diff options
74 files changed, 6666 insertions, 598 deletions
diff --git a/connector/pom.xml b/connector/pom.xml index a461ab79..9f1e6c50 100644 --- a/connector/pom.xml +++ b/connector/pom.xml @@ -9,19 +9,23 @@ <groupId>at.gv.egiz.eidas.ms_specific</groupId> <artifactId>ms_specific_connector</artifactId> - <packaging>war</packaging> <version>${egiz.eidas.version}</version> + <packaging>war</packaging> <name>Connector Maven Webapp</name> <url>http://maven.apache.org</url> <dependencies> - <!-- Web application --> + <!-- Web application --> - <dependency> + <dependency> <groupId>at.gv.egiz.components</groupId> <artifactId>egiz-spring-api</artifactId> </dependency> <dependency> + <groupId>at.gv.egiz.components</groupId> + <artifactId>eventlog-slf4j</artifactId> + </dependency> + <dependency> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf-core</artifactId> </dependency> @@ -33,8 +37,16 @@ <groupId>org.slf4j</groupId> <artifactId>log4j-over-slf4j</artifactId> </exclusion> - </exclusions> - </dependency> + </exclusions> + </dependency> + <dependency> + <groupId>at.gv.egiz.eidas.ms_specific</groupId> + <artifactId>connector_lib</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eidas.ms_specific.modules</groupId> + <artifactId>authmodule-eIDAS-v2</artifactId> + </dependency> <!-- Third party libs --> <dependency> @@ -49,7 +61,10 @@ <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> </dependency> - + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-collections4</artifactId> + </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> @@ -63,6 +78,12 @@ <artifactId>junit</artifactId> <scope>test</scope> </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + </dependencies> <build> <finalName>ms_connector</finalName> @@ -82,7 +103,6 @@ <artifactId>maven-surefire-plugin</artifactId> <configuration> <threadCount>1</threadCount> - <argLine>--add-modules java.xml.bind</argLine> </configuration> <dependencies> <dependency> diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/MSSpecificeIDASNodeSpringResourceProvider.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/MSSpecificeIDASNodeSpringResourceProvider.java index f64b6073..6dacc33b 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/MSSpecificeIDASNodeSpringResourceProvider.java +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/MSSpecificeIDASNodeSpringResourceProvider.java @@ -12,7 +12,8 @@ public class MSSpecificeIDASNodeSpringResourceProvider implements SpringResource @Override public Resource[] getResourcesToLoad() { ClassPathResource mseIDASNode = new ClassPathResource("/specific_eIDAS_connector.beans.xml", MSSpecificeIDASNodeSpringResourceProvider.class); - return new Resource[] {mseIDASNode}; + ClassPathResource mseIDASNodeStorage = new ClassPathResource("/specific_eIDAS_connector.storage.beans.xml", MSSpecificeIDASNodeSpringResourceProvider.class); + return new Resource[] {mseIDASNode, mseIDASNodeStorage}; } @Override diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/SpringInitializer.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/SpringInitializer.java index d5c2632c..0e115ad0 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/SpringInitializer.java +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/SpringInitializer.java @@ -25,6 +25,9 @@ import org.springframework.web.context.support.ServletContextResource; import org.springframework.web.servlet.DispatcherServlet; import at.gv.egiz.components.spring.api.SpringLoader; +import at.gv.egiz.eaaf.core.api.IStatusMessenger; +import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap; /** @@ -134,11 +137,14 @@ public class SpringInitializer implements WebApplicationInitializer { log.info("=============== Register RequestContextListener! ==============="); servletContext.addListener(new RequestContextListener()); - //TODO: integrate message provider!!!! - //log.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); + //initialize status messenger + LogMessageProviderFactory.setStatusMessager(rootContext.getBean(IStatusMessenger.class)); log.info("Bootstrap openSAML .... "); EAAFDefaultSAML2Bootstrap.bootstrap(); + + log.info("Seed random number generator ... "); + Random.seedRandom(); log.info("Initialization of MS-specific eIDAS-connector finished."); diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/builder/AuthenticationDataBuilder.java index 775e36f2..34f964fb 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/builder/AuthenticationDataBuilder.java @@ -2,6 +2,8 @@ *******************************************************************************/ package at.gv.egiz.eidas.specific.connector.builder; +import java.util.Date; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; @@ -20,6 +22,7 @@ import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants; @Service("AuthenticationDataBuilder") public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder { @@ -28,27 +31,37 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @Override public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException { - IAuthProcessDataContainer authProcessData = new AuthProcessDataWrapper(pendingReq.genericFullDataStorage()); + IAuthProcessDataContainer authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); AuthenticationData authData = new AuthenticationData(); try { generateBasicAuthData(authData, pendingReq, authProcessData); + //set specific informations + authData.setSsoSessionValidTo(new Date(new Date().getTime() + + MSeIDASNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + } catch (EAAFBuilderException | EAAFParserException | EAAFConfigurationException | XPathException | DOMException e) { log.warn("Can not build authentication data from auth. process information"); - throw new EAAFAuthenticationException("TODO", new Object[]{}, - "Can not build authentication data from auth. process information", e); + throw new EAAFAuthenticationException("builder.11", new Object[]{e.getMessage()}, e); } + return authData; - - - return null; } @Override + protected Pair<String, String> buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) throws EAAFBuilderException { + //TODO: check if bPK already exists + + + return super.buildOAspecificbPK(pendingReq, authData); + + } + + @Override protected Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthProcessDataContainer arg0, AuthenticationData arg1, ISPConfiguration arg2) throws EAAFBuilderException { return null; diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/builder/PVPSubjectNameGenerator.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/builder/PVPSubjectNameGenerator.java index d640539a..1435dd96 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/builder/PVPSubjectNameGenerator.java +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/builder/PVPSubjectNameGenerator.java @@ -12,7 +12,6 @@ public class PVPSubjectNameGenerator implements ISubjectNameIdGenerator { @Override public Pair<String, String> generateSubjectNameId(IAuthData authData, ISPConfiguration spConfig) throws PVP2Exception { - //TODO: maybe update return Pair.newInstance(authData.getBPK(), authData.getBPKType()); } diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/PVPEndPointConfiguration.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/PVPEndPointConfiguration.java index 21e46e10..3a7bf379 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/PVPEndPointConfiguration.java +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/PVPEndPointConfiguration.java @@ -49,13 +49,11 @@ public class PVPEndPointConfiguration implements IPVP2BasicConfiguration { @Override public List<ContactPerson> getIDPContacts() throws EAAFException { - // TODO Auto-generated method stub return null; } @Override public Organization getIDPOrganisation() throws EAAFException { - // TODO Auto-generated method stub return null; } diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/logger/RevisionLogger.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/logger/RevisionLogger.java new file mode 100644 index 00000000..a4eaf9c4 --- /dev/null +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/logger/RevisionLogger.java @@ -0,0 +1,66 @@ +package at.gv.egiz.eidas.specific.connector.logger; + +import java.util.Date; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.eventlog.api.Event; +import at.gv.egiz.components.eventlog.api.EventLogFactory; +import at.gv.egiz.components.eventlog.api.EventLoggingException; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; + +public class RevisionLogger extends EventLogFactory implements IRevisionLogger { + private static final Logger log = LoggerFactory.getLogger(RevisionLogger.class); + + @Override + public void logEvent(ISPConfiguration oaConfig, int eventCode, String message) { + logEvent(createNewEvent(new Date().getTime(), eventCode, message)); + + } + + @Override + public void logEvent(IRequest pendingRequest, int eventCode) { + logEvent(createNewEvent(new Date().getTime(), eventCode, + pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier())); + + } + + @Override + public void logEvent(IRequest pendingRequest, int eventCode, String message) { + logEvent(createNewEvent(new Date().getTime(), eventCode, message, + pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier())); + + } + + @Override + public void logEvent(int eventCode, String message) { + logEvent(createNewEvent(new Date().getTime(), eventCode, message)); + + } + + @Override + public void logEvent(String sessionID, String transactionID, int eventCode, String message) { + logEvent(createNewEvent(new Date().getTime(), eventCode, message, sessionID, transactionID)); + + } + + @Override + public void logEvent(String sessionID, String transactionID, int eventCode) { + logEvent(createNewEvent(new Date().getTime(), eventCode, sessionID, transactionID)); + + } + + private void logEvent(Event event) { + try { + getEventLog().logEvent(event); + + } catch (EventLoggingException e) { + log.warn("Event logging FAILED! Reason: " + e.getMessage()); + + } + + } +} diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/logger/StatisticLogger.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/logger/StatisticLogger.java new file mode 100644 index 00000000..ac4bca73 --- /dev/null +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/logger/StatisticLogger.java @@ -0,0 +1,116 @@ +package at.gv.egiz.eidas.specific.connector.logger; + +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants; + +public class StatisticLogger implements IStatisticLogger { + + private static final Logger log = LoggerFactory.getLogger(StatisticLogger.class); + + private static final String DATEFORMATER = "yyyy.MM.dd-HH:mm:ss+z"; + private static final String STATUS_SUCCESS = "success"; + private static final String STATUS_ERROR = "error"; + + @Override + public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession) { + log.info(buildLogMessage( + protocolRequest.getUniqueTransactionIdentifier(), + protocolRequest.getSPEntityId(), + protocolRequest.getRawData(MSeIDASNodeConstants.DATA_REQUESTERID), + protocolRequest.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), + authData.getCiticenCountryCode(), + STATUS_SUCCESS , + StringUtils.EMPTY, + StringUtils.EMPTY)); + + + } + + @Override + public void logErrorOperation(Throwable throwable) { + String errorId = "TODO"; + if (throwable instanceof EAAFException) + errorId = ((EAAFException) throwable).getErrorId(); + + log.info(buildLogMessage( + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + STATUS_ERROR, + errorId, + throwable.getMessage())); + + + } + + @Override + public void logErrorOperation(Throwable throwable, IRequest errorRequest) { + String errorId = "TODO"; + if (throwable instanceof EAAFException) + errorId = ((EAAFException) throwable).getErrorId(); + + if (errorRequest != null) + log.info(buildLogMessage( + errorRequest.getUniqueTransactionIdentifier(), + errorRequest.getSPEntityId(), + errorRequest.getRawData(MSeIDASNodeConstants.DATA_REQUESTERID), + errorRequest.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), + StringUtils.EMPTY, + STATUS_ERROR, + errorId, + throwable.getMessage())); + + else + log.info(buildLogMessage( + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + STATUS_ERROR, + errorId, + throwable.getMessage())); + + } + + @Override + public void internalTesting() throws Exception { + log.trace("Not implemented for a File-based logger"); + + } + + private String buildLogMessage(String tId, String moaIDEntityId, Object requesterId, String target, String cc, + String status, String errorCode, String errorMsg) { + String logMsg = StringUtils.EMPTY; + + //data,tId,MOAID-Id,SP-Id,bPKTarget,CC,status,error-code,error-msg + + logMsg += DateTime.now().toString(DATEFORMATER ) + ","; + logMsg += tId + ","; + logMsg += moaIDEntityId + ","; + + if (requesterId instanceof String && StringUtils.isNotEmpty((String)requesterId)) + logMsg += (String)requesterId + ","; + else + logMsg += StringUtils.EMPTY + ","; + + logMsg += target + ","; + logMsg += cc + ","; + + logMsg += status + ","; + logMsg += errorCode + ","; + logMsg += errorMsg; + + return logMsg; + } +} diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/mapper/LoALevelMapper.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/mapper/LoALevelMapper.java index 9432931e..80cb6e20 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/mapper/LoALevelMapper.java +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/mapper/LoALevelMapper.java @@ -21,7 +21,7 @@ public class LoALevelMapper implements ILoALevelMapper{ @Override public String mapToeIDASLoA(String LoA) { - if (LoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) + if (LoA.startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) return LoA; else diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java index 1a8e1f6e..3fe7d5a0 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java @@ -15,6 +15,7 @@ import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants; /** * @author tlenz @@ -29,19 +30,27 @@ public class EvaluateCountrySelectionTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { - // set parameter execution context - Enumeration<String> reqParamNames = request.getParameterNames(); - while(reqParamNames.hasMoreElements()) { - String paramName = reqParamNames.nextElement(); - if (StringUtils.isNotEmpty(paramName) && - !EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)) - executionContext.put(paramName, - StringEscapeUtils.escapeHtml(request.getParameter(paramName))); + + String stopAuthFlag = request.getParameter(MSeIDASNodeConstants.REQ_PARAM_STOP_PROCESS); + if (StringUtils.isNotEmpty(stopAuthFlag) && Boolean.parseBoolean(stopAuthFlag)) { + log.info("Authentication process WAS stopped by entity. Stopping auth. process ... "); + pendingReq.setAbortedByUser(true); + pendingReq.setAuthenticated(false); + + } else { + // set parameter execution context + Enumeration<String> reqParamNames = request.getParameterNames(); + while(reqParamNames.hasMoreElements()) { + String paramName = reqParamNames.nextElement(); + if (StringUtils.isNotEmpty(paramName) && + !EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)) + executionContext.put(paramName, + StringEscapeUtils.escapeHtml(request.getParameter(paramName))); + + } + log.info("Country selection finished. Starting auth. process for country ... "); } - - - log.info("Country selection finished. Starting auth. process for country ... "); } catch (Exception e) { log.warn("EvaluateBKUSelectionTask has an internal error", e); diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java index 86895729..6616de88 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java @@ -48,8 +48,7 @@ public class GenerateCountrySelectionFrameTask extends AbstractAuthServletTask { log.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage()); throw new TaskExecutionException(pendingReq, "Can not build GUI. Msg:" + e.getMessage(), - new EAAFException("builder.09", new Object[]{e.getMessage()}, - "Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage(), e)); + new EAAFException("gui.00", new Object[]{e.getMessage()}, e)); } catch (Exception e) { log.warn("FinalizeAuthenticationTask has an internal error", e); diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/PVPMetadataProvider.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/PVPMetadataProvider.java index 57f6e373..475b8407 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/PVPMetadataProvider.java +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/PVPMetadataProvider.java @@ -38,7 +38,16 @@ public class PVPMetadataProvider extends AbstractChainingMetadataProvider{ protected String getMetadataURL(String entityId) throws EAAFConfigurationException { ISPConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId); if (spConfig != null) { - return spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL); + String metadataURL = entityId; + + String metadataURLFromConfig = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL); + if (StringUtils.isNotEmpty(metadataURLFromConfig)) { + log.debug("Use metdataURL from configuration for EntityId: " + entityId); + metadataURL = metadataURLFromConfig; + + } + + return metadataURL; } else log.info("No ServiceProvider with entityId: " + entityId + " in configuration."); diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/StatusMessageProvider.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/StatusMessageProvider.java index 6e3f45cc..4bcc1ee6 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/StatusMessageProvider.java +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/StatusMessageProvider.java @@ -2,29 +2,103 @@ *******************************************************************************/ package at.gv.egiz.eidas.specific.connector.provider; +import java.text.MessageFormat; +import java.util.Locale; +import java.util.MissingResourceException; +import java.util.PropertyResourceBundle; +import java.util.ResourceBundle; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.IStatusMessager; +import at.gv.egiz.eaaf.core.api.IStatusMessenger; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; @Service("StatusMessageProvider") -public class StatusMessageProvider implements IStatusMessager { - +public class StatusMessageProvider implements IStatusMessenger { + private static final Logger log = LoggerFactory.getLogger(StatusMessageProvider.class); + + private static final String ERROR_MESSAGES_UNAVAILABLE = "Error messages can NOT be load from application. Only errorCode: {0} is availabe" ; + private static final String ERROR_NO_MESSAGE = "No errormesseage for error with number.={0}"; + + private static final String ERROR_EXTERNALERROR_CODES_UNAVAILABLE = "External error-codes can NOT be load from application. Only internal errorCode: {0} is availabe" ; + private static final String ERROR_NO_EXTERNALERROR_CODE = "No external error for internal error with number.