:element minOccurs="0" name="CountryOfBirth" type="xs:string" />
+ <xs:element minOccurs="0" name="Nationality" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="IdentificationType">
+ <xs:sequence>
+ <xs:element minOccurs="0" name="Value" type="xs:string" />
+ <xs:element minOccurs="0" name="Type" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="PersonNameType">
+ <xs:sequence>
+ <xs:element minOccurs="0" name="PrefixedDegree" type="xs:string" />
+ <xs:element name="GivenName" type="xs:string" nillable="true" />
+ <xs:element name="FamilyName" type="xs:string" nillable="true" />
+ <xs:element minOccurs="0" name="SuffixedDegree" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="AlternativeNameType">
+ <xs:sequence>
+ <xs:element name="FamilyName" type="xs:string" nillable="true" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="PostalAddressType">
+ <xs:sequence>
+ <xs:element minOccurs="0" name="PostalCode" type="xs:string" />
+ <xs:element minOccurs="0" name="Municipality" type="xs:string" />
+ <xs:element minOccurs="0" name="Locality" type="xs:string" />
+ <xs:element minOccurs="0" name="StateCode3" type="xs:string" />
+ <xs:element minOccurs="0" name="DeliveryAddress" type="pd:DeliveryAddressType" />
+ <xs:element minOccurs="0" name="HistoricRecord" type="xs:boolean" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="DeliveryAddressType">
+ <xs:sequence>
+ <xs:element minOccurs="0" name="AddressLine" type="xs:string" />
+ <xs:element minOccurs="0" name="StreetName" type="xs:string" />
+ <xs:element minOccurs="0" name="BuildingNumber" type="xs:string" />
+ <xs:element minOccurs="0" name="Unit" type="xs:string" />
+ <xs:element minOccurs="0" name="DoorNumber" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:schema>
+ <xs:schema elementFormDefault="qualified" targetNamespace="http://www.w3.org/2001/04/xmldsig-more#">
+ <xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType" nillable="true" />
+ <xs:complexType name="ECDSAKeyValueType">
+ <xs:sequence>
+ <xs:element minOccurs="0" name="DomainParameters" type="ecdsa:DomainParamsType" />
+ <xs:element name="PublicKey" type="ecdsa:ECPointType" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="DomainParamsType">
+ <xs:sequence>
+ <xs:element minOccurs="0" name="NamedCurve" type="ecdsa:NamedCurveType" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="NamedCurveType">
+ <xs:attribute name="URN" type="xs:string" use="required" />
+ </xs:complexType>
+ <xs:complexType name="ECPointType">
+ <xs:sequence minOccurs="0">
+ <xs:element name="X" type="ecdsa:PrimeFieldElemType" />
+ <xs:element name="Y" type="ecdsa:PrimeFieldElemType" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="PrimeFieldElemType">
+ <xs:attribute name="Value" type="xs:string" use="required" />
+ </xs:complexType>
+ </xs:schema>
+ <xs:schema elementFormDefault="qualified" targetNamespace="http://www.w3.org/2000/09/xmldsig#" xmlns="http://www.w3.org/2001/XMLSchema">
+ <xs:import namespace="http://www.w3.org/2001/04/xmldsig-more#" />
+ <xs:complexType name="KeyValueType">
+ <xs:sequence>
+ <xs:element minOccurs="0" name="DSAKeyValue" type="dsig:DSAKeyValueType" />
+ <xs:element minOccurs="0" name="RSAKeyValue" type="dsig:RSAKeyValueType" />
+ <xs:element minOccurs="0" ref="ecdsa:ECDSAKeyValue" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="DSAKeyValueType">
+ <xs:sequence>
+ <xs:element minOccurs="0" name="P" type="xs:string" />
+ <xs:element minOccurs="0" name="Q" type="xs:string" />
+ <xs:element minOccurs="0" name="J" type="xs:string" />
+ <xs:element minOccurs="0" name="G" type="xs:string" />
+ <xs:element minOccurs="0" name="Y" type="xs:string" />
+ <!-- https://www.w3.org/TR/xmldsig-core/ defines PgenCounter THEN Seed, SZR.wsdl used Seed BEFORE PgenCounter. To keep it backwards compatible but allow the usual order, both ways are allowed. -->
+ <xs:choice maxOccurs="unbounded">
+ <xs:element minOccurs="0" name="PgenCounter" type="xs:string" />
+ <xs:element minOccurs="0" name="Seed" type="xs:string" />
+ </xs:choice>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="RSAKeyValueType">
+ <xs:sequence>
+ <xs:element minOccurs="0" name="Modulus" type="xs:string" />
+ <xs:element minOccurs="0" name="Exponent" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:schema>
+ <xs:schema elementFormDefault="qualified" targetNamespace="urn:SZRServices">
+ <xs:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" />
+ <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" />
+ <xs:element name="SZRException" type="szr:SZRException" />
+ <xs:complexType name="SZRException" />
+ <xs:complexType name="PersonInfoType">
+ <xs:sequence>
+ <xs:element name="Person" type="pd:PhysicalPersonType" />
+ <xs:element minOccurs="0" name="RegularDomicile" type="pd:PostalAddressType" />