={0}"; + + //internal messanges + private static final String DEFAULT_MESSAGE_RESOURCES = "resources/properties/id_messages"; + private static final Locale DEFAULT_MESSAGE_LOCALES = new Locale("en", "GB"); + private ResourceBundle messages; + + //external error codes + private static final String DEFAULT_EXTERNALERROR_RESOURCES = "resources/properties/protocol_response_statuscodes"; + private static final Locale DEFAULT_EXTERNALERROR_LOCALES = new Locale("en", "GB"); + private ResourceBundle externalError = null; + @Override public String getMessage(String messageId, Object[] parameters) { - return "NOT IMPLEMENTED YET"; - + // initialize messages + if (messages == null) { + this.messages = PropertyResourceBundle.getBundle( + DEFAULT_MESSAGE_RESOURCES, + DEFAULT_MESSAGE_LOCALES); + + } + + // create the message + if (messages == null) { + return MessageFormat.format(ERROR_MESSAGES_UNAVAILABLE, new Object[] { messageId }); + + } else { + try { + String rawMessage = messages.getString(messageId); + return MessageFormat.format(rawMessage, parameters); + + } catch (MissingResourceException e2) { + return MessageFormat.format(ERROR_NO_MESSAGE, new Object[] { messageId }); + + } + } } @Override public String getResponseErrorCode(Throwable throwable) { - return "NOT IMPLEMENTED YET"; + String errorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; + if (throwable instanceof EAAFException) { + errorCode = ((EAAFException) throwable).getErrorId(); + + } + //TODO: maybe more internal switches are required + + return errorCode; } @Override public String mapInternalErrorToExternalError(String intErrorCode) { - return "NOT IMPLEMENTED YET"; - + // initialize messages + if (externalError == null) { + this.externalError = PropertyResourceBundle.getBundle( + DEFAULT_EXTERNALERROR_RESOURCES, + DEFAULT_EXTERNALERROR_LOCALES); + + } + + // create the message + if (externalError == null) { + log.warn(MessageFormat.format(ERROR_EXTERNALERROR_CODES_UNAVAILABLE, new Object[] { intErrorCode })); + return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; + + } else { + try { + return externalError.getString(intErrorCode); + + } catch (MissingResourceException e2) { + log.info(MessageFormat.format(ERROR_NO_EXTERNALERROR_CODE, new Object[] { intErrorCode })); + return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; + + } + } } } diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/storage/CacheWitheIDASBackend.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/storage/CacheWitheIDASBackend.java new file mode 100644 index 00000000..7a62eca4 --- /dev/null +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/storage/CacheWitheIDASBackend.java @@ -0,0 +1,33 @@ +package at.gv.egiz.eidas.specific.connector.storage; + +import java.util.ArrayList; +import java.util.Date; +import java.util.Iterator; +import java.util.List; + +import eu.eidas.auth.commons.cache.ConcurrentMapService; +import eu.eidas.auth.commons.tx.AbstractCorrelationMap; + +public class CacheWitheIDASBackend extends AbstractCorrelationMap<TransactionStoreElement> { + + protected CacheWitheIDASBackend(ConcurrentMapService concurrentMapService) { + super(concurrentMapService); + } + + public List<String> clean(Date now, long dataTimeOut) { + List<String> result = new ArrayList<String>(); + Iterator<String> iterator = map.keySet().iterator(); + while (iterator.hasNext()) { + String key = iterator.next(); + if (map.containsKey(key)) { + TransactionStoreElement element = map.get(key); + if (now.getTime() - element.getCreated().getTime() > dataTimeOut) + result.add(key); + } + } + + return result; + + } + +} diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/storage/SimpleInMemoryTransactionStorage.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/storage/SimpleInMemoryTransactionStorage.java index e4d02dae..57697ef8 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/storage/SimpleInMemoryTransactionStorage.java +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/storage/SimpleInMemoryTransactionStorage.java @@ -26,7 +26,10 @@ public class SimpleInMemoryTransactionStorage implements ITransactionStorage{ @Override public void changeKey(String oldKey, String newKey, Object value) throws EAAFException { if (containsKey(oldKey)) { - + TransactionStoreElement el = storage.get(oldKey); + el.setKey(newKey); + storage.put(newKey, el); + storage.remove(oldKey); } else throw new EAAFStorageException("No element in TransactionStorage with key: " + oldKey); diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/storage/eIDASCacheTransactionStoreDecorator.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/storage/eIDASCacheTransactionStoreDecorator.java new file mode 100644 index 00000000..6bc23073 --- /dev/null +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/storage/eIDASCacheTransactionStoreDecorator.java @@ -0,0 +1,124 @@ +package at.gv.egiz.eidas.specific.connector.storage; + +import java.util.Date; +import java.util.List; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; + +public class eIDASCacheTransactionStoreDecorator implements ITransactionStorage{ + private static final Logger log = LoggerFactory.getLogger(eIDASCacheTransactionStoreDecorator.class); + + @Autowired(required=true) private CacheWitheIDASBackend storage; + + @Override + public void changeKey(String oldKey, String newKey, Object value) throws EAAFException { + if (containsKey(oldKey)) { + TransactionStoreElement el = storage.get(oldKey); + el.setKey(newKey); + storage.put(newKey, el); + storage.remove(oldKey); + + } else + throw new EAAFStorageException("No element in TransactionStorage with key: " + oldKey); + + } + + @Override + public List<String> clean(Date now, long dataTimeOut) { + return storage.clean(now, dataTimeOut); + + } + + @Override + public boolean containsKey(String key) { + if (key != null) { + if (storage.get(key) != null) + return true; + + } + + return false; + + } + + @Override + public Object get(String key) throws EAAFException { + if (key != null && containsKey(key)) { + TransactionStoreElement element = storage.get(key); + return element.getData(); + + } else + return null; + } + + @Override + public <T> T get(String key, Class<T> type) throws EAAFException { + return get(key, type, -1); + + } + + @Override + public <T> T get(String key, Class<T> type, long dataTimeOut) throws EAAFException { + if (key != null && containsKey(key)) { + TransactionStoreElement value = storage.get(key); + + if (dataTimeOut > -1) { + long now = new Date().getTime(); + if (now - value.getCreated().getTime() > dataTimeOut) { + log.info("Transaction-Data with key: " + key + " is out of time."); + throw new EAAFStorageException("Transaction-Data with key: " + key + " is out of time."); + + } + } + + if (type.isAssignableFrom(value.getData().getClass())) { + return (T) value.getData(); + + } else + log.warn("Can NOT cast '" + value.getClass() + "' to '" + type + "'"); + + } + + return null; + } + + @Override + public Object getRaw(String key) throws EAAFException { + return storage.get(key); + + } + + @Override + public void put(String key, Object value, int dataTimeOut) throws EAAFException { + TransactionStoreElement element = new TransactionStoreElement(); + element.setKey(key); + element.setData(value); + storage.put(key, element); + + } + + @Override + public void putRaw(String key, Object value) throws EAAFException { + if (value instanceof TransactionStoreElement) + storage.put(((TransactionStoreElement) value).getKey(), (TransactionStoreElement) value); + else + log.info(value.getClass().getName() + " is NOT a RAW element of " + ITransactionStorage.class.getName()); + + } + + @Override + public void remove(String key) { + if (containsKey(key)) { + log.debug("Remove element with key: " + key + " from " + ITransactionStorage.class.getName()); + storage.remove(key); + + } + } + +} diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/verification/AuthnRequestValidator.java index 1b912ed4..0217eec4 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/verification/AuthnRequestValidator.java +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/verification/AuthnRequestValidator.java @@ -60,11 +60,11 @@ public class AuthnRequestValidator implements IAuthnRequestValidator { String spEntityId = extractScopeRequsterId(authnReq); if (StringUtils.isEmpty(spEntityId)) { log.info("NO service-provider entityID in Authn. request. Stop authn. process ... "); - throw new AuthnRequestValidatorException("TODO", null, - "NO service-provider entityID in Authn. request", pendingReq); + throw new AuthnRequestValidatorException("pvp2.22", + new Object[] {"NO relaying-party entityID in Authn. request"}, pendingReq); } else - pendingReq.setGenericDataToSession(MSeIDASNodeConstants.DATA_REQUESTERID, spEntityId); + pendingReq.setRawDataToTransaction(MSeIDASNodeConstants.DATA_REQUESTERID, spEntityId); //post-process ProviderName @@ -72,17 +72,15 @@ public class AuthnRequestValidator implements IAuthnRequestValidator { if (StringUtils.isEmpty(providerName)) log.info("Authn. request contains NO SP friendlyName"); else - pendingReq.setGenericDataToSession(MSeIDASNodeConstants.DATA_PROVIDERNAME, spEntityId); + pendingReq.setRawDataToTransaction(MSeIDASNodeConstants.DATA_PROVIDERNAME, spEntityId); - //TODO: set to SPConfiguration //post-process requested LoA List<String> reqLoA = extractLoA(authnReq); - pendingReq.setGenericDataToSession(MSeIDASNodeConstants.DATA_REQUESTED_LOA_LIST, reqLoA); - - //TODO: set to SPConfiguration + pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(reqLoA); + //post-process requested LoA comparison-level String reqLoAComperison = extractComparisonLevel(authnReq); - pendingReq.setGenericDataToSession(MSeIDASNodeConstants.DATA_REQUESTED_LOA_COMPERISON, reqLoAComperison); + pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode(reqLoAComperison); //validate and process requested attributes boolean sectorDetected = false; @@ -124,15 +122,13 @@ public class AuthnRequestValidator implements IAuthnRequestValidator { if (!sectorDetected) { log.info("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information."); - throw new AuthnRequestValidatorException("TODO", null, - "Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information."); + throw new AuthnRequestValidatorException("pvp2.22", new Object[] {"NO or NO VALID target-sector information"}); } } catch (EAAFStorageException e) { log.info("Can NOT store Authn. Req. data into pendingRequest." , e); - throw new AuthnRequestValidatorException("TODO", null, - "Can NOT store Authn. Req. data into pendingRequest.", e); + throw new AuthnRequestValidatorException("internal.02", null, e); } @@ -159,9 +155,9 @@ public class AuthnRequestValidator implements IAuthnRequestValidator { } else if (authContext.getAuthnContextClassRefs().size() > 1) { log.info("Authn. Req. contains MORE THAN ONE requested LoA, but " + AuthnContextComparisonTypeEnumeration.MINIMUM + " allows only one" ); - throw new AuthnRequestValidatorException("TODO", null, - "Authn. Req. contains MORE THAN ONE requested LoA, but " - + AuthnContextComparisonTypeEnumeration.MINIMUM + " allows only one"); + throw new AuthnRequestValidatorException("pvp2.22", + new Object[] {"Authn. Req. contains MORE THAN ONE requested LoA, but " + + AuthnContextComparisonTypeEnumeration.MINIMUM + " allows only one"}); } else result.add(authContext.getAuthnContextClassRefs().get(0).getAuthnContextClassRef()); @@ -173,9 +169,9 @@ public class AuthnRequestValidator implements IAuthnRequestValidator { } else { log.info("Currently only '" + AuthnContextComparisonTypeEnumeration.MINIMUM + "' and '" + AuthnContextComparisonTypeEnumeration.EXACT + "' are supported"); - throw new AuthnRequestValidatorException("TODO", null, - "Currently only '" + AuthnContextComparisonTypeEnumeration.MINIMUM + "' and '" - + AuthnContextComparisonTypeEnumeration.EXACT + "' are supported"); + throw new AuthnRequestValidatorException("pvp2.22", + new Object[] {"Currently only '" + AuthnContextComparisonTypeEnumeration.MINIMUM + "' and '" + + AuthnContextComparisonTypeEnumeration.EXACT + "' are supported"}); } diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/verification/MetadataSignatureVerificationFilter.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/verification/MetadataSignatureVerificationFilter.java index d7d75f90..20d419af 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/verification/MetadataSignatureVerificationFilter.java +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/verification/MetadataSignatureVerificationFilter.java @@ -62,11 +62,13 @@ public class MetadataSignatureVerificationFilter extends AbstractMetadataSignatu } else - throw new PVP2MetadataException("Can not open trustStore: " + trustStorePath + " for metadata: " + metadataURL, null); + throw new PVP2MetadataException("pvp2.26", + new Object[] {"Can not open trustStore: " + trustStorePath + " for metadata: " + metadataURL}); } catch (KeyStoreException | IOException e) { log.warn("Can not open trustStore: " + trustStorePath + " for metadata: " + metadataURL + " Reason: " + e.getMessage(), e); - throw new PVP2MetadataException("Can not open trustStore: " + trustStorePath + " for metadata", null, e); + throw new PVP2MetadataException("pvp2.26", + new Object[] {"Can not open trustStore: " + trustStorePath + " for metadata"}, e); } @@ -81,20 +83,23 @@ public class MetadataSignatureVerificationFilter extends AbstractMetadataSignatu } catch (EAAFException e) { log.info("Metadata verification FAILED for: " + metadataURL + " Reason: " +e.getMessage()); - throw new PVP2MetadataException("Metadata verification FAILED for: " + metadataURL + " Reason: " +e.getMessage(), null, e); + throw new PVP2MetadataException("pvp2.26", + new Object[] {"Metadata verification FAILED for: " + metadataURL + " Reason: " +e.getMessage()}, e); } } @Override protected void verify(EntitiesDescriptor desc) throws PVP2MetadataException { - throw new PVP2MetadataException("EntitiesDescritors are NOT supported", null); + throw new PVP2MetadataException("pvp2.26", + new Object[] {"EntitiesDescritors are NOT supported"}); } @Override protected void verify(EntityDescriptor entity, EntitiesDescriptor desc) throws PVP2MetadataException { - throw new PVP2MetadataException("EntitiesDescritors are NOT supported", null); + throw new PVP2MetadataException("pvp2.26", + new Object[] {"EntitiesDescritors are NOT supported"}); } diff --git a/connector/src/main/resources/applicationContext.xml b/connector/src/main/resources/applicationContext.xml index 5ede0b7f..c44c903e 100644 --- a/connector/src/main/resources/applicationContext.xml +++ b/connector/src/main/resources/applicationContext.xml @@ -25,6 +25,8 @@ <bean class="at.gv.egovernment.moa.id.auth.servlet.interceptor.UniqueSessionIdentifierInterceptor" /> </mvc:interceptors> --> + <context:property-placeholder location="${eidas.ms.configuration}"/> + <bean id="BasicMSSpecificNodeConfig" class="at.gv.egiz.eidas.specific.connector.config.BasicConfigurationProvider"> <constructor-arg value="#{systemProperties['eidas.ms.configuration']}"/> diff --git a/connector/src/main/resources/properties/external_statuscodes_map.properties b/connector/src/main/resources/properties/external_statuscodes_map.properties new file mode 100644 index 00000000..45f622c8 --- /dev/null +++ b/connector/src/main/resources/properties/external_statuscodes_map.properties @@ -0,0 +1,71 @@ +eidas.00=1302 +eidas.01=1302 +eidas.02=1301 +eidas.03=1300 +eidas.04=1100 +eidas.05=1302 +eidas.06=1302 +eidas.07=1302 + +config.01=9099 +config.03=9099 +config.18=9099 +config.24=9099 + + +ernb.00=4601 +ernb.01=4601 +ernb.02=4600 + +auth.00=1100 + +auth.21=1005 +auth.26=1100 +auth.28=1100 + +auth.37=1101 +auth.38=1101 +auth.39=1099 + +process.01=9105 +process.02=9104 +process.03=9104 +process.04=9105 + +builder.00=9102 +builder.11=1099 + +parser.01=1101 + +gui.00=9103 + +pvp2.01=6100 +pvp2.02=6100 +pvp2.05=6105 +pvp2.07=6104 +pvp2.09=6199 +pvp2.10=6100 +pvp2.11=6105 +pvp2.12=6105 +pvp2.13=6199 +pvp2.14=6199 +pvp2.15=6103 +pvp2.16=6101 +pvp2.17=6102 +pvp2.20=6103 +pvp2.21=6104 +pvp2.22=6105 +pvp2.23=6105 +pvp2.24=6105 +pvp2.26=6103 +pvp2.27=6199 +pvp2.28=6105 + + +internal.00=9105 +internal.01=9199 +internal.02=9101 +internal.03=9199 +internal.04=9101 + +config.27=9008
\ No newline at end of file diff --git a/connector/src/main/resources/properties/status_messages_en.properties b/connector/src/main/resources/properties/status_messages_en.properties new file mode 100644 index 00000000..7499f99d --- /dev/null +++ b/connector/src/main/resources/properties/status_messages_en.properties @@ -0,0 +1,69 @@ +eidas.00=eIDAS Attribute {0} not found. Can not finish authentication process +eidas.01=NO eIDAS response-message found. Can not finish authentication process +eidas.02=eIDAS response-message contains an error. ErrorCode: {0}, ErrorMsg: {1} +eidas.03=No CitizenCountry available. Can not start eIDAS authentication process +eidas.04=Request contains no sessionToken. Authentication process stops +eidas.05=Received eIDAS response-message is not valid. Reason: {0} +eidas.06=LoA from eIDAS response-message {0} does not match to requested LoA +eidas.07=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1} + +config.01=No configuration-file parameter found. Maybe Java SystemD parameter is missing +config.03=Can not load configuration from path {0} (See logs for more details) +config.18=Configuration file {0} is not available on filesystem +config.24=Configuration file {1} does not start with {0} prefix. + + +ernb.00=Receive no identity-link from SZR +ernb.01=Receive no bPK from SZR +ernb.02=SZR response contains an error. ErrorMsg: {0} + +auth.00=Service provider: {0} is unknown +auth.21=The authentication process was stopped by user +auth.26=No transaction identifier +auth.28=Found no active transaction with Id: {0}. Maybe, the transaction was removed after timeout +auth.37=Requested bPK-Target: {0} does not match allowed targets for service provider: {1} +auth.38=Passive authentication was requested but user as no active session +auth.39=Error: '{0}' in post-processing of authentication data. Can not finish authentication process + +process.01=Can not execute authentication process +process.02=Find no applicable authentication process for transaction with Id: {0} +process.03=Can not resume the authentication process. Reason: {0} +process.04=Can not execute authentication process. Problem with an internal state + +builder.00=Can not generate data structure "{0}": {1} +builder.11=Error: '{0}' in post-processing of authentication data. Can not finish authentication process + +parser.01=Error during eID-data processing. Reason: {0} + +gui.00=Can not build GUI component. Reason: {0} + +pvp2.01=General error during SAML2 response encoding +pvp2.02=SAML2 attribute contains an wrong encoded value +pvp2.05=LoA from SAML2 Authn. request: {0} is not supported +pvp2.07=SAML2 Authn. request contains is not signed +pvp2.09=SAML2 request contains an unsupported operation. (OperationId: {0}) +pvp2.10=SAML2 Attribute: {0} is not available +pvp2.11=SAML2 Binding: {0} is not supported +pvp2.12=SAML2 NameID Format {0} is not supported +pvp2.13=Internal server error during SAML2 processing +pvp2.14=SAML2 authentication not available +pvp2.15=No SAML2 metadata available or metadata processing failed +pvp2.16=Encryption of SAML2 assertion failed +pvp2.17=LoA from SAML2 Authn. request: {1} does not match to authenticated LoA: {0} by using matching-mode: {2} +pvp2.20=SAML2 Authn. request contains an unknown or empty EntityID. +pvp2.21=Signature validation of SAML2 Authn. request failed. Reason: {0} +pvp2.22=Validation of SAML2 Authn. request failed. Reason: {0} +pvp2.23=Validation of SAML2 Authn. request failed. Reason: AssertionConsumerServiceURL {0} is not valid. +pvp2.24=General error during SAML2 Auth. request pre-processing. Reason: {0} +pvp2.26=SAML2 metadata validation failed. Reason: {0} +pvp2.27=General error during SAML2 metadata generation +pvp2.28=Validation of SAML2 Authn. request failed. Reason: AssertionConsumerServiceIndex {0} is not valid. + + +internal.00=The authentication process stops by reason of an internal problem +internal.01=The LogOut process stops by reason of an internal problem +internal.02=Internal error. Can not access data cache. +internal.03=Internal error. Can not initialize a cryptographic method. +internal.04=Internal error. Can not access data cache (Reason: {0}). + +config.27=Configuration parameter processing failed. Reason:{0} diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml index 16a1cae7..275c79b8 100644 --- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml +++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml @@ -17,11 +17,7 @@ <bean id="ProcessEngineSignalController" class="at.gv.egiz.eidas.specific.connector.controller.ProcessEngineSignalController"/> - - - <bean id="SimpleInMemoryTransactionStorage" - class="at.gv.egiz.eidas.specific.connector.storage.SimpleInMemoryTransactionStorage" /> - + <bean id="AuthenticationManager" class="at.gv.egiz.eidas.specific.connector.auth.AuthenticationManager" /> @@ -82,11 +78,11 @@ <bean id="StatusMessageProvider" class="at.gv.egiz.eidas.specific.connector.provider.StatusMessageProvider" /> - <bean id="DummyRevisionLogger" - class="at.gv.egiz.eaaf.core.impl.logging.DummyRevisionsLogger" /> + <bean id="eidasRevisionLogger" + class="at.gv.egiz.eidas.specific.connector.logger.RevisionLogger" /> - <bean id="DummyStatisticLogger" - class="at.gv.egiz.eaaf.core.impl.logging.DummyStatisticLogger" /> + <bean id="eidasStatisticLogger" + class="at.gv.egiz.eidas.specific.connector.logger.StatisticLogger" /> <!-- Tasks --> diff --git a/connector/src/main/resources/specific_eIDAS_connector.storage.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.storage.beans.xml new file mode 100644 index 00000000..be13e0cf --- /dev/null +++ b/connector/src/main/resources/specific_eIDAS_connector.storage.beans.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xmlns:mvc="http://www.springframework.org/schema/mvc" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd + http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> + + <import resource="classpath:specificCommunicationDefinitionApplicationContext.xml"/> + + <bean id="useDistributedMapsSpecificConnector" class="java.lang.String"> + <constructor-arg value="${eidas.ms.context.use.clustermode}"/> + </bean> + + <!-- suffix for some of the beans having two possible implementations - one for development and one for production --> + <bean id="distributedEnvSuffixSpecificConnector" class="java.lang.String"> + <constructor-arg value="#{useDistributedMapsSpecificConnector.toString()=='false'?'Dev':'Prod'}"/> + </bean> + + +<!-- <bean id="SimpleInMemoryTransactionStorage" + class="at.gv.egiz.eidas.specific.connector.storage.SimpleInMemoryTransactionStorage" /> --> + + <bean id="eIDASCacheTransactionStoreDecorator" + class="at.gv.egiz.eidas.specific.connector.storage.eIDASCacheTransactionStoreDecorator"/> + + <bean id="CacheWitheIDASBackend" class="at.gv.egiz.eidas.specific.connector.storage.CacheWitheIDASBackend"> + <constructor-arg ref="springServiceCMapspecificMSSpCorProvider#{distributedEnvSuffixSpecificConnector.toString()}"/> + </bean> + + <bean id="defaultHazelcastInstance" class="java.lang.String"> + <constructor-arg value="eidasHazelcastInstance"/> + </bean> + + <bean id="eidasHazelcastInstanceInitializer" class=" eu.eidas.auth.commons.cache.HazelcastInstanceInitializer" init-method="initializeInstance" lazy-init="true"> + <property name="hazelcastConfigfileName" value="#{eidasConfigRepository}hazelcast.xml"/> + <property name="hazelcastInstanceName" ref="defaultHazelcastInstance"/> + </bean> + + <bean id="springServiceCMapspecificMSSpCorProviderProd" class="eu.eidas.auth.commons.cache.ConcurrentMapServiceDistributedImpl" lazy-init="true"> + <property name="hazelcastInstanceInitializer" ref="eidasHazelcastInstanceInitializer"/> + <property name="cacheName" value="specificSpRequestCorrelationCacheService"/> + </bean> + + <bean id="springServiceCMapspecificMSSpCorProviderDev" class="eu.eidas.auth.commons.cache.ConcurrentMapServiceDefaultImpl"> + <property name="expireAfterAccess" value="1800"/> + <property name="maximumSize" value="1000"/> + </bean> + +</beans>
\ No newline at end of file diff --git a/connector/src/main/webapp/autocommit.js b/connector/src/main/webapp/autocommit.js new file mode 100644 index 00000000..d21a5651 --- /dev/null +++ b/connector/src/main/webapp/autocommit.js @@ -0,0 +1,5 @@ +function autoCommmit() { + document.forms[0].submit(); +} + +document.addEventListener('DOMContentLoaded', autoCommmit);
\ No newline at end of file diff --git a/connector/src/main/webapp/basic.css b/connector/src/main/webapp/basic.css new file mode 100644 index 00000000..4bec163a --- /dev/null +++ b/connector/src/main/webapp/basic.css @@ -0,0 +1,4 @@ +@charset "utf-8"; + .bgTrans { + background-color:transparent + }
\ No newline at end of file diff --git a/connector_lib/pom.xml b/connector_lib/pom.xml new file mode 100644 index 00000000..1506828a --- /dev/null +++ b/connector_lib/pom.xml @@ -0,0 +1,64 @@ +<?xml version="1.0"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>at.gv.egiz.eidas</groupId> + <artifactId>ms_specific</artifactId> + <version>1.x</version> + </parent> + <groupId>at.gv.egiz.eidas.ms_specific</groupId> + <artifactId>connector_lib</artifactId> + <version>${egiz.eidas.version}</version> + <name>ms_specific_connector_lib</name> + <packaging>jar</packaging> + + <url>http://maven.apache.org</url> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + <dependencies> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + </dependency> + + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + </dependencies> + + <build> + <finalName>msConnectorLib</finalName> + + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <configuration> + <source>1.8</source> + <target>1.8</target> + </configuration> + </plugin> + + <!-- enable co-existence of testng and junit --> + <plugin> + <artifactId>maven-surefire-plugin</artifactId> + <configuration> + <threadCount>1</threadCount> + </configuration> + <dependencies> + <dependency> + <groupId>org.apache.maven.surefire</groupId> + <artifactId>surefire-junit47</artifactId> + <version>${surefire.version}</version> + </dependency> + </dependencies> + </plugin> + + </plugins> + </build> + +</project> diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java index 94c77297..968bd3ae 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java +++ b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java @@ -3,10 +3,9 @@ package at.gv.egiz.eidas.specific.connector; import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; public class MSeIDASNodeConstants { - //configuration properties + // ************ configuration properties ************ public static final String PROP_CONFIG_APPLICATION_PREFIX = "eidas.ms."; public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX = "context.url.prefix"; @@ -19,6 +18,8 @@ public class MSeIDASNodeConstants { public static final String PROP_CONFIG_PVP2_KEY_SIGNING_PASSWORD = PROP_CONFIG_PVP2_PREFIX + "key.signing.password"; public static final String PROP_CONFIG_PVP2_METADATA_VALIDITY = PROP_CONFIG_PVP2_PREFIX + "metadata.validity"; + public static final String PROP_CONFIG_SP_VALIDATION_DISABLED = "configuration.sp.disableRegistrationRequirement"; + public static final String PROP_CONFIG_SP_LIST_PREFIX = "sp."; public static final String PROP_CONFIG_SP_UNIQUEIDENTIFIER = EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER; public static final String PROP_CONFIG_SP_FRIENDLYNAME = "friendlyName"; @@ -31,28 +32,38 @@ public class MSeIDASNodeConstants { public static final String PROP_CONFIG_PVP_SCHEME_VALIDATION = "configuration.pvp.scheme.validation"; public static final String PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES = "configuration.pvp.enable.entitycategories"; - //default values - public static final String POLICY_DEFAULT_ALLOWED_TARGETS = - EAAFConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+", "\\\\+") + ".*"; + // ********** default values *************** + + //Default policy for SP-targets requested by MOA-ID to ms-specific eIDAS Connector + public static final String POLICY_DEFAULT_ALLOWED_TARGETS = ".*"; + // EAAFConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+", "\\\\+") + ".*"; + public static final int METADATA_SOCKED_TIMEOUT = 20 * 1000; //20 seconds metadata socked timeout public static final int DEFAULT_PVP_METADATA_VALIDITY = 24; //24 hours + public static final int DEFAULT_PVP_ASSERTION_VALIDITY = 5; //5 minutes + - //application end-points + // ************ application end-points ************* public static final String ENDPOINT_PVP_METADATA = "/pvp/metadata"; public static final String ENDPOINT_PVP_POST = "/pvp/post"; public static final String ENDPOINT_PVP_REDIRECT = "/pvp/redirect"; public static final String ENDPOINT_COUNTRYSELECTION = "/myHomeCountry"; - //paths and templates + + // ************ paths and templates ************ public static final String CLASSPATH_TEMPLATE_DIR = "/templates/"; + public static final String FILESYSTEM_TEMPLATE_DIR = "./templates/"; public static final String TEMPLATE_HTML_ERROR = "error.html"; public static final String TEMPLATE_HTML_PVP_POSTBINDING = "pvp2_post_binding.html"; public static final String TEMPLATE_HTML_COUNTRYSELECTION = "countrySelection.html"; - //execution context and generic data + + // ************ execution context and generic data ************ public static final String REQ_PARAM_SELECTED_COUNTRY = "selectedCountry"; + public static final String REQ_PARAM_STOP_PROCESS = "stopAuthProcess"; + public static final String DATA_REQUESTERID = "req_requesterId"; public static final String DATA_PROVIDERNAME = "req_providerName"; public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/BasicConfigurationProvider.java b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/config/BasicConfigurationProvider.java index b898dfef..b898dfef 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/BasicConfigurationProvider.java +++ b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/config/BasicConfigurationProvider.java diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/ServiceProviderConfiguration.java b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/config/ServiceProviderConfiguration.java index 3d8a3bdd..a742db6a 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/ServiceProviderConfiguration.java +++ b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/config/ServiceProviderConfiguration.java @@ -2,6 +2,8 @@ *******************************************************************************/ package at.gv.egiz.eidas.specific.connector.config; +import java.util.Arrays; +import java.util.List; import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -19,8 +21,9 @@ public class ServiceProviderConfiguration extends SPConfigurationImpl { private static final long serialVersionUID = 1L; private static final Logger log = LoggerFactory.getLogger(ServiceProviderConfiguration.class); - private String minimumLoA = EAAFConstants.EIDAS_QAA_HIGH; + private List<String> minimumLoA = Arrays.asList(EAAFConstants.EIDAS_LOA_HIGH); private String bPKTargetIdentifier; + private String loaMachtingMode = EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM; public ServiceProviderConfiguration(Map<String, String> spConfig, IConfiguration authConfig) { super(spConfig, authConfig); @@ -35,18 +38,36 @@ public class ServiceProviderConfiguration extends SPConfigurationImpl { @Override public boolean hasBaseIdTransferRestriction() { - return isConfigurationValue( - MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION, - true); - + Boolean spConfigPolicy = isConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION); + if (spConfigPolicy != null) + return spConfigPolicy; + + else { + log.trace("SP configuration defines no baseID transfer restriction. Enforce default policy ..."); + for (String el : getTargetsWithNoBaseIdTransferRestriction()) { + if (this.bPKTargetIdentifier != null && this.bPKTargetIdentifier.startsWith(el)) { + log.debug("SP-Target: " + this.bPKTargetIdentifier + " has NO baseID transfer restriction in default policy"); + return false; + + } + } + } + + log.debug("Default-policy defines baseID transfer restriction for SP-Target: " + this.bPKTargetIdentifier); + return true; } @Override - public String getMinimumLevelOfAssurence() { + public List<String> getRequiredLoA() { return minimumLoA; } + public String getLoAMatchingMode() { + return loaMachtingMode; + + } + @Override public String getAreaSpecificTargetIdentifier() { @@ -65,15 +86,30 @@ public class ServiceProviderConfiguration extends SPConfigurationImpl { /** * Set the minimum level of eIDAS authentication for this SP * <br> - * <b>Default:</b> http://eidas.europa.eu/LoA/high or - * - * @param minimumLoA eIDAS LoA URI + * <b>Default:</b> http://eidas.europa.eu/LoA/high + * <br> + * <b>Info:</b> In case of MINIMUM matching-mode, only one entry is allowed + * + * @param minimumLoA eIDAS LoA URIs */ - public void setMinimumLoA(String minimumLoA) { + public void setRequiredLoA(List<String> minimumLoA) { this.minimumLoA = minimumLoA; } + /** + * Set the mode of operation for LoA matching for this SP + * <b> + * <b>Default: minimum</b> + * <br> + * <b>Info:</b> Currently only 'minimum' and 'exact' are supported + * + * @param mode LoA matching mode according to SAML2 core specification + */ + public void setLoAMachtingMode(String mode) { + this.loaMachtingMode = mode; + } + /** * Set the bPK Target for this service provider @@ -95,8 +131,7 @@ public class ServiceProviderConfiguration extends SPConfigurationImpl { } else { log.warn("Requested bPK-target: " + bPKTargetIdentifier + " does NOT match regex pattern."); - throw new EAAFException("TODO", new Object[] {bPKTargetIdentifier}, - "Requested bPK-target: " + bPKTargetIdentifier + " does NOT match regex pattern."); + throw new EAAFException("auth.37", new Object[] {bPKTargetIdentifier, getUniqueIdentifier()}); } diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/gui/DefaultGUIBuilderImpl.java b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/gui/DefaultGUIBuilderImpl.java index e423b09a..7ae0c71c 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/gui/DefaultGUIBuilderImpl.java +++ b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/gui/DefaultGUIBuilderImpl.java @@ -19,8 +19,8 @@ public class DefaultGUIBuilderImpl extends AbstractGUIFormBuilderImpl{ private static final String CLASSPATH_HTMLTEMPLATES_DIR = "templates/"; public DefaultGUIBuilderImpl() throws GUIBuildException { - super(); - + super(); + } @Override diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/gui/GUIBuilderConfigurationFactory.java b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/gui/GUIBuilderConfigurationFactory.java index 8132c063..8132c063 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/gui/GUIBuilderConfigurationFactory.java +++ b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/gui/GUIBuilderConfigurationFactory.java diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/gui/StaticGuiBuilderConfiguration.java b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/gui/StaticGuiBuilderConfiguration.java index 8dd3c580..3a765eb5 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/gui/StaticGuiBuilderConfiguration.java +++ b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/gui/StaticGuiBuilderConfiguration.java @@ -18,16 +18,18 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderConfiguration; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants; -public class StaticGuiBuilderConfiguration extends AbstractGUIFormBuilderConfiguration { +public class StaticGuiBuilderConfiguration extends AbstractGUIFormBuilderConfiguration implements ModifyableGuiBuilderConfiguration { private static final Logger log = LoggerFactory.getLogger(StaticGuiBuilderConfiguration.class); private IRequest pendingReq = null; private IConfiguration basicConfig = null; + Map<String, Object> params = new HashMap<String, Object>(); public StaticGuiBuilderConfiguration(IConfiguration basicConfig, String authURL, String viewName, String formSubmitEndpoint) { super(authURL, viewName, formSubmitEndpoint); @@ -55,7 +57,7 @@ public class StaticGuiBuilderConfiguration extends AbstractGUIFormBuilderConfigu @Override public InputStream getTemplate(String viewName) { - String templateURL = MSeIDASNodeConstants.CLASSPATH_TEMPLATE_DIR + viewName; + String templateURL = MSeIDASNodeConstants.FILESYSTEM_TEMPLATE_DIR + viewName; try { String absURL = FileUtils.makeAbsoluteURL(templateURL, this.basicConfig.getConfigurationRootDirectory()); if (!absURL.startsWith("file:")) { @@ -70,7 +72,8 @@ public class StaticGuiBuilderConfiguration extends AbstractGUIFormBuilderConfigu } catch (MalformedURLException | URISyntaxException | FileNotFoundException e) { - log.warn("Can can build filesytem path to template: " + templateURL, e); + log.info("Can can build filesytem path to template: " + templateURL + + " Reason: " + e.getMessage()); } @@ -78,8 +81,7 @@ public class StaticGuiBuilderConfiguration extends AbstractGUIFormBuilderConfigu } @Override - protected Map<String, Object> getSpecificViewParameters() { - Map<String, Object> params = new HashMap<String, Object>(); + protected Map<String, Object> getSpecificViewParameters() { if (pendingReq != null) { params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getPendingRequestId())); @@ -88,4 +90,16 @@ public class StaticGuiBuilderConfiguration extends AbstractGUIFormBuilderConfigu return params; } + @Override + public void putCustomParameter(String key, String value) { + params.put(key, StringEscapeUtils.escapeHtml(value)); + + } + + @Override + public void putCustomParameterWithOutEscaption(String arg0, Object arg1) { + log.info("Add GUI-Template parameters WITHOUT escaption ARE NOT supported!!!!!"); + + } + } diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index 48a5a249..eef89112 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -3,25 +3,25 @@ <modelVersion>4.0.0</modelVersion> <parent> <groupId>at.gv.egiz.eidas.ms_specific</groupId> - <artifactId>modules</artifactId> + <artifactId>modules</artifactId> <version>1.x</version> </parent> - + <groupId>at.gv.egiz.eidas.ms_specific.modules</groupId> <artifactId>authmodule-eIDAS-v2</artifactId> <name>eIDAS v2 authentication module</name> <version>${egiz.eidas.version}</version> <description>eIDAS module based on eIDAS node reference implementation v2.x</description> <properties> - <eidas-commons.version>2.0.0</eidas-commons.version> - <eidas-light-commons.version>2.0.0</eidas-light-commons.version> - <eidas-specific-communication-definition.version>2.0.0</eidas-specific-communication-definition.version> + <eidas-commons.version>2.1.0</eidas-commons.version> + <eidas-light-commons.version>2.1.0</eidas-light-commons.version> + <eidas-specific-communication-definition.version>2.1.0</eidas-specific-communication-definition.version> </properties> - <profiles> + <profiles> <profile> <id>default</id> - <activation> + <activation> <activeByDefault>true</activeByDefault> </activation> <repositories> @@ -30,8 +30,13 @@ <url>https://demo.egiz.gv.at/int-repo/</url> <releases> <enabled>true</enabled> - </releases> + </releases> </repository> + <repository> + <id>local</id> + <name>local</name> + <url>file:${basedir}/repository</url> + </repository> </repositories> </profile> </profiles> @@ -41,11 +46,18 @@ <groupId>at.gv.egiz.components</groupId> <artifactId>egiz-spring-api</artifactId> </dependency> - + <dependency> + <groupId>at.gv.egiz.eidas.ms_specific</groupId> + <artifactId>connector_lib</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + </dependency> <!-- eIDAS reference implemenation libs --> <dependency> - <groupId>eu.eidas</groupId> + <groupId>eu.eidas</groupId> <artifactId>eidas-commons</artifactId> <version>${eidas-commons.version}</version> <!