+ <xs:element minOccurs="0" name="AddressCodes" type="szr:AddressCodesType" />
+ <xs:element minOccurs="0" name="TravelDocument" type="szr:TravelDocumentType" />
+ <xs:element minOccurs="0" name="DateOfBirthWildcard" type="xs:boolean" />
+ <xs:element minOccurs="0" name="AuskunftssperreGesetzt" type="xs:boolean" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="TravelDocumentType">
+ <xs:sequence>
+ <xs:element minOccurs="0" name="DocumentNumber" type="xs:string" />
+ <xs:element minOccurs="0" name="DocumentType" type="xs:string" />
+ <xs:element minOccurs="0" name="IssueDate" type="xs:string" />
+ <xs:element minOccurs="0" name="IssuingAuthority" type="xs:string" />
+ <xs:element minOccurs="0" name="IssuingCountry" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="AddressCodesType">
+ <xs:sequence>
+ <xs:element minOccurs="0" name="GKZ" type="xs:string" />
+ <xs:element minOccurs="0" name="OKZ" type="xs:string" />
+ <xs:element minOccurs="0" name="SKZ" type="xs:string" />
+ <xs:element minOccurs="0" name="ADRCD" type="xs:string" />
+ <xs:element minOccurs="0" name="SUBCD" type="xs:string" />
+ <xs:element minOccurs="0" name="OBJNR" type="xs:string" />
+ <xs:element minOccurs="0" name="NTZLNR" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="TransformBPK">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="PersonInfo" type="szr:PersonInfoType" />
+ <xs:element name="InputBPK" type="xs:string" />
+ <xs:element name="InputBereichsKennung" type="xs:string" />
+ <xs:element name="Begruendung" type="xs:string" />
+ <xs:element maxOccurs="unbounded" name="Target" type="szr:FremdBPKRequestType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="TransformBPKResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element maxOccurs="unbounded" name="TransformBPKReturn" type="szr:FremdBPKType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetVKZPermission">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="VKZ" type="xs:string" />
+ <xs:element name="BereichsKennung" type="xs:string" />
+ <xs:element minOccurs="0" name="ParticipantId" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetVKZPermissionResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="GetVKZPermissionReturn" type="szr:GetVKZPermissionResponseType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:complexType name="IdentityLinkType">
+ <xs:sequence>
+ <xs:element name="PersonInfo" type="szr:PersonInfoType" />
+ <xs:element name="Assertion" type="xs:anyType" />
+ <xs:element minOccurs="0" name="AdditionalInfo" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="ResultRecord">
+ <xs:sequence>
+ <xs:element name="PersonInfo" type="szr:PersonInfoType" />
+ <xs:element name="Register" type="xs:string" />
+ <xs:element name="bPK" type="xs:string" />
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="GetBPKKombiRequestType">
+ <xs:sequence>
+ <xs:element name="PersonInfo" type="szr:PersonInfoType" />
+ <xs:element minOccurs="0" name="InsertERnP">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="NoInsert" />
+ <xs:enumeration value="InsertOnNoMatch" />
+ <xs:enumeration value="ForceInsert" />
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ <xs:element minOccurs="0" name="Suchwizard" type="xs:boolean" />
+ <xs:element name="VKZ" type="xs:string" nillable="true" />
+ <xs:element minOccurs="0" name="BehoerdenKennzeichen" type="xs:string" />
+ <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" />
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" />
+ <xs:element minOccurs="0" name="Sessionid" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="GetBPKKombiResponseType">
+ <xs:complexContent>
+ <xs:extension base="szr:GetBPKZPVResponseType">
+ <xs:sequence>
+ <xs:element name="FoundWithSuchwizard" type="xs:boolean" />
+ <xs:element name="Sessionid" type="xs:string" />
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ <xs:complexType name="GetBPKZPVRequestType">
+ <xs:sequence>
+ <xs:element name="PersonInfo" type="szr:PersonInfoType" />
+ <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" default="false" />
+ <xs:element minOccurs="1" name="VKZ" type="xs:string" />
+ <xs:element minOccurs="0" name="BehoerdenKennzeichen" type="xs:string" />
+ <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" />
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="GetBPKZPVResponseType">
+ <xs:sequence>
+ <xs:element maxOccurs="unbounded" name="ResultRecord" type="szr:ResultRecord" />
+ <xs:element name="InsertERnPResult" type="xs:boolean" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="GetBPKFromStammzahlEncryptedRequestType">
+ <xs:sequence>
+ <xs:element minOccurs="1" name="StammzahlEncrypted" type="xs:string" />
+ <xs:element minOccurs="0" name="PersonInfo" type="szr:PersonInfoType" />