--scope>provided</scope --> @@ -79,6 +91,14 @@ <artifactId>commons-lang3</artifactId> </dependency> <dependency> + <groupId>com.google.guava</groupId> + <artifactId>guava</artifactId> + </dependency> + <dependency> + <groupId>joda-time</groupId> + <artifactId>joda-time</artifactId> + </dependency> + <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-text</artifactId> </dependency> @@ -87,29 +107,91 @@ <artifactId>spring-webmvc</artifactId> </dependency> <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-frontend-jaxws</artifactId> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-transports-http</artifactId> + </dependency> + <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <scope>provided</scope> </dependency> + + <!-- Testing --> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + </dependencies> <build> <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-compiler-plugin</artifactId> - <configuration> - <source>1.8</source> - <target>1.8</target> - </configuration> - </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <configuration> + <source>1.8</source> + <target>1.8</target> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-codegen-plugin</artifactId> + <dependencies> + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + <version>2.8.1</version> + </dependency> + <dependency> + <groupId>com.sun.xml.bind</groupId> + <artifactId>jaxb-impl</artifactId> + <version>2.2.5</version> + </dependency> + <dependency> + <groupId>com.sun.xml.bind</groupId> + <artifactId>jaxb-xjc</artifactId> + <version>2.2.5</version> + </dependency> + </dependencies> + <executions> + <execution> + <id>generate-sources</id> + <phase>generate-sources</phase> + <configuration> + <sourceRoot>${project.build.directory}/generated/cxf</sourceRoot> + <wsdlOptions> + <wsdlOption> + <wsdl>${basedir}/src/main/resources/szr_client/SZR-1.WSDL</wsdl> + <extraargs> + <extraarg>-verbose </extraarg> + </extraargs> + </wsdlOption> + </wsdlOptions> + </configuration> + <goals> + <goal>wsdl2java</goal> + </goals> + </execution> + </executions> + </plugin> + <!-- enable co-existence of testng and junit --> <plugin> <artifactId>maven-surefire-plugin</artifactId> <configuration> <threadCount>1</threadCount> - <argLine>--add-modules java.xml.bind</argLine> </configuration> <dependencies> <dependency> diff --git a/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-commons/2.0.0/eidas-commons-2.0.0.jar b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-commons/2.0.0/eidas-commons-2.0.0.jar Binary files differnew file mode 100644 index 00000000..bc898684 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-commons/2.0.0/eidas-commons-2.0.0.jar diff --git a/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-commons/2.1.0/eidas-commons-2.1.0.jar b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-commons/2.1.0/eidas-commons-2.1.0.jar Binary files differnew file mode 100644 index 00000000..d9bb91ef --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-commons/2.1.0/eidas-commons-2.1.0.jar diff --git a/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-commons/2.1.0/eidas-commons-2.1.0.pom b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-commons/2.1.0/eidas-commons-2.1.0.pom new file mode 100644 index 00000000..3a50c50b --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-commons/2.1.0/eidas-commons-2.1.0.pom @@ -0,0 +1,102 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + <modelVersion>4.0.0</modelVersion> + <artifactId>eidas-commons</artifactId> + <packaging>${mod.packaging.type}</packaging> + <name>eIDAS Commons</name> + <description> + The EIDASCommons library provides beans, Java Interfaces and utility classes to integrate EidasNode and SAML + Engine. + </description> + <parent> + <groupId>eu.eidas</groupId> + <artifactId>eidas-parent</artifactId> + <version>2.1.0</version> + <relativePath>../EIDAS-Parent/pom.xml</relativePath> + </parent> + <dependencies> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-light-commons</artifactId> + </dependency> + <dependency> + <groupId>joda-time</groupId> + <artifactId>joda-time</artifactId> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + </dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + </dependency> + <!-- Bouncy Castle --> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + </dependency> + <dependency> + <groupId>org.owasp.encoder</groupId> + <artifactId>encoder</artifactId> + </dependency> + <dependency> + <groupId>com.hazelcast</groupId> + <artifactId>hazelcast</artifactId> + </dependency> + <dependency> + <groupId>com.hazelcast</groupId> + <artifactId>hazelcast-wm</artifactId> + </dependency> + <!-- TEST --> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + <scope>test</scope> + </dependency> + </dependencies> + + <build> + <resources> + <resource> + <directory>${project.basedir}/src/main/resources</directory> + </resource> + </resources> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-source-plugin</artifactId> + </plugin> + </plugins> + <testResources> + <testResource> + <directory>src/test/resources</directory> + <includes> + <include>log4j.xml</include> + <include>*.properties</include> + </includes> + </testResource> + </testResources> + </build> + <profiles> + <profile> + <id>metrics</id> + <build> + <plugins> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>cobertura-maven-plugin</artifactId> + </plugin> + </plugins> + </build> + </profile> + </profiles> + <reporting> + <plugins> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>cobertura-maven-plugin</artifactId> + </plugin> + </plugins> + </reporting> +</project> diff --git a/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-light-commons/2.0.0/eidas-light-commons-2.0.0.jar b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-light-commons/2.0.0/eidas-light-commons-2.0.0.jar Binary files differnew file mode 100644 index 00000000..8a344615 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-light-commons/2.0.0/eidas-light-commons-2.0.0.jar diff --git a/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-light-commons/2.1.0/eidas-light-commons-2.1.0.jar b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-light-commons/2.1.0/eidas-light-commons-2.1.0.jar Binary files differnew file mode 100644 index 00000000..ba5ff6ec --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-light-commons/2.1.0/eidas-light-commons-2.1.0.jar diff --git a/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-light-commons/2.1.0/eidas-light-commons-2.1.0.pom b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-light-commons/2.1.0/eidas-light-commons-2.1.0.pom new file mode 100644 index 00000000..37b8c24d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-light-commons/2.1.0/eidas-light-commons-2.1.0.pom @@ -0,0 +1,55 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + <modelVersion>4.0.0</modelVersion> + <artifactId>eidas-light-commons</artifactId> + <packaging>${mod.packaging.type}</packaging> + <name>eIDAS Light Commons</name> + <description> + The EIDASLightCommons library provides Java Interfaces and utility classes to integrate EIDASCommons and eIDAS Specific Communication Definition. + </description> + <parent> + <groupId>eu.eidas</groupId> + <artifactId>eidas-parent</artifactId> + <version>2.1.0</version> + <relativePath>../EIDAS-Parent/pom.xml</relativePath> + </parent> + <dependencies> + <dependency> + <groupId>joda-time</groupId> + <artifactId>joda-time</artifactId> + </dependency> + <dependency> + <groupId>com.ibm.icu</groupId> + <artifactId>icu4j</artifactId> + </dependency> + </dependencies> + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-source-plugin</artifactId> + </plugin> + </plugins> + </build> + <profiles> + <profile> + <id>metrics</id> + <build> + <plugins> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>cobertura-maven-plugin</artifactId> + </plugin> + </plugins> + </build> + </profile> + </profiles> + <reporting> + <plugins> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>cobertura-maven-plugin</artifactId> + </plugin> + </plugins> + </reporting> +</project> diff --git a/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-parent/2.0.0/eidas-parent-2.0.0.pom b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-parent/2.0.0/eidas-parent-2.0.0.pom new file mode 100644 index 00000000..dbe5cd58 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-parent/2.0.0/eidas-parent-2.0.0.pom @@ -0,0 +1,910 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 + http://maven.apache.org/maven-v4_0_0.xsd"> + <modelVersion>4.0.0</modelVersion> + <groupId>eu.eidas</groupId> + <artifactId>eidas-parent</artifactId> + <packaging>pom</packaging> + <name>eIDAS Node Parent</name> + <version>2.0.0</version> + <description> + The EIDAS-Parent provides artifacts versions for Eidas Node components. + </description> + <properties> + <!-- 1) Project properties --> + <proj.name>EIDASParent</proj.name> + <proj.name.eidas>EidasNode</proj.name.eidas> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <app.packaging.type>war</app.packaging.type> + <mod.packaging.type>jar</mod.packaging.type> + <timestamp>${maven.build.timestamp}</timestamp> + <!-- java version targeted in the compile phase --> + <java.version>1.7</java.version> + + <samlspec.version>0.5.2</samlspec.version> + <samlspecacept.version>0.5.1</samlspecacept.version> + + <!-- 2) Library dependency versions --> + <spring.version>4.1.0.RELEASE</spring.version> + <opensaml.not-yet-commons-ssl.version>0.3.9</opensaml.not-yet-commons-ssl.version> + <opensaml.openws.version>1.5.5</opensaml.openws.version> + <opensaml.version>3.3.0</opensaml.version> + <opensaml.api.version>3.3.0</opensaml.api.version> + <!--shibboleth.xmlsupport.version>8.0-SNAPSHOT</shibboleth.xmlsupport.version--> + <shibboleth.xmlsupport.version>7.3.0</shibboleth.xmlsupport.version> + <servlet.version>3.0.1</servlet.version> + <jsp.api>2.0</jsp.api> + <jstl.version>1.1.2</jstl.version> + <apache.taglibs>1.2.5</apache.taglibs> + <jersey.version>1.18</jersey.version> + <jasper.version>6.0.53</jasper.version> + <slf4j.version>1.7.10</slf4j.version> + <logback.version>1.1.2</logback.version> + <mockito.version>1.10.19</mockito.version> + <junit.version>4.12</junit.version> + <hamcrest.version>1.3</hamcrest.version> + <commons.codec>1.9</commons.codec> + <commons.collections>3.2.2</commons.collections> + <commons.io>2.4</commons.io> + <commons.lang>2.6</commons.lang> + <commons.logging>1.1.3</commons.logging> + <commons.httpclient>4.5.5</commons.httpclient> + <commons.httpcore>4.4.9</commons.httpcore> + <commons.lang3>3.1</commons.lang3> + <hazelcast.version>3.2</hazelcast.version> + <bouncycastle.version>1.52</bouncycastle.version> + <owasp.version>1.1.1</owasp.version> + <owasp.dependency-check.version>1.4.0</owasp.dependency-check.version> + <owasp.esapi.version>2.1.0</owasp.esapi.version> + <cglib.version>2.2.2</cglib.version> + <xmlapis.version>1.4.01</xmlapis.version> + <xerces.version>2.11.0</xerces.version> + <xalan.version>2.7.2</xalan.version> + <joda.time.version>2.6</joda.time.version> + <log4j.version>1.2.17</log4j.version> + <log4j.api>2.3</log4j.api> + <xmlunit.version>1.5</xmlunit.version> + <bdr.econnector.version>1.2.2</bdr.econnector.version> + <struts.version>2.3.34</struts.version> + <icu4j.version>55.1</icu4j.version> + <vaadin.version>7.4.2</vaadin.version> + <vaadin.plugin.version>${vaadin.version}</vaadin.plugin.version> + <vaadin-spring.version>1.0.0.beta1</vaadin-spring.version> + <vaadin4spring.version>0.0.5.RELEASE</vaadin4spring.version> + <jetty.plugin.version>9.2.3.v20140905</jetty.plugin.version> + <guava.version>19.0</guava.version> + <jsr305.version>3.0.1</jsr305.version> + <icu4j.version>57.1</icu4j.version> + + <!-- 3) maven plugin versions --> + <javadoc.plugin.version>2.8.1</javadoc.plugin.version> + <compile.plugin.version>2.3.2</compile.plugin.version> + <surefire.plugin.version>2.19.1</surefire.plugin.version> + <war.plugin.version>3.2.0</war.plugin.version> + <ear.plugin.version>2.7</ear.plugin.version> + <resources.plugin.version>2.4</resources.plugin.version> + <cobertura.plugin.version>2.7</cobertura.plugin.version> + <remote.resources.plugin.version>1.5</remote.resources.plugin.version> + <source.plugin.version>2.1.2</source.plugin.version> + <install.plugin.version>2.5.2</install.plugin.version> + <clean.plugin.version>2.6.1</clean.plugin.version> + </properties> + + <dependencyManagement> + <dependencies> + <!-- eIDAS modules --> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>SimpleProtocol</artifactId> + <version>0.0.1-SNAPSHOT</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-commons</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-light-commons</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-configmodule</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-encryption</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-saml-engine</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-updater</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-saml-metadata</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-specific-connector</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-specific-proxyservice</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-specific-communication-definition</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-node</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-sp</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-idp</artifactId> + <version>${project.version}</version> + </dependency> + <!-- Joda --> + <dependency> + <groupId>joda-time</groupId> + <artifactId>joda-time</artifactId> + <version>${joda.time.version}</version> + </dependency> + <!-- SLF4J logging --> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + <version>${slf4j.version}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>jcl-over-slf4j</artifactId> + <version>${slf4j.version}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>log4j-over-slf4j</artifactId> + <version>${slf4j.version}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>jul-to-slf4j</artifactId> + <version>${slf4j.version}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-simple</artifactId> + <version>${slf4j.version}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + <version>${slf4j.version}</version> + </dependency> + <!-- commons-logging --> + <dependency> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + <version>${commons.logging}</version> + </dependency> + <!-- Log4J --> + <dependency> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + <version>${log4j.version}</version> + <exclusions> + <exclusion> + <groupId>javax.jms</groupId> + <artifactId>jms</artifactId> + </exclusion> + <exclusion> + <groupId>com.sun.jdmk</groupId> + <artifactId>jmxtools</artifactId> + </exclusion> + <exclusion> + <groupId>com.sun.jmx</groupId> + <artifactId>jmxri</artifactId> + </exclusion> + <exclusion> + <artifactId>mail</artifactId> + <groupId>javax.mail</groupId> + </exclusion> + </exclusions> + </dependency> + <!-- LogBack --> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + </exclusion> + </exclusions> + </dependency> + <!-- Bouncy Castle --> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + <version>${bouncycastle.version}</version> + <!-- JBoss issue: please keep provided as the default scope for all the components of the project and override it if needed --> + <scope>provided</scope> + </dependency> + <!-- Apache Commons --> + <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + <version>${commons.codec}</version> + </dependency> + <dependency> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + <version>${commons.collections}</version> + </dependency> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> + <version>${commons.httpclient}</version> + <exclusions> + <exclusion> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + </exclusion> + <exclusion> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpcore</artifactId> + <version>${commons.httpcore}</version> + <exclusions> + <exclusion> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + <version>${commons.io}</version> + </dependency> + <dependency> + <groupId>commons-lang</groupId> + <artifactId>commons-lang</artifactId> + <version>${commons.lang}</version> + </dependency> + <dependency> + <groupId>org.owasp.encoder</groupId> + <artifactId>encoder</artifactId> + <version>${owasp.version}</version> + </dependency> + <dependency> + <groupId>org.owasp.encoder</groupId> + <artifactId>encoder-jsp</artifactId> + <version>${owasp.version}</version> + </dependency> + <dependency> + <groupId>org.owasp.esapi</groupId> + <artifactId>esapi</artifactId> + <version>${owasp.esapi.version}</version> + <exclusions> + <exclusion> + <groupId>commons-configuration</groupId> + <artifactId>commons-configuration</artifactId> + </exclusion> + <exclusion> + <groupId>commons-beanutils</groupId> + <artifactId>commons-beanutils-core</artifactId> + </exclusion> + <exclusion> + <groupId>commons-fileupload</groupId> + <artifactId>commons-fileupload</artifactId> + </exclusion> + <exclusion> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + </exclusion> + <exclusion> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + </exclusion> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + <exclusion> + <groupId>xom</groupId> + <artifactId>xom</artifactId> + </exclusion> + <exclusion> + <groupId>org.beanshell</groupId> + <artifactId>bsh-core</artifactId> + </exclusion> + <exclusion> + <groupId>org.owasp.antisamy</groupId> + <artifactId>antisamy</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>com.google.guava</groupId> + <artifactId>guava</artifactId> + <version>${guava.version}</version> + </dependency> + <dependency> + <groupId>com.google.code.findbugs</groupId> + <artifactId>jsr305</artifactId> + <version>${jsr305.version}</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>opensaml-core</artifactId> + <version>${opensaml.version}</version> + <exclusions> + <exclusion> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + </exclusion> + <exclusion> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + </exclusion> + <exclusion> + <groupId>commons-lang</groupId> + <artifactId>commons-lang</artifactId> + </exclusion> + <exclusion> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + </exclusion> + <exclusion> + <groupId>javax.servlet</groupId> + <artifactId>servlet-api</artifactId> + </exclusion> + <exclusion> + <groupId>joda-time</groupId> + <artifactId>joda-time</artifactId> + </exclusion> + <exclusion> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + </exclusion> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.velocity</groupId> + <artifactId>velocity</artifactId> + </exclusion> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + </exclusion> + <exclusion> + <groupId>org.owasp.esapi</groupId> + <artifactId>esapi</artifactId> + </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>jcl-over-slf4j</artifactId> + </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>log4j-over-slf4j</artifactId> + </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>jul-to-slf4j</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>opensaml-saml-api</artifactId> + <version>${opensaml.version}</version> + </dependency> + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>opensaml-saml-impl</artifactId> + <version>${opensaml.version}</version> + </dependency> + <dependency> + <groupId>net.shibboleth.utilities</groupId> + <artifactId>java-support</artifactId> + <version>${shibboleth.xmlsupport.version}</version> + </dependency> + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>opensaml-xmlsec-api</artifactId> + <version>${opensaml.version}</version> + </dependency> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + <version>${servlet.version}</version> + <scope>provided</scope> + </dependency> + <!