+ <xs:element minOccurs="1" name="VKZ" type="xs:string" />
+ <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" />
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="GetBPKFromStammzahlEncryptedResponseType">
+ <xs:sequence>
+ <xs:element minOccurs="0" name="bPK" type="xs:string" />
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="GetIdentityLink">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="PersonInfo" type="szr:PersonInfoType" />
+ <xs:element maxOccurs="unbounded" name="KeyValue" type="dsig:KeyValueType" />
+ <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetIdentityLinkResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="GetIdentityLinkReturn" type="szr:IdentityLinkType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetBPK">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="PersonInfo" type="szr:PersonInfoType" />
+ <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" />
+ <xs:element minOccurs="0" name="VKZ" type="xs:string" />
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" />
+ <xs:element minOccurs="0" name="ListMultiplePersons" type="xs:boolean" />
+ <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetBPKResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element minOccurs="0" name="GetBPKReturn" type="xs:string" />
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" />
+ <xs:element maxOccurs="5" minOccurs="0" name="PersonInfo" type="szr:PersonInfoType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetBPKs">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element maxOccurs="unbounded" name="PersonInfo" type="szr:PersonInfoType" />
+ <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" />
+ <xs:element name="VKZ" type="xs:string" />
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetBPKsResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element maxOccurs="unbounded" name="ResultRecord" type="szr:GetBPKsResponseType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:complexType name="GetBPKsResponseType">
+ <xs:sequence>
+ <xs:element minOccurs="0" name="BPK" type="xs:string" />
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" />
+ <xs:element minOccurs="0" name="Fault">
+ <xs:complexType>
+ <xs:attribute name="Code" type="xs:string" />
+ <xs:attribute name="String" type="xs:string" />
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="GetBPKKombi">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="GetBPKKombiRequest" type="szr:GetBPKKombiRequestType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetBPKKombiResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="GetBPKKombiResponse" type="szr:GetBPKKombiResponseType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetBPKZPV">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="GetBPKZPVRequest" type="szr:GetBPKZPVRequestType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetBPKZPVResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="GetBPKZPVResponse" type="szr:GetBPKZPVResponseType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetBPKFromStammzahlEncrypted">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="GetBPKFromStammzahlEncryptedRequest" type="szr:GetBPKFromStammzahlEncryptedRequestType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetBPKFromStammzahlEncryptedResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="GetBPKFromStammzahlEncryptedResponse" type="szr:GetBPKFromStammzahlEncryptedResponseType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="ValidateIdentityLink">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="IdentityLink" type="szr:IdentityLinkType" />
+ <xs:element name="BereichsKennung" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="ValidateIdentityLinkResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="ValidateIdentityLinkReturn" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="BPKzuBasiszahl">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Bereich" type="xs:string" />
+ <xs:element name="BPK" type="xs:string" />
+ <xs:element maxOccurs="unbounded" name="BasisZahl" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="BPKzuBasiszahlResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="BPKzuBasiszahlReturn" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:complexType name="FremdBPKRequestType">
+ <xs:sequence>
+ <xs:element name="BereichsKennung" type="xs:string" />
+ <xs:element name="VKZ" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="FremdBPKType">
+ <xs:sequence>
+ <xs:element name="BereichsKennung" type="xs:string" />
+ <xs:element name="FremdBPK" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="GetVKZPermissionResponseType">
+ <xs:sequence>
+ <xs:element name="isAllowed" type="xs:boolean" />