-- JSP --> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>jsp-api</artifactId> + <version>${jsp.api}</version> + <scope>provided</scope> + </dependency> + <!-- JSTL --> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>jstl</artifactId> + <version>${jstl.version}</version> + </dependency> + <dependency> + <groupId>org.apache.taglibs</groupId> + <artifactId>taglibs-standard-impl</artifactId> + <version>${apache.taglibs}</version> + </dependency> + <dependency> + <groupId>taglibs</groupId> + <artifactId>standard</artifactId> + <version>${jstl.version}</version> + </dependency> + <!-- JavaEE API --> + <dependency> + <groupId>javax</groupId> + <artifactId>javaee-api</artifactId> + <version>7.0</version> + <scope>provided</scope> + </dependency> + <!-- Spring --> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-core</artifactId> + <version>${spring.version}</version> + <exclusions> + <exclusion> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-beans</artifactId> + <version>${spring.version}</version> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-context</artifactId> + <version>${spring.version}</version> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-context-support</artifactId> + <version>${spring.version}</version> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-web</artifactId> + <version>${spring.version}</version> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-aop</artifactId> + <version>${spring.version}</version> + </dependency> + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + <version>${xerces.version}</version> + <exclusions> + <exclusion> + <groupId>xml-apis</groupId> + <artifactId>xml-apis</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>xalan</groupId> + <artifactId>xalan</artifactId> + <version>${xalan.version}</version> + <exclusions> + <exclusion> + <groupId>xml-apis</groupId> + <artifactId>xml-apis</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>xalan</groupId> + <artifactId>serializer</artifactId> + <version>${xalan.version}</version> + <exclusions> + <exclusion><!-- upsets jboss 6 --> + <groupId>xml-apis</groupId> + <artifactId>xml-apis</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>xml-apis</groupId> + <artifactId>xml-apis</artifactId> + <version>${xmlapis.version}</version> + </dependency> + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>opensaml-xmlsec-impl</artifactId> + <version>${opensaml.version}</version> + </dependency> + <!-- Jersey --> + <dependency> + <groupId>com.sun.jersey</groupId> + <artifactId>jersey-server</artifactId> + <version>${jersey.version}</version> + </dependency> + <!-- https://mvnrepository.com/artifact/org.apache.tomcat/jasper-el --> + <dependency> + <groupId>org.apache.tomcat</groupId> + <artifactId>jasper-el</artifactId> + <version>${jasper.version}</version> + </dependency> + <!-- Jersey + Spring --> + <dependency> + <groupId>com.sun.jersey.contribs</groupId> + <artifactId>jersey-spring</artifactId> + <version>${jersey.version}</version> + <exclusions> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-core</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-web</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-beans</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-aop</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-context</artifactId> + </exclusion> + <!-- <exclusion> + <groupId>com.sun.jersey</groupId> + <artifactId>jersey-server</artifactId> + </exclusion>--> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + </exclusion> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + </exclusions> + </dependency> + <!-- HazelCast --> + <dependency> + <groupId>com.hazelcast</groupId> + <artifactId>hazelcast</artifactId> + <version>${hazelcast.version}</version> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + </exclusion> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>com.hazelcast</groupId> + <artifactId>hazelcast-wm</artifactId> + <version>${hazelcast.version}</version> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + </exclusion> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + </exclusions> + </dependency> + <!-- Struts2 --> + <dependency> + <groupId>org.apache.struts</groupId> + <artifactId>struts2-core</artifactId> + <version>${struts.version}</version> + </dependency> + <dependency> + <groupId>cglib</groupId> + <artifactId>cglib-nodep</artifactId> + <version>${cglib.version}</version> + </dependency> + <dependency> + <groupId>cglib</groupId> + <artifactId>cglib</artifactId> + <version>${cglib.version}</version> + </dependency> + <!-- ICU --> + <dependency> + <groupId>com.ibm.icu</groupId> + <artifactId>icu4j</artifactId> + <version>${icu4j.version}</version> + </dependency> + + <!-- UNIT TEST Dependencies --> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <version>${junit.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.hamcrest</groupId> + <artifactId>hamcrest-all</artifactId> + <version>${hamcrest.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.mockito</groupId> + <artifactId>mockito-core</artifactId> + <version>${mockito.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>xmlunit</groupId> + <artifactId>xmlunit</artifactId> + <version>${xmlunit.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <version>${spring.version}</version> + <scope>test</scope> + </dependency> + </dependencies> + </dependencyManagement> + + <dependencies> + <!-- Dependencies in common for all modules --> + <dependency> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + </dependency> + <dependency> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + </dependency> + <dependency> + <groupId>commons-lang</groupId> + <artifactId>commons-lang</artifactId> + </dependency> + <dependency> + <groupId>com.google.guava</groupId> + <artifactId>guava</artifactId> + </dependency> + <dependency> + <groupId>com.google.code.findbugs</groupId> + <artifactId>jsr305</artifactId> + </dependency> + + <!-- UNIT TEST Dependencies in common for all modules --> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <exclusions> + <exclusion> + <artifactId>hamcrest-core</artifactId> + <groupId>org.hamcrest</groupId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.hamcrest</groupId> + <artifactId>hamcrest-all</artifactId> + </dependency> + <dependency> + <groupId>org.mockito</groupId> + <artifactId>mockito-core</artifactId> + <exclusions> + <exclusion> + <artifactId>hamcrest-core</artifactId> + <groupId>org.hamcrest</groupId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>xmlunit</groupId> + <artifactId>xmlunit</artifactId> + </dependency> + </dependencies> + + <build> + <pluginManagement> + <plugins> + + <plugin> + <groupId>com.orctom.mojo</groupId> + <artifactId>was-maven-plugin</artifactId> + <version>1.0.8</version> + <configuration> + <wasHome>c:/pgm/wlp</wasHome> + <applicationName>${proj.name}</applicationName> + <host>localhost</host> + <server>server01</server> + <node>node01</node> + <virtualHost>default_host</virtualHost> + <verbose>true</verbose> + </configuration> + </plugin> + + <plugin> + <groupId>org.apache.tomcat.maven</groupId> + <artifactId>tomcat7-maven-plugin</artifactId> + <version>2.2</version> + <configuration> + <url>http://localhost:8080/manager/text</url> + <server>tomcat</server> + <path>/${proj.name}</path> + <username>admin</username> + <password>admin</password> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-war-plugin</artifactId> + <version>${war.plugin.version}</version> + <configuration> + <webResources> + <resource> + <directory>${project.basedir}/src/main/webapp/WEB-INF</directory> + <filtering>true</filtering> + <targetPath>WEB-INF</targetPath> + <includes> + <include>**/web.xml</include> + </includes> + </resource> + </webResources> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-source-plugin</artifactId> + <version>${source.plugin.version}</version> + <executions> + <execution> + <id>attach-sources</id> + <phase>verify</phase> + <goals> + <goal>jar-no-fork</goal> + </goals> + </execution> + </executions> + </plugin> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>cobertura-maven-plugin</artifactId> + <version>${cobertura.plugin.version}</version> + <configuration> + <formats> + <format>html</format> + <format>xml</format> + </formats> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-resources-plugin</artifactId> + <version>${resources.plugin.version}</version> + </plugin> + <!--plugin> + <groupId>org.owasp</groupId> + <artifactId>dependency-check-maven</artifactId> + <version>${owasp.dependency-check.version}</version> + <configuration> + <failBuildOnCVSS>8</failBuildOnCVSS> + </configuration> + <executions> + <execution> + <goals> + <goal>check</goal> + </goals> + </execution> + </executions> + </plugin--> + </plugins> + </pluginManagement> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <version>${compile.plugin.version}</version> + <configuration> + <source>${java.version}</source> + <target>${java.version}</target> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <version>${surefire.plugin.version}</version> + <configuration> + <skip>false</skip> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-javadoc-plugin</artifactId> + <version>${javadoc.plugin.version}</version> + <configuration> + <detectLinks>true</detectLinks> + </configuration> + </plugin> + </plugins> + </build> + + <modules> + <module>../EIDAS-Light-Commons</module> + <module>../EIDAS-Commons</module> + <module>../EIDAS-ConfigModule</module> + <module>../EIDAS-Encryption</module> + <module>../EIDAS-SAMLEngine</module> + <module>../EIDAS-Metadata</module> + <module>../EIDAS-UPDATER</module> + <module>../EIDAS-SpecificConnector</module> + <module>../EIDAS-SpecificProxyService</module> + <module>../EIDAS-SpecificCommunicationDefinition</module> + <module>../EIDAS-Node</module> + <module>../EIDAS-SP</module> + <module>../EIDAS-IdP-1.0</module> + <module>../EIDAS-SimpleProtocol</module> + </modules> + +</project> diff --git a/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-parent/2.1.0/eidas-parent-2.1.0.pom b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-parent/2.1.0/eidas-parent-2.1.0.pom new file mode 100644 index 00000000..f6d5e3be --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-parent/2.1.0/eidas-parent-2.1.0.pom @@ -0,0 +1,947 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 + http://maven.apache.org/maven-v4_0_0.xsd"> + <modelVersion>4.0.0</modelVersion> + <groupId>eu.eidas</groupId> + <artifactId>eidas-parent</artifactId> + <packaging>pom</packaging> + <name>eIDAS Node Parent</name> + <version>2.1.0</version> + <description> + The EIDAS-Parent provides artifacts versions for Eidas Node components. + </description> + <properties> + <!-- 1) Project properties --> + <proj.name>EIDASParent</proj.name> + <proj.name.eidas>EidasNode</proj.name.eidas> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <app.packaging.type>war</app.packaging.type> + <mod.packaging.type>jar</mod.packaging.type> + <timestamp>${maven.build.timestamp}</timestamp> + <!-- java version targeted in the compile phase --> + <java.version>1.7</java.version> + + <samlspec.version>0.5.2</samlspec.version> + <samlspecacept.version>0.5.1</samlspecacept.version> + + <!-- 2) Library dependency versions --> + <spring.version>4.1.0.RELEASE</spring.version> + <opensaml.not-yet-commons-ssl.version>0.3.9</opensaml.not-yet-commons-ssl.version> + <opensaml.openws.version>1.5.5</opensaml.openws.version> + <opensaml.version>3.3.0</opensaml.version> + <opensaml.api.version>3.3.0</opensaml.api.version> + <!--shibboleth.xmlsupport.version>8.0-SNAPSHOT</shibboleth.xmlsupport.version--> + <shibboleth.xmlsupport.version>7.3.0</shibboleth.xmlsupport.version> + <servlet.version>3.0.1</servlet.version> + <jsp.api>2.0</jsp.api> + <jstl.version>1.1.2</jstl.version> + <apache.taglibs>1.2.5</apache.taglibs> + <jersey.version>1.18</jersey.version> + <jasper.version>6.0.53</jasper.version> + <slf4j.version>1.7.10</slf4j.version> + <logback.version>1.1.2</logback.version> + <mockito.version>1.10.19</mockito.version> + <junit.version>4.12</junit.version> + <hamcrest.version>1.3</hamcrest.version> + <commons.codec>1.9</commons.codec> + <commons.collections>3.2.2</commons.collections> + <commons.io>2.4</commons.io> + <commons.lang>2.6</commons.lang> + <commons.logging>1.1.3</commons.logging> + <commons.httpclient>4.5.5</commons.httpclient> + <commons.httpcore>4.4.9</commons.httpcore> + <commons.lang3>3.1</commons.lang3> + <hazelcast.version>3.2</hazelcast.version> + <bouncycastle.version>1.52</bouncycastle.version> + <owasp.version>1.1.1</owasp.version> + <owasp.dependency-check.version>1.4.0</owasp.dependency-check.version> + <owasp.esapi.version>2.1.0</owasp.esapi.version> + <cglib.version>2.2.2</cglib.version> + <xmlapis.version>1.4.01</xmlapis.version> + <xerces.version>2.11.0</xerces.version> + <xalan.version>2.7.2</xalan.version> + <joda.time.version>2.6</joda.time.version> + <log4j.version>1.2.17</log4j.version> + <log4j.api>2.3</log4j.api> + <xmlunit.version>1.5</xmlunit.version> + <bdr.econnector.version>1.2.2</bdr.econnector.version> + <struts.version>2.3.34</struts.version> + <icu4j.version>55.1</icu4j.version> + <vaadin.version>7.4.2</vaadin.version> + <vaadin.plugin.version>${vaadin.version}</vaadin.plugin.version> + <vaadin-spring.version>1.0.0.beta1</vaadin-spring.version> + <vaadin4spring.version>0.0.5.RELEASE</vaadin4spring.version> + <jetty.plugin.version>9.2.3.v20140905</jetty.plugin.version> + <guava.version>19.0</guava.version> + <jsr305.version>3.0.1</jsr305.version> + <icu4j.version>57.1</icu4j.version> + + <!-- 3) maven plugin versions --> + <javadoc.plugin.version>2.8.1</javadoc.plugin.version> + <compile.plugin.version>2.3.2</compile.plugin.version> + <surefire.plugin.version>2.19.1</surefire.plugin.version> + <war.plugin.version>3.2.0</war.plugin.version> + <ear.plugin.version>2.7</ear.plugin.version> + <resources.plugin.version>2.4</resources.plugin.version> + <cobertura.plugin.version>2.7</cobertura.plugin.version> + <remote.resources.plugin.version>1.5</remote.resources.plugin.version> + <source.plugin.version>2.1.2</source.plugin.version> + <install.plugin.version>2.5.2</install.plugin.version> + <clean.plugin.version>2.6.1</clean.plugin.version> + </properties> + + <dependencyManagement> + <dependencies> + <!-- eIDAS modules --> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>SimpleProtocol</artifactId> + <version>0.0.1-SNAPSHOT</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-commons</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-light-commons</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-configmodule</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-encryption</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-saml-engine</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-updater</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-saml-metadata</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-specific-connector</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-specific-proxyservice</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-specific-communication-definition</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-node</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-sp</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-idp</artifactId> + <version>${project.version}</version> + </dependency> + <!-- Joda --> + <dependency> + <groupId>joda-time</groupId> + <artifactId>joda-time</artifactId> + <version>${joda.time.version}</version> + </dependency> + <!-- SLF4J logging --> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + <version>${slf4j.version}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>jcl-over-slf4j</artifactId> + <version>${slf4j.version}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>log4j-over-slf4j</artifactId> + <version>${slf4j.version}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>jul-to-slf4j</artifactId> + <version>${slf4j.version}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-simple</artifactId> + <version>${slf4j.version}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + <version>${slf4j.version}</version> + </dependency> + <!-- commons-logging --> + <dependency> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + <version>${commons.logging}</version> + </dependency> + <!-- Log4J --> + <dependency> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + <version>${log4j.version}</version> + <exclusions> + <exclusion> + <groupId>javax.jms</groupId> + <artifactId>jms</artifactId> + </exclusion> + <exclusion> + <groupId>com.sun.jdmk</groupId> + <artifactId>jmxtools</artifactId> + </exclusion> + <exclusion> + <groupId>com.sun.jmx</groupId> + <artifactId>jmxri</artifactId> + </exclusion> + <exclusion> + <artifactId>mail</artifactId> + <groupId>javax.mail</groupId> + </exclusion> + </exclusions> + </dependency> + <!-- LogBack --> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + </exclusion> + </exclusions> + </dependency> + <!-- Bouncy Castle --> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + <version>${bouncycastle.version}</version> + <!-- JBoss issue: please keep provided as the default scope for all the components of the project and override it if needed --> + <scope>provided</scope> + </dependency> + <!-- Apache Commons --> + <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + <version>${commons.codec}</version> + </dependency> + <dependency> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + <version>${commons.collections}</version> + </dependency> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> + <version>${commons.httpclient}</version> + <exclusions> + <exclusion> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + </exclusion> + <exclusion> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpcore</artifactId> + <version>${commons.httpcore}</version> + <exclusions> + <exclusion> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + <version>${commons.io}</version> + </dependency> + <dependency> + <groupId>commons-lang</groupId> + <artifactId>commons-lang</artifactId> + <version>${commons.lang}</version> + </dependency> + <dependency> + <groupId>org.owasp.encoder</groupId> + <artifactId>encoder</artifactId> + <version>${owasp.version}</version> + </dependency> + <dependency> + <groupId>org.owasp.encoder</groupId> + <artifactId>encoder-jsp</artifactId> + <version>${owasp.version}</version> + </dependency> + <dependency> + <groupId>org.owasp.esapi</groupId> + <artifactId>esapi</artifactId> + <version>${owasp.esapi.version}</version> + <exclusions> + <exclusion> + <groupId>commons-configuration</groupId> + <artifactId>commons-configuration</artifactId> + </exclusion> + <exclusion> + <groupId>commons-beanutils</groupId> + <artifactId>commons-beanutils-core</artifactId> + </exclusion> + <exclusion> + <groupId>commons-fileupload</groupId> + <artifactId>commons-fileupload</artifactId> + </exclusion> + <exclusion> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + </exclusion> + <exclusion> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + </exclusion> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + <exclusion> + <groupId>xom</groupId> + <artifactId>xom</artifactId> + </exclusion> + <exclusion> + <groupId>org.beanshell</groupId> + <artifactId>bsh-core</artifactId> + </exclusion> + <exclusion> + <groupId>org.owasp.antisamy</groupId> + <artifactId>antisamy</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>com.google.guava</groupId> + <artifactId>guava</artifactId> + <version>${guava.version}</version> + </dependency> + <dependency> + <groupId>com.google.code.findbugs</groupId> + <artifactId>jsr305</artifactId> + <version>${jsr305.version}</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>opensaml-core</artifactId> + <version>${opensaml.version}</version> + <exclusions> + <exclusion> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + </exclusion> + <exclusion> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + </exclusion> + <exclusion> + <groupId>commons-lang</groupId> + <artifactId>commons-lang</artifactId> + </exclusion> + <exclusion> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + </exclusion> + <exclusion> + <groupId>javax.servlet</groupId> + <artifactId>servlet-api</artifactId> + </exclusion> + <exclusion> + <groupId>joda-time</groupId> + <artifactId>joda-time</artifactId> + </exclusion> + <exclusion> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + </exclusion> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.velocity</groupId> + <artifactId>velocity</artifactId> + </exclusion> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + </exclusion> + <exclusion> + <groupId>org.owasp.esapi</groupId> + <artifactId>esapi</artifactId> + </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>jcl-over-slf4j</artifactId> + </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>log4j-over-slf4j</artifactId> + </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>jul-to-slf4j</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>opensaml-saml-api</artifactId> + <version>${opensaml.version}</version> + </dependency> + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>opensaml-saml-impl</artifactId> + <version>${opensaml.version}</version> + </dependency> + <dependency> + <groupId>net.shibboleth.utilities</groupId> + <artifactId>java-support</artifactId> + <version>${shibboleth.xmlsupport.version}</version> + </dependency> + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>opensaml-xmlsec-api</artifactId> + <version>${opensaml.version}</version> + </dependency> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + <version>${servlet.version}</version> + <scope>provided</scope> + </dependency> + <!