+ <xs:element minOccurs="0" name="behSchluessel" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="BasiszahlZuBPK">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element minOccurs="0" name="VKZ" type="xs:string" />
+ <xs:element maxOccurs="unbounded" name="BasisZahl" type="xs:string" />
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="Bereich" type="xs:string" />
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKTargets" type="szr:FremdBPKRequestType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:complexType name="BasiszahlZuBPKReturnType">
+ <xs:sequence>
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="BPK" type="xs:string" />
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKs" type="szr:FremdBPKType" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="BasiszahlZuBPKResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element maxOccurs="unbounded" name="BasiszahlZuBPKReturn" type="szr:BasiszahlZuBPKReturnType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="ZMRAnwendungsIntegration">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Bereich" type="xs:string" />
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKTargets" type="szr:FremdBPKRequestType" />
+ <xs:element maxOccurs="unbounded" name="ZMRfremdbPK" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:complexType name="ZMRAnwendungsIntegrationReturnType">
+ <xs:sequence>
+ <xs:element name="BPK" type="xs:string" />
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKs" type="szr:FremdBPKType" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="ZMRAnwendungsIntegrationResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element maxOccurs="unbounded" name="ZMRAnwendungsIntegrationReturn" type="szr:ZMRAnwendungsIntegrationReturnType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetStammzahl">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="PersonInfo" type="szr:PersonInfoType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetStammzahlResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Stammzahl" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetStammzahlEncrypted">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="PersonInfo" type="szr:PersonInfoType" />
+ <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetStammzahlEncryptedResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Stammzahl" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetVersion" />
+ <xs:element name="GetVersionResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Version" type="xs:string" />
+ <xs:element name="Revision" type="xs:string" />
+ <xs:element name="Time" type="xs:string" />
+ <xs:element name="IdentityLinkNotAfter" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:schema>
+ <xs:schema targetNamespace="http://egov.gv.at/pvp1.xsd">
+ <xs:include schemaLocation="pvp1.xsd" />
+ </xs:schema>
+ <xs:schema elementFormDefault="qualified" targetNamespace="http://schemas.xmlsoap.org/ws/2002/04/secext">
+ <xs:element name="Security">
+ <xs:complexType>
+ <xs:sequence>
+ <!-- add the pvpToken here. You can also uncomment the following line if you support XSD 1.1 -->
+ <!-- <xs:element ref="pvp:pvpToken" /> -->
+ <xs:any processContents="lax" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ <xs:anyAttribute processContents="lax" />
+ </xs:complexType>
+ </xs:element>
+ </xs:schema>
+ </types>
+ <message name="Header">
+ <part name="SecurityHeader" element="wsse:Security" />
+ </message>
+ <message name="GetIdentityLinkRequest">
+ <part element="szr:GetIdentityLink" name="parameters" />
+ </message>
+ <message name="GetIdentityLinkResponse">
+ <part element="szr:GetIdentityLinkResponse" name="parameters" />
+ </message>
+ <message name="GetBPKRequest">
+ <part element="szr:GetBPK" name="parameters" />
+ </message>
+ <message name="GetBPKResponse">
+ <part element="szr:GetBPKResponse" name="parameters" />
+ </message>
+ <message name="GetBPKsRequest">
+ <part element="szr:GetBPKs" name="parameters" />
+ </message>
+ <message name="GetBPKsResponse">
+ <part element="szr:GetBPKsResponse" name="parameters" />
+ </message>
+ <message name="GetBPKKombiRequest">
+ <part element="szr:GetBPKKombi" name="parameters" />
+ </message>
+ <message name="GetBPKKombiResponse">
+ <part element="szr:GetBPKKombiResponse" name="parameters" />
+ </message>
+ <message name="GetBPKZPVRequest">
+ <part element="szr:GetBPKZPV" name="parameters" />
+ </message>
+ <message name="GetBPKZPVResponse">
+ <part element="szr:GetBPKZPVResponse" name="parameters" />
+ </message>
+ <message name="GetBPKFromStammzahlEncryptedRequest">
+ <part element="szr:GetBPKFromStammzahlEncrypted" name="parameters" />
+ </message>
+ <message name="GetBPKFromStammzahlEncryptedResponse">
+ <part element="szr:GetBPKFromStammzahlEncryptedResponse" name="parameters" />
+ </message>
+ <message name="BPKzuBasiszahlRequest">
+ <part element="szr:BPKzuBasiszahl" name="parameters" />
+ </message>
+ <message name="BPKzuBasiszahlResponse">
+ <part element="szr:BPKzuBasiszahlResponse" name="parameters" />
+ </message>
+ <message name="BasiszahlZuBPKRequest">
+ <part element="szr:BasiszahlZuBPK" name="parameters" />
+ </message>
+ <message name="BasiszahlZuBPKResponse">
+ <part element="szr:BasiszahlZuBPKResponse" name="parameters" />
+ </message>
+ <message name="ValidateIdentityLinkRequest">
+ <part element="szr:ValidateIdentityLink" name="parameters" />
+ </message>
+ <message name="ValidateIdentityLinkResponse">
+ <part element="szr:ValidateIdentityLinkResponse" name="parameters" />
+ </message>
+ <message name="TransformBPKRequest">
+ <part element="szr:TransformBPK" name="parameters" />
+ </message>
+ <message name="TransformBPKResponse">
+ <part element="szr:TransformBPKResponse" name="parameters" />
+ </message>
+ <message name="GetVKZPermissionRequest">
+ <part element="szr:GetVKZPermission" name="parameters" />
+ </message>
+ <message name="GetVKZPermissionResponse">
+ <part element="szr:GetVKZPermissionResponse" name="parameters" />
+ </message>
+ <message name="ZMRAnwendungsIntegrationRequest">
+ <part element="szr:ZMRAnwendungsIntegration" name="parameters" />
+ </message>
+ <message name="ZMRAnwendungsIntegrationResponse">
+ <part element="szr:ZMRAnwendungsIntegrationResponse" name="parameters" />
+ </message>
+ <message name="GetStammzahlRequest">
+ <part element="szr:GetStammzahl" name="parameters" />
+ </message>
+ <message name="GetStammzahlResponse">
+ <part element="szr:GetStammzahlResponse" name="parameters" />
+ </message>
+ <message name="GetStammzahlEncryptedRequest">
+ <part element="szr:GetStammzahlEncrypted" name="parameters" />
+ </message>
+ <message name="GetStammzahlEncryptedResponse">
+ <part element="szr:GetStammzahlEncryptedResponse" name="parameters" />
+ </message>
+ <message name="GetVersionRequest">
+ <part element="szr:GetVersion" name="parameters" />
+ </message>
+ <message name="GetVersionResponse">
+ <part element="szr:GetVersionResponse" name="parameters" />
+ </message>
+ <message name="SZRException">
+ <part element="szr:SZRException" name="fault" />
+ </message>
+ <portType name="SZR">
+ <operation name="GetIdentityLink">
+ <input message="szr:GetIdentityLinkRequest" name="GetIdentityLinkRequest" />
+ <output message="szr:GetIdentityLinkResponse" name="GetIdentityLinkResponse" />
+ <fault message="szr:SZRException" name="SZRException" />
+ </operation>
+ <operation name="GetBPK">
+ <jaxws:bindings xmlns:jaxws="http://java.sun.com/xml/ns/jaxws">
+ <jaxws:enableWrapperStyle>false</jaxws:enableWrapperStyle>
+ </jaxws:bindings>
+ <input message="szr:GetBPKRequest" name="GetBPKRequest" />
+ <output message="szr:GetBPKResponse" name="GetBPKResponse" />
+ <fault message="szr:SZRException" name="SZRException" />
+ </operation>
+ <operation name="GetBPKs">
+ <input message="szr:GetBPKsRequest" name="GetBPKsRequest" />
+ <output message="szr:GetBPKsResponse" name="GetBPKsResponse" />
+ <fault message="szr:SZRException" name="SZRException" />
+ </operation>
+ <operation name="GetBPKKombi">
+ <input message="szr:GetBPKKombiRequest" name="GetBPKKombiRequest" />
+ <output message="szr:GetBPKKombiResponse" name="GetBPKKombiResponse" />
+ <fault message="szr:SZRException" name="SZRException" />
+ </operation>
+ <operation name="GetBPKZPV">
+ <input message="szr:GetBPKZPVRequest" name="GetBPKZPVRequest" />
+ <output message="szr:GetBPKZPVResponse" name="GetBPKZPVResponse" />
+ <fault message="szr:SZRException" name="SZRException" />
+ </operation>
+ <operation name="GetBPKFromStammzahlEncrypted">
+ <input message="szr:GetBPKFromStammzahlEncryptedRequest" name="GetBPKFromStammzahlEncryptedRequest" />
+ <output message="szr:GetBPKFromStammzahlEncryptedResponse" name="GetBPKFromStammzahlEncryptedResponse" />
+ <fault message="szr:SZRException" name="SZRException" />
+ </operation>
+ <operation name="ValidateIdentityLink">
+ <input message="szr:ValidateIdentityLinkRequest" name="ValidateIdentityLinkRequest" />
+ <output message="szr:ValidateIdentityLinkResponse" name="ValidateIdentityLinkResponse" />
+ <fault message="szr:SZRException" name="SZRException" />
+ </operation>
+ <operation name="TransformBPK">
+ <input message="szr:TransformBPKRequest" name="TransformBPKRequest" />
+ <output message="szr:TransformBPKResponse" name="TransformBPKResponse" />
+ <fault message="szr:SZRException" name="SZRException" />
+ </operation>
+ <operation name="GetVKZPermission">
+ <input message="szr:GetVKZPermissionRequest" name="GetVKZPermissionRequest" />
+ <output message="szr:GetVKZPermissionResponse" name="GetVKZPermissionResponse" />
+ <fault message="szr:SZRException" name="SZRException" />