-- JSP --> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>jsp-api</artifactId> + <version>${jsp.api}</version> + <scope>provided</scope> + </dependency> + <!-- JSTL --> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>jstl</artifactId> + <version>${jstl.version}</version> + </dependency> + <dependency> + <groupId>org.apache.taglibs</groupId> + <artifactId>taglibs-standard-impl</artifactId> + <version>${apache.taglibs}</version> + </dependency> + <dependency> + <groupId>taglibs</groupId> + <artifactId>standard</artifactId> + <version>${jstl.version}</version> + </dependency> + <!-- JavaEE API --> + <dependency> + <groupId>javax</groupId> + <artifactId>javaee-api</artifactId> + <version>7.0</version> + <scope>provided</scope> + </dependency> + <!-- Spring --> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-core</artifactId> + <version>${spring.version}</version> + <exclusions> + <exclusion> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-beans</artifactId> + <version>${spring.version}</version> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-context</artifactId> + <version>${spring.version}</version> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-context-support</artifactId> + <version>${spring.version}</version> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-web</artifactId> + <version>${spring.version}</version> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-aop</artifactId> + <version>${spring.version}</version> + </dependency> + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + <version>${xerces.version}</version> + <exclusions> + <exclusion> + <groupId>xml-apis</groupId> + <artifactId>xml-apis</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>xalan</groupId> + <artifactId>xalan</artifactId> + <version>${xalan.version}</version> + <exclusions> + <exclusion> + <groupId>xml-apis</groupId> + <artifactId>xml-apis</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>xalan</groupId> + <artifactId>serializer</artifactId> + <version>${xalan.version}</version> + <exclusions> + <exclusion><!-- upsets jboss 6 --> + <groupId>xml-apis</groupId> + <artifactId>xml-apis</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>xml-apis</groupId> + <artifactId>xml-apis</artifactId> + <version>${xmlapis.version}</version> + </dependency> + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>opensaml-xmlsec-impl</artifactId> + <version>${opensaml.version}</version> + </dependency> + <!-- Jersey --> + <dependency> + <groupId>com.sun.jersey</groupId> + <artifactId>jersey-server</artifactId> + <version>${jersey.version}</version> + </dependency> + <!-- https://mvnrepository.com/artifact/org.apache.tomcat/jasper-el --> + <dependency> + <groupId>org.apache.tomcat</groupId> + <artifactId>jasper-el</artifactId> + <version>${jasper.version}</version> + </dependency> + <!-- Jersey + Spring --> + <dependency> + <groupId>com.sun.jersey.contribs</groupId> + <artifactId>jersey-spring</artifactId> + <version>${jersey.version}</version> + <exclusions> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-core</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-web</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-beans</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-aop</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-context</artifactId> + </exclusion> + <!-- <exclusion> + <groupId>com.sun.jersey</groupId> + <artifactId>jersey-server</artifactId> + </exclusion>--> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + </exclusion> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + </exclusions> + </dependency> + <!-- HazelCast --> + <dependency> + <groupId>com.hazelcast</groupId> + <artifactId>hazelcast</artifactId> + <version>${hazelcast.version}</version> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + </exclusion> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>com.hazelcast</groupId> + <artifactId>hazelcast-wm</artifactId> + <version>${hazelcast.version}</version> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + </exclusion> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + </exclusions> + </dependency> + <!-- Struts2 --> + <dependency> + <groupId>org.apache.struts</groupId> + <artifactId>struts2-core</artifactId> + <version>${struts.version}</version> + </dependency> + <dependency> + <groupId>cglib</groupId> + <artifactId>cglib-nodep</artifactId> + <version>${cglib.version}</version> + </dependency> + <dependency> + <groupId>cglib</groupId> + <artifactId>cglib</artifactId> + <version>${cglib.version}</version> + </dependency> + <!-- ICU --> + <dependency> + <groupId>com.ibm.icu</groupId> + <artifactId>icu4j</artifactId> + <version>${icu4j.version}</version> + </dependency> + + <!-- UNIT TEST Dependencies --> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <version>${junit.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.hamcrest</groupId> + <artifactId>hamcrest-all</artifactId> + <version>${hamcrest.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.mockito</groupId> + <artifactId>mockito-core</artifactId> + <version>${mockito.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>xmlunit</groupId> + <artifactId>xmlunit</artifactId> + <version>${xmlunit.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <version>${spring.version}</version> + <scope>test</scope> + </dependency> + </dependencies> + </dependencyManagement> + + <dependencies> + <!-- Dependencies in common for all modules --> + <dependency> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + </dependency> + <dependency> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + </dependency> + <dependency> + <groupId>commons-lang</groupId> + <artifactId>commons-lang</artifactId> + </dependency> + <dependency> + <groupId>com.google.guava</groupId> + <artifactId>guava</artifactId> + </dependency> + <dependency> + <groupId>com.google.code.findbugs</groupId> + <artifactId>jsr305</artifactId> + </dependency> + + <!-- UNIT TEST Dependencies in common for all modules --> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <exclusions> + <exclusion> + <artifactId>hamcrest-core</artifactId> + <groupId>org.hamcrest</groupId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.hamcrest</groupId> + <artifactId>hamcrest-all</artifactId> + </dependency> + <dependency> + <groupId>org.mockito</groupId> + <artifactId>mockito-core</artifactId> + <exclusions> + <exclusion> + <artifactId>hamcrest-core</artifactId> + <groupId>org.hamcrest</groupId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>xmlunit</groupId> + <artifactId>xmlunit</artifactId> + </dependency> + </dependencies> + + <build> + <pluginManagement> + <plugins> + + <plugin> + <groupId>com.orctom.mojo</groupId> + <artifactId>was-maven-plugin</artifactId> + <version>1.0.8</version> + <configuration> + <wasHome>c:/pgm/wlp</wasHome> + <applicationName>${proj.name}</applicationName> + <host>localhost</host> + <server>server01</server> + <node>node01</node> + <virtualHost>default_host</virtualHost> + <verbose>true</verbose> + </configuration> + </plugin> + + <plugin> + <groupId>org.apache.tomcat.maven</groupId> + <artifactId>tomcat7-maven-plugin</artifactId> + <version>2.2</version> + <configuration> + <url>http://localhost:8080/manager/text</url> + <server>tomcat</server> + <path>/${proj.name}</path> + <username>admin</username> + <password>admin</password> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-war-plugin</artifactId> + <version>${war.plugin.version}</version> + <configuration> + <webResources> + <resource> + <directory>${project.basedir}/src/main/webapp/WEB-INF</directory> + <filtering>true</filtering> + <targetPath>WEB-INF</targetPath> + <includes> + <include>**/web.xml</include> + </includes> + </resource> + </webResources> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-source-plugin</artifactId> + <version>${source.plugin.version}</version> + <executions> + <execution> + <id>attach-sources</id> + <phase>verify</phase> + <goals> + <goal>jar-no-fork</goal> + </goals> + </execution> + </executions> + </plugin> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>cobertura-maven-plugin</artifactId> + <version>${cobertura.plugin.version}</version> + <configuration> + <formats> + <format>html</format> + <format>xml</format> + </formats> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-resources-plugin</artifactId> + <version>${resources.plugin.version}</version> + </plugin> + <!--plugin> + <groupId>org.owasp</groupId> + <artifactId>dependency-check-maven</artifactId> + <version>${owasp.dependency-check.version}</version> + <configuration> + <failBuildOnCVSS>8</failBuildOnCVSS> + </configuration> + <executions> + <execution> + <goals> + <goal>check</goal> + </goals> + </execution> + </executions> + </plugin--> + </plugins> + </pluginManagement> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <version>${compile.plugin.version}</version> + <configuration> + <source>${java.version}</source> + <target>${java.version}</target> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <version>${surefire.plugin.version}</version> + <configuration> + <skip>false</skip> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-javadoc-plugin</artifactId> + <version>${javadoc.plugin.version}</version> + <configuration> + <detectLinks>true</detectLinks> + </configuration> + </plugin> + </plugins> + </build> + + <!-- modules> + <module>../EIDAS-Config</module> + <module>../EIDAS-Light-Commons</module> + <module>../EIDAS-Commons</module> + <module>../EIDAS-ConfigModule</module> + <module>../EIDAS-Encryption</module> + <module>../EIDAS-SAMLEngine</module> + <module>../EIDAS-Metadata</module> + <module>../EIDAS-UPDATER</module> + <module>../EIDAS-SpecificConnector</module> + <module>../EIDAS-SpecificProxyService</module> + <module>../EIDAS-SpecificCommunicationDefinition</module> + <module>../EIDAS-Node</module> + <module>../EIDAS-SP</module> + <module>../EIDAS-IdP-1.0</module> + <module>../EIDAS-SimpleProtocol</module> + </modules--> +<modules> + <module>../EIDAS-Light-Commons</module> + <module>../EIDAS-Commons</module> + <module>../EIDAS-SpecificCommunicationDefinition</module> + </modules> + <profiles> + <profile> + <id>NodeOnly</id> + <activation><activeByDefault>true</activeByDefault></activation> + <modules> + <module>../EIDAS-ConfigModule</module> + <module>../EIDAS-Encryption</module> + <module>../EIDAS-SAMLEngine</module> + <module>../EIDAS-Metadata</module> + <module>../EIDAS-UPDATER</module> + <module>../EIDAS-Node</module> + </modules> + </profile> + <profile> + <id>DemoToolsOnly</id> + <activation><activeByDefault>false</activeByDefault></activation> + <modules> + <module>../EIDAS-SimpleProtocol</module> + <module>../EIDAS-SpecificProxyService</module> + <module>../EIDAS-SpecificConnector</module> + <module>../EIDAS-SP</module> + <module>../EIDAS-IdP-1.0</module> + </modules> + </profile> + <profile> + <id>Config</id> + <activation><activeByDefault>false</activeByDefault></activation> + <modules> + <module>../EIDAS-Config</module> + </modules> + </profile> + </profiles> +</project> diff --git a/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-specific-communication-definition/2.0.0/eidas-specific-communication-definition-2.0.0.jar b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-specific-communication-definition/2.0.0/eidas-specific-communication-definition-2.0.0.jar Binary files differnew file mode 100644 index 00000000..de8abbd2 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-specific-communication-definition/2.0.0/eidas-specific-communication-definition-2.0.0.jar diff --git a/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-specific-communication-definition/2.1.0/eidas-specific-communication-definition-2.1.0.jar b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-specific-communication-definition/2.1.0/eidas-specific-communication-definition-2.1.0.jar Binary files differnew file mode 100644 index 00000000..e0dc0ed8 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-specific-communication-definition/2.1.0/eidas-specific-communication-definition-2.1.0.jar diff --git a/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-specific-communication-definition/2.1.0/eidas-specific-communication-definition-2.1.0.pom b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-specific-communication-definition/2.1.0/eidas-specific-communication-definition-2.1.0.pom new file mode 100644 index 00000000..1dc152d8 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/repository/eu/eidas/eidas-specific-communication-definition/2.1.0/eidas-specific-communication-definition-2.1.0.pom @@ -0,0 +1,131 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 + http://maven.apache.org/maven-v4_0_0.xsd"> + <modelVersion>4.0.0</modelVersion> + <artifactId>eidas-specific-communication-definition</artifactId> + <packaging>jar</packaging> + <name>eIDAS Specific Communication Definition</name> + <description>Defines and implements the communication protocol to be used between specific and node modules.</description> + <parent> + <groupId>eu.eidas</groupId> + <artifactId>eidas-parent</artifactId> + <version>2.1.0</version> + <relativePath>../EIDAS-Parent/pom.xml</relativePath> + </parent> + <dependencies> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-context</artifactId> + </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-commons</artifactId> + </dependency> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + <scope>test</scope> + </dependency> + </dependencies> + <build> + <finalName>${artifactId}</finalName> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-source-plugin</artifactId> + </plugin> + </plugins> + </build> + <profiles> + <profile> + <id>specificProxyServiceWarPackaging</id> + <activation> + <property> + <name>!specificJar</name> + </property> + </activation> + <properties> + <packaging.type>war</packaging.type> + </properties> + <build> + <finalName>${proj.name}</finalName> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-resources-plugin</artifactId> + <executions> + <execution> + <id>copy-specific-connector-config</id> + <phase>process-resources</phase> + <goals> + <goal>copy-resources</goal> + </goals> + <configuration> + <outputDirectory>${project.build.directory}/${proj.name}/WEB-INF/classes + </outputDirectory> + <resources> + <resource> + <directory>${project.basedir}/src/main/config/warPackaging</directory> + <filtering>false</filtering> + </resource> + </resources> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> + </profile> + <profile> + <id>specificProxyServiceJarPackaging</id> + <activation> + <property> + <name>specificJar</name> + </property> + </activation> + <properties> + <packaging.type>jar</packaging.type> + </properties> + <build> + <finalName>${artifactId}</finalName> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-source-plugin</artifactId> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-resources-plugin</artifactId> + <executions> + <execution> + <id>copy-specific-connector-config</id> + <phase>process-resources</phase> + <goals> + <goal>copy-resources</goal> + </goals> + <configuration> + <outputDirectory>${project.build.directory}/${proj.name}/WEB-INF/classes</outputDirectory> + <resources> + <resource> + <directory>${project.basedir}/src/main/config/jarPackaging</directory> + <filtering>false</filtering> + </resource> + </resources> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> + </profile> + </profiles> +</project> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java index de7d9100..b1cd128f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java @@ -7,13 +7,60 @@ import java.util.ArrayList; import java.util.Collections; import java.util.List; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; + public class Constants { + public static final String EXECUTIONCONTEXT_SELECTED_COUNTRY = "selectedCountry"; + public static final String DATA_REQUESTERID = "req_requesterId"; + public static final String DATA_PROVIDERNAME = "req_providerName"; + public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; + public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; + public static final String DATA_FULL_EIDAS_RESPONSE = "resp_fulleIDASResponse"; + + + //templates for post-binding forwarding + public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html"; + public static final String TEMPLATE_POST_FORWARD_ENDPOINT = "endPoint"; + public static final String TEMPLATE_POST_FORWARD_TOKEN_NAME = "tokenName"; + public static final String TEMPLATE_POST_FORWARD_TOKEN_VALUE = "tokenValue"; + + //configuration properties public static final String CONIG_PROPS_EIDAS_PREFIX="auth.eIDAS"; public static final String CONIG_PROPS_EIDAS_NODE= CONIG_PROPS_EIDAS_PREFIX + ".node_v2"; public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode"; + public static final String CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS = CONIG_PROPS_EIDAS_NODE + ".publicSectorTargets"; + public static final String CONIG_PROPS_EIDAS_NODE_ENTITYID = CONIG_PROPS_EIDAS_NODE + ".entityId"; + public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_URL = CONIG_PROPS_EIDAS_NODE + ".forward.endpoint"; + public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD = CONIG_PROPS_EIDAS_NODE + ".forward.method"; + public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_ONLYNATURAL = CONIG_PROPS_EIDAS_NODE + ".attributes.requested.onlynatural."; + public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_REPRESENTATION = CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation."; + public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME = CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName";; + public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER = CONIG_PROPS_EIDAS_NODE + ".workarounds.useRequestIdAsTransactionIdentifier"; + public static final String FORWARD_METHOD_POST = "POST"; + public static final String FORWARD_METHOD_GET = "GET"; + + public static final String CONIG_PROPS_EIDAS_SZRCLIENT= CONIG_PROPS_EIDAS_PREFIX + ".szrclient"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE= CONIG_PROPS_EIDAS_SZRCLIENT + ".useTestService"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES= CONIG_PROPS_EIDAS_SZRCLIENT + ".debug.logfullmessages"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY= CONIG_PROPS_EIDAS_SZRCLIENT + ".debug.useDummySolution"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_INSERTERNB= CONIG_PROPS_EIDAS_SZRCLIENT + ".debug.insertERnB"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION= CONIG_PROPS_EIDAS_SZRCLIENT + ".timeout.connection"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE= CONIG_PROPS_EIDAS_SZRCLIENT + ".timeout.response"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_PROD= CONIG_PROPS_EIDAS_SZRCLIENT + ".endpoint.prod"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_TEST= CONIG_PROPS_EIDAS_SZRCLIENT + ".endpoint.test"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PATH = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.keyStore.path"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.keyStore.password"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.trustStore.path"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.trustStore.password"; + + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.documenttype"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.vkz"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.issuingdate"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.issuingauthority"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY= CONIG_PROPS_EIDAS_SZRCLIENT + ".params.usedummykeys"; //http endpoint descriptions public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/light/sp/post"; @@ -42,4 +89,23 @@ public class Constants { // add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri()); } }); + + public static final String POLICY_DEFAULT_ALLOWED_TARGETS = + EAAFConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+", "\\\\+") + ".