+ </operation>
+ <operation name="BPKzuBasiszahl">
+ <input message="szr:BPKzuBasiszahlRequest" name="BPKzuBasiszahlRequest" />
+ <output message="szr:BPKzuBasiszahlResponse" name="BPKzuBasiszahlResponse" />
+ <fault message="szr:SZRException" name="SZRException" />
+ </operation>
+ <operation name="BasiszahlZuBPK">
+ <input message="szr:BasiszahlZuBPKRequest" name="BasiszahlZuBPKRequest" />
+ <output message="szr:BasiszahlZuBPKResponse" name="BasiszahlZuBPKResponse" />
+ <fault message="szr:SZRException" name="SZRException" />
+ </operation>
+ <operation name="ZMRAnwendungsIntegration">
+ <input message="szr:ZMRAnwendungsIntegrationRequest" name="ZMRAnwendungsIntegrationRequest" />
+ <output message="szr:ZMRAnwendungsIntegrationResponse" name="ZMRAnwendungsIntegrationResponse" />
+ <fault message="szr:SZRException" name="SZRException" />
+ </operation>
+ <operation name="GetStammzahl">
+ <input message="szr:GetStammzahlRequest" name="GetStammzahlRequest" />
+ <output message="szr:GetStammzahlResponse" name="GetStammzahlResponse" />
+ <fault message="szr:SZRException" name="SZRException" />
+ </operation>
+ <operation name="GetStammzahlEncrypted">
+ <input message="szr:GetStammzahlEncryptedRequest" name="GetStammzahlEncryptedRequest" />
+ <output message="szr:GetStammzahlEncryptedResponse" name="GetStammzahlEncryptedResponse" />
+ <fault message="szr:SZRException" name="SZRException" />
+ </operation>
+ <operation name="GetVersion">
+ <input message="szr:GetVersionRequest" name="GetVersionRequest" />
+ <output message="szr:GetVersionResponse" name="GetVersionResponse" />
+ <fault message="szr:SZRException" name="SZRException" />
+ </operation>
+ </portType>
+ <binding name="SZRSoapBinding" type="szr:SZR">
+ <wsdlsoap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
+ <operation name="GetIdentityLink">
+ <wsdlsoap:operation soapAction="" />
+ <input name="GetIdentityLinkRequest">
+ <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+ <wsdlsoap:body use="literal" />
+ </input>
+ <output name="GetIdentityLinkResponse">
+ <wsdlsoap:body use="literal" />
+ </output>
+ <fault name="SZRException">
+ <wsdlsoap:fault name="SZRException" use="literal" />
+ </fault>
+ </operation>
+ <operation name="GetBPK">
+ <wsdlsoap:operation soapAction="" />
+ <input name="GetBPKRequest">
+ <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+ <wsdlsoap:body use="literal" />
+ </input>
+ <output name="GetBPKResponse">
+ <wsdlsoap:body use="literal" />
+ </output>
+ <fault name="SZRException">
+ <wsdlsoap:fault name="SZRException" use="literal" />
+ </fault>
+ </operation>
+ <operation name="GetBPKs">
+ <wsdlsoap:operation soapAction="" />
+ <input name="GetBPKsRequest">
+ <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+ <wsdlsoap:body use="literal" />
+ </input>
+ <output name="GetBPKsResponse">
+ <wsdlsoap:body use="literal" />
+ </output>
+ <fault name="SZRException">
+ <wsdlsoap:fault name="SZRException" use="literal" />
+ </fault>
+ </operation>
+ <operation name="GetBPKKombi">
+ <wsdlsoap:operation soapAction="" />
+ <input name="GetBPKKombiRequest">
+ <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+ <wsdlsoap:body use="literal" />
+ </input>
+ <output name="GetBPKKombiResponse">
+ <wsdlsoap:body use="literal" />
+ </output>
+ <fault name="SZRException">
+ <wsdlsoap:fault name="SZRException" use="literal" />
+ </fault>
+ </operation>
+ <operation name="GetBPKZPV">
+ <wsdlsoap:operation soapAction="" />
+ <input name="GetBPKZPVRequest">
+ <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+ <wsdlsoap:body use="literal" />
+ </input>
+ <output name="GetBPKZPVResponse">
+ <wsdlsoap:body use="literal" />
+ </output>
+ <fault name="SZRException">
+ <wsdlsoap:fault name="SZRException" use="literal" />
+ </fault>
+ </operation>
+ <operation name="GetBPKFromStammzahlEncrypted">
+ <wsdlsoap:operation soapAction="" />
+ <input name="GetBPKFromStammzahlEncryptedRequest">
+ <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+ <wsdlsoap:body use="literal" />
+ </input>
+ <output name="GetBPKFromStammzahlEncryptedResponse">
+ <wsdlsoap:body use="literal" />
+ </output>
+ <fault name="SZRException">
+ <wsdlsoap:fault name="SZRException" use="literal" />
+ </fault>
+ </operation>
+ <operation name="GetVKZPermission">
+ <wsdlsoap:operation soapAction="" />
+ <input name="GetVKZPermissionRequest">
+ <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+ <wsdlsoap:body use="literal" />
+ </input>
+ <output name="GetVKZPermissionResponse">
+ <wsdlsoap:body use="literal" />
+ </output>
+ <fault name="SZRException">
+ <wsdlsoap:fault name="SZRException" use="literal" />
+ </fault>
+ </operation>
+ <operation name="ValidateIdentityLink">
+ <wsdlsoap:operation soapAction="" />
+ <input name="ValidateIdentityLinkRequest">