*"; + + //SAML2 Constants + public static final String SUCCESS_URI = "urn:oasis:names:tc:SAML:2.0:status:Success"; + + public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION = "30"; //seconds + public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE = "60"; //seconds + + + //Default values for SZR communication + public static final String SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE = "ELEKTR_DOKUMENT"; + + //TODO remove!!! + public static final String SZR_CONSTANTS_DEFAULT_ISSUING_DATE = "2014-01-01"; + public static final String SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY = "ms-specific eIDAS-Node for AT"; + public final static byte[] SZR_CONSTANTS_DEFAULT_PUBL_KEY = new byte[] {48, -127, -97, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 3, -127, -115, 0, 48, -127, -119, 2, -127, -127, 0, -106, 114, -113, -1, -84, 116, 35, 3, 70, -81, 81, -110, -10, -59, 114, 4, -109, 86, 127, -50, 125, 47, 4, 80, 79, 53, 117, -36, 15, -16, -61, 110, 39, 89, 29, -43, 37, -127, 80, -109, -38, 65, 125, -119, 44, -111, -21, 47, -98, 38, -112, -24, 107, -110, 17, -10, 51, -4, -36, -72, -28, -18, -14, 117, -67, 76, -31, 32, 92, 104, -21, 68, 31, -12, 30, -104, -104, 42, -107, 126, 84, 50, 85, -117, 44, -100, -4, 102, -100, 52, -68, 77, -32, 9, -16, -30, -104, -90, 107, -88, 7, 97, -94, 72, -61, -40, 80, -112, -65, -25, -72, -19, -95, -54, 31, 15, 24, -105, 123, -81, 23, -123, 92, -103, -101, 47, 47, -105, 2, 3, 1, 0, 1}; + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java index 1ce2f949..fef9cbfa 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java @@ -4,8 +4,8 @@ package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2; import org.apache.commons.lang3.StringUtils; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; /** * @author tlenz @@ -33,8 +33,8 @@ public class eIDASAuthenticationModulImpl implements AuthModule { */ @Override public String selectProcess(ExecutionContext context) { - if (StringUtils.isNotBlank((String) context.get("ccc")) || - StringUtils.isNotBlank((String) context.get("CCC"))) + if (StringUtils.isNotBlank((String) context.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY)) || + StringUtils.isNotBlank((String) context.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY))) return "eIDASAuthentication_v2"; else return null; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationSpringResourceProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationSpringResourceProvider.java index b491b8d8..e067acfb 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationSpringResourceProvider.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationSpringResourceProvider.java @@ -22,7 +22,7 @@ public class eIDASAuthenticationSpringResourceProvider implements SpringResource @Override public Resource[] getResourcesToLoad() { - ClassPathResource eIDASAuthConfig = new ClassPathResource("/eidas_v2_auth.beans", eIDASAuthenticationSpringResourceProvider.class); + ClassPathResource eIDASAuthConfig = new ClassPathResource("/eidas_v2_auth.beans.xml", eIDASAuthenticationSpringResourceProvider.class); return new Resource[] {eIDASAuthConfig}; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java index 51d1bd0c..77f799e7 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java @@ -8,14 +8,25 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; -import org.apache.commons.text.StringEscapeUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; +import com.google.common.collect.ImmutableSortedSet; + +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry; +import eu.eidas.auth.commons.EidasParameterKeys; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import eu.eidas.specificcommunication.protocol.impl.SpecificConnectorCommunicationServiceImpl; + /** * @author tlenz @@ -25,9 +36,10 @@ import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalControll public class eIDASSignalServlet extends AbstractProcessEngineSignalController { private static final Logger log = LoggerFactory.getLogger(eIDASSignalServlet.class); + @Autowired private ApplicationContext context; + @Autowired private eIDASAttributeRegistry attrRegistry; - - public eIDASSignalServlet() { + public eIDASSignalServlet() { super(); log.debug("Registering servlet " + getClass().getName() + " with mappings '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_POST + @@ -39,11 +51,11 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController { Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void restoreEidasAuthProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException { signalProcessManagement(req, resp); } - @Override + /** * Protocol specific implementation to get the pending-requestID * from http request object @@ -52,31 +64,68 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController { * @return The Pending-request id * */ + @Override public String getPendingRequestId(HttpServletRequest request) { - String sessionId = super.getPendingRequestId(request); + //String sessionId = super.getPendingRequestId(request); try { - - // use SAML2 relayState - if (sessionId == null) { - log.trace("No transaction identifier from pendingReq. Search for SAML2 'RelayState' ..."); - sessionId = StringEscapeUtils.escapeHtml4(request.getParameter("RelayState")); - - if (StringUtils.isEmpty(sessionId)) - log.info("NO transaction identifier found! Stopping process ...."); - else - log.debug("Find transaction identifier in SAML2 'RelayState': " + sessionId); + //get token from Request + final String tokenBase64 = request.getParameter(EidasParameterKeys.TOKEN.toString()); + if (StringUtils.isEmpty(tokenBase64)) { + log.warn("NO eIDAS message token found."); + throw new eIDASAuthenticationException("eidas.04", null); + } + log.trace("Receive eIDAS-node token: " + tokenBase64 + " Starting transaction-restore process ... "); - } else - log.trace("Find transaction identifier from pendingReq."); + + + final SpecificConnectorCommunicationServiceImpl specificConnectorCommunicationService = + (SpecificConnectorCommunicationServiceImpl) context.getBean(SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); + ILightResponse eIDASResponse = specificConnectorCommunicationService.getAndRemoveResponse(tokenBase64, + ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); + + String pendingReqId = null; + if (StringUtils.isEmpty(eIDASResponse.getRelayState())) { + log.debug("eIDAS Node returns no RelayState. "); + + if (authConfig.getBasicMOAIDConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER, + false)) { + log.trace("Use lightRequestId to recover session ... "); + pendingReqId = transactionStorage.get(eIDASResponse.getInResponseToId(), String.class); + if (StringUtils.isNotEmpty(pendingReqId)) { + log.debug("Restoring session with lightRequestId ... "); + transactionStorage.remove(eIDASResponse.getInResponseToId()); + + } + } + + } else { + log.debug("Find transaction identifier in SAML2 'RelayState': " + eIDASResponse.getRelayState()); + pendingReqId = eIDASResponse.getRelayState(); + + } + if (StringUtils.isNotEmpty(pendingReqId)) { + request.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eIDASResponse); + return pendingReqId; + + } + + log.info("NO transaction identifier found! Stopping process ...."); + log.trace("FullResponse: " + eIDASResponse.toString()); + + } catch (SpecificCommunicationException e) { + log.warn("Can NOT load eIDAS Response from cache.", e); + log.debug("eIDAS response token was: " + request.getParameter(EidasParameterKeys.TOKEN.toString())); + } catch (Exception e) { log.warn("Unable to retrieve moa session id.", e); } - return sessionId; + return null; } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/SZRCommunicationException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/SZRCommunicationException.java new file mode 100644 index 00000000..a0c3cf88 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/SZRCommunicationException.java @@ -0,0 +1,15 @@ +package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception; + +public class SZRCommunicationException extends eIDASAuthenticationException { + + private static final long serialVersionUID = 1L; + + public SZRCommunicationException(String internalMsgId, Object[] params) { + super(internalMsgId, params); + } + + public SZRCommunicationException(String internalMsgId, Object[] params, Throwable e) { + super(internalMsgId, params, e); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAttributeException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAttributeException.java new file mode 100644 index 00000000..f1d4280f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAttributeException.java @@ -0,0 +1,15 @@ +package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception; + +public class eIDASAttributeException extends eIDASAuthenticationException { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public eIDASAttributeException(String attrbuteName) { + super("eidas.00", new Object[] {attrbuteName}); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAuthenticationException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAuthenticationException.java index fff6773e..939e7471 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAuthenticationException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAuthenticationException.java @@ -9,12 +9,12 @@ public class eIDASAuthenticationException extends EAAFAuthenticationException{ */ private static final long serialVersionUID = 1L; - public eIDASAuthenticationException(String internalMsgId, Object[] params, String msg) { - super(internalMsgId, params, msg); + public eIDASAuthenticationException(String internalMsgId, Object[] params) { + super(internalMsgId, params); } - public eIDASAuthenticationException(String internalMsgId, Object[] params, String msg, Throwable e) { - super(internalMsgId, params, msg, e); + public eIDASAuthenticationException(String internalMsgId, Object[] params, Throwable e) { + super(internalMsgId, params, e); } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASValidationException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASValidationException.java new file mode 100644 index 00000000..7b81eacd --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASValidationException.java @@ -0,0 +1,14 @@ +package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception; + +public class eIDASValidationException extends eIDASAuthenticationException { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public eIDASValidationException(String internalMsgId, Object[] params) { + super(internalMsgId, params); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java new file mode 100644 index 00000000..b3855635 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java @@ -0,0 +1,114 @@ +package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.service; + +import java.io.File; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants; +import eu.eidas.auth.commons.attribute.AttributeRegistries; +import eu.eidas.auth.commons.attribute.AttributeRegistry; + +@Service("attributeRegistry") +public class eIDASAttributeRegistry { + private static final Logger log = LoggerFactory.getLogger(eIDASAttributeRegistry.class); + @Autowired private IConfiguration basicConfig; + + private AttributeRegistry coreAttributeRegistry; + + private String eidasAttributesFile; + private String additionalAttributesFile; + + @PostConstruct + private void initialize() throws RuntimeException { + try { + if (eidasAttributesFile.isEmpty()) { + log.error("Basic eIDAS addribute definition NOT defined"); + throw new EAAFConfigurationException("Basic eIDAS addribute definition NOT defined"); + + } + + boolean additionalAttrAvailabe = false; + if (!additionalAttributesFile.isEmpty()) { + File file = new File(additionalAttributesFile); + if (file.exists()) + additionalAttrAvailabe = true; + + } + + if (!additionalAttrAvailabe) { + log.info("Start eIDAS ref. impl. Core without additional eIDAS attribute definitions ... "); + coreAttributeRegistry = AttributeRegistries.fromFiles(eidasAttributesFile, null); + + } else { + //load attribute definitions + log.info("Start eIDAS ref. impl. Core with additional eIDAS attribute definitions ... "); + coreAttributeRegistry = AttributeRegistries.fromFiles(eidasAttributesFile, null, additionalAttributesFile); + + } + + } catch (Throwable e) { + log.error("Can NOT initialize eIDAS attribute definition." , e); + new RuntimeException("Can NOT initialize eIDAS attribute definition.", e); + + } + } + + + public AttributeRegistry getCoreAttributeRegistry() { + return coreAttributeRegistry; + } + + public Map<String, Boolean> getAttributeSetFromConfiguration() { + Map<String, Boolean> result = new HashMap<String, Boolean>(); + + /*TODO: select set for representation if mandates should be used. + * It's an open task in respect to requested eIDAS attributes and isRequired flag, + * because there can be a decision problem in case of natural or legal person representation! + * From an Austrian use-case point of view, an Austrian service provider can support mandates for + * natural and legal persons at the same time. However, we CAN NOT request attributes for natural AND + * legal persons on the same time, because it's not possible to represent both simultaneously. + */ + Map<String, String> configAttributes = + basicConfig.getBasicMOAIDConfigurationWithPrefix( + Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_ONLYNATURAL); + for (String el: configAttributes.values()) { + if (StringUtils.isNotEmpty(el.trim())) { + List<String> attrDef = KeyValueUtils.getListOfCSVValues(el.trim()); + boolean isRequired = false; + if (attrDef.size() == 2) + isRequired = Boolean.parseBoolean(attrDef.get(1)); + + result.put(attrDef.get(0), isRequired); + + } + } + + log.trace("Load #" + result.size() + " requested attributes from configuration"); + return result; + + } + + + public void setEidasAttributesFile(String eidasAttributesFile) { + this.eidasAttributesFile = eidasAttributesFile; + } + + public void setAdditionalAttributesFile(String additionalAttributesFile) { + this.additionalAttributesFile = additionalAttributesFile; + } + + +} + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java new file mode 100644 index 00000000..86f0d0bb --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java @@ -0,0 +1,372 @@ +package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.szr; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.net.URL; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.UnrecoverableKeyException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.annotation.PostConstruct; +import javax.annotation.Resource; +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.Marshaller; +import javax.xml.namespace.QName; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.stream.StreamResult; +import javax.xml.transform.stream.StreamSource; +import javax.xml.ws.BindingProvider; +import javax.xml.ws.Dispatch; +import javax.xml.ws.WebServiceContext; +import javax.xml.ws.handler.Handler; + +import org.apache.commons.lang3.StringUtils; +import org.apache.cxf.configuration.jsse.TLSClientParameters; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.jaxws.DispatchImpl; +import org.apache.cxf.transport.http.HTTPConduit; +import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; +import org.apache.xpath.XPathAPI; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import org.w3._2000._09.xmldsig.KeyValueType; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.core.api.data.XMLNamespaceConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.utils.LoggingHandler; +import szrservices.GetBPK; +import szrservices.GetBPKResponse; +import szrservices.GetIdentityLink; +import szrservices.GetIdentityLinkResponse; +import szrservices.IdentityLinkType; +import szrservices.PersonInfoType; +import szrservices.SZR; +import szrservices.SZRException_Exception; + +@Service("SZRClientForeIDAS") +public class SZRClient { + private static final Logger log = LoggerFactory.getLogger(SZRClient.class); + + private static final String CLIENT_DEFAULT = "DefaultClient"; + private static final String CLIENT_RAW = "RawClient"; + + @Autowired private IConfiguration basicConfig; + @Resource private WebServiceContext wsContext; + + //client for anything, without identitylink + private SZR szr = null; + + //RAW client is needed for identitylink + private Dispatch<Source> dispatch = null; + + + private SZRService szrService = null; + private String szrURL = null; + private QName qname = null; + + public IdentityLinkType getIdentityLink(PersonInfoType personInfo, List<KeyValueType> keyValue, Boolean insertERnP) throws SZRCommunicationException { + try { + return szr.getIdentityLink( + personInfo, + keyValue, + insertERnP); + + } catch (SZRException_Exception e) { + log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); + throw new SZRCommunicationException("ernb.02", new Object[] {e.getMessage()}, e); + + } + + } + + public IdentityLinkType getIdentityLinkInRawMode(PersonInfoType personInfo, List<KeyValueType> keyValue, Boolean insertERnP) throws SZRCommunicationException { + try { + GetIdentityLink getIDL = new GetIdentityLink(); + getIDL.setInsertERnP(insertERnP); + getIDL.setPersonInfo(personInfo); + getIDL.getKeyValue().addAll(keyValue); + + JAXBContext jaxbContext = JAXBContext.newInstance(GetIdentityLink.class); + Marshaller jaxbMarshaller = jaxbContext.createMarshaller(); + + final ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); + jaxbMarshaller.marshal(getIDL, outputStream); + outputStream.flush(); + + Source source = new StreamSource(new ByteArrayInputStream(outputStream.toByteArray())); + outputStream.close(); + + log.trace("Requesting SZR ... "); + Source response = dispatch.invoke(source); + log.trace("Receive RAW response from SZR"); + + byte[] szrResponse = sourceToByteArray(response); + JAXBContext ctx = JAXBContext.newInstance(IdentityLinkType.class + .getPackage().getName()); + GetIdentityLinkResponse jaxbElement = (GetIdentityLinkResponse) ctx + .createUnmarshaller().unmarshal(new ByteArrayInputStream(szrResponse)); + + + //build response + log.trace(new String(szrResponse)); + log.trace("Signature successfully created. Extracting from MOA-SS container."); + + // ok, we have success + Document doc = DOMUtils.parseDocument( + new ByteArrayInputStream(szrResponse), + true, XMLNamespaceConstants.ALL_SCHEMA_LOCATIONS, null, null + ); + String xpathExpression = "//saml:Assertion"; + Element nsNode = doc.