+ <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+ <wsdlsoap:body use="literal" />
+ </input>
+ <output name="ValidateIdentityLinkResponse">
+ <wsdlsoap:body use="literal" />
+ </output>
+ <fault name="SZRException">
+ <wsdlsoap:fault name="SZRException" use="literal" />
+ </fault>
+ </operation>
+ <operation name="TransformBPK">
+ <wsdlsoap:operation soapAction="" />
+ <input name="TransformBPKRequest">
+ <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+ <wsdlsoap:body use="literal" />
+ </input>
+ <output name="TransformBPKResponse">
+ <wsdlsoap:body use="literal" />
+ </output>
+ <fault name="SZRException">
+ <wsdlsoap:fault name="SZRException" use="literal" />
+ </fault>
+ </operation>
+ <operation name="BPKzuBasiszahl">
+ <wsdlsoap:operation soapAction="" />
+ <input name="BPKzuBasiszahlRequest">
+ <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+ <wsdlsoap:body use="literal" />
+ </input>
+ <output name="BPKzuBasiszahlResponse">
+ <wsdlsoap:body use="literal" />
+ </output>
+ <fault name="SZRException">
+ <wsdlsoap:fault name="SZRException" use="literal" />
+ </fault>
+ </operation>
+ <operation name="BasiszahlZuBPK">
+ <wsdlsoap:operation soapAction="" />
+ <input name="BasiszahlZuBPKRequest">
+ <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+ <wsdlsoap:body use="literal" />
+ </input>
+ <output name="BasiszahlZuBPKResponse">
+ <wsdlsoap:body use="literal" />
+ </output>
+ <fault name="SZRException">
+ <wsdlsoap:fault name="SZRException" use="literal" />
+ </fault>
+ </operation>
+ <operation name="ZMRAnwendungsIntegration">
+ <wsdlsoap:operation soapAction="" />
+ <input name="ZMRAnwendungsIntegrationRequest">
+ <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+ <wsdlsoap:body use="literal" />
+ </input>
+ <output name="ZMRAnwendungsIntegrationResponse">
+ <wsdlsoap:body use="literal" />
+ </output>
+ <fault name="SZRException">
+ <wsdlsoap:fault name="SZRException" use="literal" />
+ </fault>
+ </operation>
+ <operation name="GetStammzahl">
+ <wsdlsoap:operation soapAction="" />
+ <input name="GetStammzahlRequest">
+ <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+ <wsdlsoap:body use="literal" />
+ </input>
+ <output name="GetStammzahlResponse">
+ <wsdlsoap:body use="literal" />
+ </output>
+ <fault name="SZRException">
+ <wsdlsoap:fault name="SZRException" use="literal" />
+ </fault>
+ </operation>
+ <operation name="GetStammzahlEncrypted">
+ <wsdlsoap:operation soapAction="" />
+ <input name="GetStammzahlEncryptedRequest">
+ <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+ <wsdlsoap:body use="literal" />
+ </input>
+ <output name="GetStammzahlEncryptedResponse">
+ <wsdlsoap:body use="literal" />
+ </output>
+ <fault name="SZRException">
+ <wsdlsoap:fault name="SZRException" use="literal" />
+ </fault>
+ </operation>
+ <operation name="GetVersion">
+ <wsdlsoap:operation soapAction="" />
+ <input name="GetVersionRequest">
+ <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+ <wsdlsoap:body use="literal" />
+ </input>
+ <output name="GetVersionResponse">
+ <wsdlsoap:body use="literal" />
+ </output>
+ <fault name="SZRException">
+ <wsdlsoap:fault name="SZRException" use="literal" />
+ </fault>
+ </operation>
+ </binding>
+ <service name="SZRService">
+ <port binding="szr:SZRSoapBinding" name="SZRBusinesspartnerTestumgebung">
+ <wsdlsoap:address location="https://pvawp.bmi.gv.at/at.gv.bmi.szrsrv-b/services/SZR" />
+ </port>
+ <port binding="szr:SZRSoapBinding" name="SZRTestumgebung">
+ <wsdlsoap:address location="https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services-T/services/SZR" />
+ </port>
+ <port binding="szr:SZRSoapBinding" name="SZRProduktionsumgebung">
+ <wsdlsoap:address location="https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services/services/SZR" />
+ </port>
+ </service>
+</definitions> \ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp1.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp1.xsd
new file mode 100644
index 00000000..09c0b1e3
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp1.xsd
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v2004 rel. 2 U (http://www.xmlspy.com) by BM (Bundeskanzleramt) -->
+<!-- PVP Schema 1.8.10 -->
+<!-- pvpToken wird über das Element <Security> aus der Spezifikation WS-Security in den SOAP-Header eingebunden -->
+<!--erstellt: rainer.hoerbe@bmi.gv.at 2004-04-30 -->
+<!--geändert: rainer.hoerbe@beko.at 2007-04-04: Extensions Points definiert -->
+<xs:schema targetNamespace="http://egov.gv.at/pvp1.xsd" xmlns="http://egov.gv.at/pvp1.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:element name="pvpToken">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="pvpTokenType" />
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+ <xs:complexType name="pvpTokenType">
+ <xs:sequence>
+ <xs:element name="authenticate">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="participantId" type="xs:string" />
+ <xs:element name="gvOuDomain" type="xs:string" minOccurs="0" maxOccurs="1" />
+ <xs:choice>
+ <xs:element name="userPrincipal">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="pvpPrincipalType">
+ <xs:sequence>
+ <xs:element name="gvGid" type="xs:string" />
+ <xs:element name="mail" type="xs:string" minOccurs="0" maxOccurs="1" />
+ <xs:element name="tel" type="xs:string" minOccurs="0" maxOccurs="1" />
+ <xs:element name="bpk" type="xs:string" minOccurs="0" maxOccurs="1" />
+ <xs:element name="gvFunction" type="xs:string" minOccurs="0" maxOccurs="1" />
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="systemPrincipal" type="pvpPrincipalType" />
+ </xs:choice>
+ <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
+ <xs:annotation>
+ <xs:documentation>additional authentication properties</xs:documentation>
+ </xs:annotation>
+ </xs:any>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="authorize" minOccurs="0" maxOccurs="1">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:sequence minOccurs="0">
+ <xs:element name="gvOuId" type="xs:string" />
+ <xs:element name="ou" type="xs:string" />
+ </xs:sequence>
+ <xs:element name="role" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ <xs:attribute name="value" type="xs:string" use="required" />
+ </xs:complexType>
+ </xs:element>
+ <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
+ <xs:annotation>
+ <xs:documentation>additional authorization properties</xs:documentation>
+ </xs:annotation>
+ </xs:any>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="accounting" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:any processContents="skip" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="pvpChainedToken" type="pvpTokenType" minOccurs="0" />
+ <xs:element name="pvpExtension" block="extension" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ <xs:attribute name="version" type="gvVersionType" use="required" />
+ <xs:anyAttribute namespace="##any" processContents="lax" />
+ </xs:complexType>
+ <xs:complexType name="pvpPrincipalType">
+ <xs:sequence>
+ <xs:element name="userId" type="xs:string" />
+ <xs:element name="cn" type="xs:string" />
+ <xs:element name="gvOuId" type="xs:string" />
+ <xs:element name="ou" type="xs:string" />
+ <xs:element name="gvOuOKZ" type="xs:string" minOccurs="0" /> <!-- steht auch in der pvp doku, fehlt aber im normalen pvp1.xsd -->
+ <xs:element name="gvSecClass" type="gvSecClassType" minOccurs="0" />
+ <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
+ <xs:annotation>
+ <xs:documentation>additional principal attributes</xs:documentation>
+ </xs:annotation>
+ </xs:any>
+ </xs:sequence>
+ <xs:anyAttribute namespace="##any" processContents="lax" />
+ </xs:complexType>
+ <xs:simpleType name="gvSecClassType">
+ <xs:restriction base="xs:integer">
+ <xs:enumeration value="0" />
+ <xs:enumeration value="1" />
+ <xs:enumeration value="2" />
+ <xs:enumeration value="3" />
+ </xs:restriction>
+ </xs:simpleType>
+ <xs:simpleType name="gvVersionType">
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="1.0" />
+ <xs:enumeration value="1.1" />
+ <xs:enumeration value="1.2" />
+ <xs:enumeration value="1.8" />
+ <xs:enumeration value="1.9" />
+ </xs:restriction>
+ </xs:simpleType>
+ <xs:simpleType name="logLevelType">
+ <xs:restriction base="xs:integer">
+ <xs:enumeration value="0" />
+ <xs:enumeration value="1" />
+ <xs:enumeration value="2" />
+ <xs:enumeration value="3" />
+ <xs:enumeration value="4" />
+ <xs:enumeration value="5" />
+ </xs:restriction>
+ </xs:simpleType>
+</xs:schema>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/templates/eidas_node_forward.html b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/templates/eidas_node_forward.html
new file mode 100644
index 00000000..85e1d18f
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/templates/eidas_node_forward.html
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+<head>
+ <script src="$contextPath/autocommit.js"></script>
+</head>
+<body>
+ <noscript>
+ <p>
+ <strong>Note:</strong> Since your browser does not support
+ JavaScript, you must press the Continue button once to proceed.
+ </p>
+ </noscript>
+
+ <div id="alert">Your login is being processed. Thank you for
+ waiting.</div>
+
+ <form action="${endPoint}" method="post" target="_parent">
+ <div>
+ <input type="hidden" name="${tokenName}" value="${tokenValue}" />
+ </div>
+ <noscript>
+ <div>
+ <p>Your browser does not support JavaScript. Click the button to continuing the process .</p>
+ <input type="submit" value="Continue" />
+ </div>
+ </noscript>
+ </form>
+
+</body>
+</html> \ No newline at end of file