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "saml:NSNode"); + + log.trace("Selecting signed doc " + xpathExpression); + Element documentNode = (Element) XPathAPI.selectSingleNode(doc, + xpathExpression, nsNode); + log.trace("Signed document: " + DOMUtils.serializeNode(documentNode)); + + + IdentityLinkType idl = new IdentityLinkType(); + idl.setAssertion(documentNode); + idl.setPersonInfo(jaxbElement.getGetIdentityLinkReturn().getPersonInfo()); + + return idl; + + + //IdentityLinkType idlResp = this.szr.getIdentityLink(personInfo, keyValue, insertERnP); + + } catch ( Exception e) { + log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); + throw new SZRCommunicationException("ernb.02", new Object[] {e.getMessage()}, e); + + } + + } + + public String getBPK(PersonInfoType personInfo, String target, String vkz) throws SZRCommunicationException { + try { + GetBPK parameters = new GetBPK(); + parameters.setPersonInfo(personInfo); + parameters.setBereichsKennung(target); + parameters.setVKZ(vkz); + GetBPKResponse result = this.szr.getBPK(parameters); + + return result.getGetBPKReturn(); + + } catch (SZRException_Exception e) { + log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); + throw new SZRCommunicationException("ernb.02", new Object[] {e.getMessage()}, e); + + } + + } + + + @PostConstruct + private void initialize() { + log.info("Starting SZR-Client initialization .... "); + URL url = SZRClient.class.getResource("/szr_client/SZR-1.WSDL"); + + boolean useTestSZR = basicConfig.getBasicMOAIDConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE, + true); + + if (useTestSZR) { + log.debug("Initializing SZR test environment configuration."); + qname = SZRService.SZRTestumgebung; + szrService = new SZRService(url, new QName("urn:SZRServices", "SZRService")); + szr = szrService.getSZRTestumgebung(); + szrURL = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_TEST); + + + } else { + log.debug("Initializing SZR productive configuration."); + qname = SZRService.SZRProduktionsumgebung; + szrService = new SZRService(url, new QName("urn:SZRServices", "SZRService")); + szr = szrService.getSZRProduktionsumgebung(); + szrURL = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_PROD); + + } + + //create raw client; + dispatch = szrService.createDispatch(qname, Source.class, javax.xml.ws.Service.Mode.PAYLOAD); + + if (StringUtils.isEmpty(szrURL)) { + log.error("No SZR service-URL found. SZR-Client initalisiation failed."); + throw new RuntimeException("No SZR service URL found. SZR-Client initalisiation failed."); + + } + + log.info("Use SZR service-URL: " + szrURL); + injectBindingProvider((BindingProvider) szr, CLIENT_DEFAULT); + injectBindingProvider((BindingProvider) dispatch, CLIENT_RAW); + + log.debug("Inject HTTP client settings ... "); + injectHTTPClient(szr, CLIENT_DEFAULT); + injectHTTPClient(dispatch, CLIENT_RAW); + + log.info("SZR-Client initialization successfull"); + } + + private void injectHTTPClient(Object raw, String clientType) { + //extract client from implementation + Client client = null; + if (raw instanceof DispatchImpl<?>) + client = ((DispatchImpl<?>)raw).getClient(); + else if (raw instanceof Client) + client = ClientProxy.getClient(raw); + else + throw new RuntimeException("SOAP Client for SZR connection is of UNSUPPORTED type: " + raw.getClass().getName()); + + //set basic connection policies + HTTPConduit http = (HTTPConduit) client.getConduit(); + + //set timeout policy + HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); + httpClientPolicy.setConnectionTimeout( + Integer.parseInt(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION, + Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION)) * 1000); + httpClientPolicy.setReceiveTimeout( + Integer.parseInt(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE, + Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE)) * 1000); + http.setClient(httpClientPolicy); + + //inject SSL context in case of https + if (szrURL.toLowerCase().startsWith("https")) { + log.debug("Adding SSLContext to client: " + clientType +" ... "); + TLSClientParameters tlsParams = new TLSClientParameters(); + tlsParams.setSSLSocketFactory(createSSLContext(clientType).getSocketFactory()); + http.setTlsClientParameters(tlsParams ); + log.info("SSLContext initialized for client: " + clientType); + + } + + } + + private void injectBindingProvider(BindingProvider bindingProvider, String clientType) { + Map<String, Object> requestContext = bindingProvider.getRequestContext(); + requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, szrURL); + + log.trace("Adding JAX-WS request/response trace handler to client: " + clientType); + List<Handler> handlerList = bindingProvider.getBinding().getHandlerChain(); + if (handlerList == null) { + handlerList = new ArrayList<Handler>(); + bindingProvider.getBinding().setHandlerChain(handlerList); + + } + + //add logging handler to trace messages if required + if (basicConfig.getBasicMOAIDConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES, + false)) { + LoggingHandler loggingHandler = new LoggingHandler(); + handlerList.add(loggingHandler); + + } + } + + private SSLContext createSSLContext(String clientType) { + try { + SSLContext context = SSLContext.getInstance("TLS"); + + //initialize key-mangager for SSL client-authentication + KeyManager[] keyManager = null; + String keyStorePath = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PATH); + String keyStorePassword = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PASSWORD); + if (StringUtils.isNotEmpty(keyStorePath)) { + log.trace("Find keyStore path: " + keyStorePath + " Injecting SSL client certificate ... "); + try { + KeyStore keyStore = KeyStoreUtils.loadKeyStore( + FileUtils.makeAbsoluteURL(keyStorePath, basicConfig.getConfigurationRootDirectory()), + keyStorePassword); + + KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); + kmf.init(keyStore, keyStorePassword.toCharArray()); + keyManager = kmf.getKeyManagers(); + log.debug("SSL client certificate injected to client: " + clientType); + + } catch (KeyStoreException | IOException | UnrecoverableKeyException e) { + log.error("Can NOT load SSL client certificate from path: " + keyStorePath); + throw new RuntimeException("Can NOT load SSL client certificate from path: " + keyStorePath, e); + + } + } + + + //initialize SSL TrustStore + TrustManager[] trustManager = null; + String trustStorePath = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH); + String trustStorePassword = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD); + if (StringUtils.isNotEmpty(trustStorePath)) { + log.trace("Find trustStore path: " + trustStorePath + " Injecting SSL TrustStore ... "); + try { + KeyStore trustStore = KeyStoreUtils.loadKeyStore( + FileUtils.makeAbsoluteURL(trustStorePath, basicConfig.getConfigurationRootDirectory()), + trustStorePassword); + + TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); + tmf.init(trustStore); + trustManager = tmf.getTrustManagers(); + log.debug("SSL TrustStore injected to client: " + clientType); + + } catch (KeyStoreException | IOException e) { + log.error("Can NOT open SSL TrustStore from path: " + trustStorePath); + throw new RuntimeException("Can NOT open SSL TrustStore from path: " + trustStorePath, e); + + } + + } + + + context.init(keyManager, trustManager, new SecureRandom()); + return context; + + } catch (NoSuchAlgorithmException | KeyManagementException e) { + log.error("SSLContext initialization FAILED.", e); + throw new RuntimeException("SSLContext initialization FAILED.", e); + + } + + } + + private byte[] sourceToByteArray(Source result) throws TransformerException { + TransformerFactory factory = TransformerFactory.newInstance(); + Transformer transformer = factory.newTransformer(); + transformer.setOutputProperty("omit-xml-declaration", "yes"); + transformer.setOutputProperty("method", "xml"); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + StreamResult streamResult = new StreamResult(); + streamResult.setOutputStream(out); + transformer.transform(result, streamResult); + return out.toByteArray(); + } + + + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/szr/SZRService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/szr/SZRService.java new file mode 100644 index 00000000..8e4911b9 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/szr/SZRService.java @@ -0,0 +1,139 @@ +package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.szr; + +import java.net.URL; + +import javax.xml.namespace.QName; +import javax.xml.ws.Service; +import javax.xml.ws.WebEndpoint; +import javax.xml.ws.WebServiceClient; +import javax.xml.ws.WebServiceFeature; + +import szrservices.SZR; + +/** + * This class was generated by Apache CXF 3.1.16 + * 2018-07-10T09:36:01.466+02:00 + * Generated source version: 3.1.16 + * + */ +@WebServiceClient(name = "SZRService", + wsdlLocation = "./src/main/resources/szr_client/SZR-1.WSDL", + targetNamespace = "urn:SZRServices") +public class SZRService extends Service { + + public final static URL WSDL_LOCATION; + + public final static QName SERVICE = new QName("urn:SZRServices", "SZRService"); + public final static QName SZRProduktionsumgebung = new QName("urn:SZRServices", "SZRProduktionsumgebung"); + public final static QName SZRTestumgebung = new QName("urn:SZRServices", "SZRTestumgebung"); + public final static QName SZRBusinesspartnerTestumgebung = new QName("urn:SZRServices", "SZRBusinesspartnerTestumgebung"); + static { + URL url = SZRService.class.getResource("./src/main/resources/szr_client/SZR-1.WSDL"); + if (url == null) { + url = SZRService.class.getClassLoader().getResource("/szr_client/SZR-1.WSDL"); + } + if (url == null) { + java.util.logging.Logger.getLogger(SZRService.class.getName()) + .log(java.util.logging.Level.INFO, + "Can not initialize the default wsdl from {0}", "/szr_client/SZR-1.WSDL"); + } + WSDL_LOCATION = url; + + } + + public SZRService(URL wsdlLocation) { + super(wsdlLocation, SERVICE); + } + + public SZRService(URL wsdlLocation, QName serviceName) { + super(wsdlLocation, serviceName); + } + + public SZRService() { + super(WSDL_LOCATION, SERVICE); + } + + public SZRService(WebServiceFeature ... features) { + super(WSDL_LOCATION, SERVICE, features); + } + + public SZRService(URL wsdlLocation, WebServiceFeature ... features) { + super(wsdlLocation, SERVICE, features); + } + + public SZRService(URL wsdlLocation, QName serviceName, WebServiceFeature ... features) { + super(wsdlLocation, serviceName, features); + } + + + + + /** + * + * @return + * returns SZR + */ + @WebEndpoint(name = "SZRProduktionsumgebung") + public SZR getSZRProduktionsumgebung() { + return super.getPort(SZRProduktionsumgebung, SZR.class); + } + + /** + * + * @param features + * A list of {@link javax.xml.ws.WebServiceFeature} to configure on the proxy. Supported features not in the <code>features</code> parameter will have their default values. + * @return + * returns SZR + */ + @WebEndpoint(name = "SZRProduktionsumgebung") + public SZR getSZRProduktionsumgebung(WebServiceFeature... features) { + return super.getPort(SZRProduktionsumgebung, SZR.class, features); + } + + + /** + * + * @return + * returns SZR + */ + @WebEndpoint(name = "SZRTestumgebung") + public SZR getSZRTestumgebung() { + return super.getPort(SZRTestumgebung, SZR.class); + } + + /** + * + * @param features + * A list of {@link javax.xml.ws.WebServiceFeature} to configure on the proxy. Supported features not in the <code>features</code> parameter will have their default values. + * @return + * returns SZR + */ + @WebEndpoint(name = "SZRTestumgebung") + public SZR getSZRTestumgebung(WebServiceFeature... features) { + return super.getPort(SZRTestumgebung, SZR.class, features); + } + + + /** + * + * @return + * returns SZR + */ + @WebEndpoint(name = "SZRBusinesspartnerTestumgebung") + public SZR getSZRBusinesspartnerTestumgebung() { + return super.getPort(SZRBusinesspartnerTestumgebung, SZR.class); + } + + /** + * + * @param features + * A list of {@link javax.xml.ws.WebServiceFeature} to configure on the proxy. Supported features not in the <code>features</code> parameter will have their default values. + * @return + * returns SZR + */ + @WebEndpoint(name = "SZRBusinesspartnerTestumgebung") + public SZR getSZRBusinesspartnerTestumgebung(WebServiceFeature... features) { + return super.getPort(SZRBusinesspartnerTestumgebung, SZR.class, features); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java index dfd945c9..b31b6a21 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java @@ -3,41 +3,80 @@ package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.tasks; import java.io.InputStream; +import java.math.BigInteger; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import org.springframework.util.Base64Utils; +import org.w3._2000._09.xmldsig.KeyValueType; +import org.w3._2000._09.xmldsig.RSAKeyValueType; import org.w3c.dom.Element; import org.w3c.dom.Node; -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; -import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; -import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; -import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; -import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; - -/** +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; + +import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; +import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeValue; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import szrservices.IdentityLinkType; +import szrservices.PersonInfoType; +import szrservices.TravelDocumentType; + +/** * @author tlenz - * + * */ @Component("CreateIdentityLinkTask") public class CreateIdentityLinkTask extends AbstractAuthServletTask { - + private static final Logger log = LoggerFactory.getLogger(CreateIdentityLinkTask.class); + + //@Autowired private eIDASAttributeRegistry attrRegistry; + @Autowired private IConfiguration basicConfig; + @Autowired private SZRClient szrClient; + + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @@ -46,115 +85,293 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try{ - defaultTaskInitialization(request, executionContext); - - //get eIDAS attributes from MOA-Session - ImmutableAttributeMap eIDASAttributes = moasession.getGenericDataFromSession( - AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, - ImmutableAttributeMap.class); - - IIdentityLink identityLink = null; - + AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + ILightResponse eIDASResponse = authProcessData.getGenericDataFromSession( + Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); + Map<String, Object> simpleAttrMap = converteIDASAttrToSimpleMap(eIDASResponse.getAttributes().getAttributeMap()); + + IIdentityLink identityLink = null; + String bPK = null; + + //extract attributes + Object eIdentifierObj = simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + Object familyNameObj = simpleAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); + Object givenNameObj = simpleAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME); + Object dateOfBirthObj = simpleAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH); + + //check if availabe + if (eIdentifierObj == null || !(eIdentifierObj instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + + if (familyNameObj == null || !(familyNameObj instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); + + if (givenNameObj == null || !(givenNameObj instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); + + if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); + //connect SZR-Gateway - //TODO: implement SZR-Gateway communication!!!! - if(true) { - + if(basicConfig.getBasicMOAIDConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) { + log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!"); // create fake IdL // - fetch IdL template from resources InputStream s = CreateIdentityLinkTask.class.getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml"); Element idlTemplate = DOMUtils.parseXmlValidating(s); - identityLink = new IdentityLinkAssertionParser(idlTemplate).parseIdentityLink(); + identityLink = new SimpleIdentityLinkAssertionParser(idlTemplate).parseIdentityLink(); // replace data Element idlassertion = identityLink.getSamlAssertion(); // - set fake baseID; - Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - - - Object eIdentifier = eIDASAttributes.getFirstValue( - SAMLEngineUtils.getMapOfAllAvailableAttributes().get( - Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); - if (eIdentifier == null || !(eIdentifier instanceof String)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - prIdentification.getFirstChild().setNodeValue((String) eIdentifier); + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue((String) eIdentifierObj); //build personal identifier which looks like a baseID // String fakeBaseID = new BPKBuilder().buildBPK(eIdentifier, "baseID"); // Logger.info("Map eIDAS eIdentifier:" + eIdentifier + " to fake baseID:" + fakeBaseID); // prIdentification.getFirstChild().setNodeValue(fakeBaseID); - + // - set last name - Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH); - Object familyName = eIDASAttributes.getFirstValue( - SAMLEngineUtils.getMapOfAllAvailableAttributes().get( - Constants.eIDAS_ATTR_CURRENTFAMILYNAME)); - if (familyName == null || !(familyName instanceof String)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); - prFamilyName.getFirstChild().setNodeValue((String) familyName); + Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH); + prFamilyName.getFirstChild().setNodeValue((String) familyNameObj); // - set first name - Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH); - Object givenName = eIDASAttributes.getFirstValue( - SAMLEngineUtils.getMapOfAllAvailableAttributes().get( - Constants.eIDAS_ATTR_CURRENTGIVENNAME)); - if (givenName == null || !(givenName instanceof String)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); - prGivenName.getFirstChild().setNodeValue((String) givenName); + Node prGivenName = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH); + prGivenName.getFirstChild().setNodeValue((String) givenNameObj); // - set date of birth - Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH); - Object dateOfBirth = eIDASAttributes.getFirstValue( - SAMLEngineUtils.getMapOfAllAvailableAttributes().get( - Constants.eIDAS_ATTR_DATEOFBIRTH)); - if (dateOfBirth == null || !(dateOfBirth instanceof DateTime)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); - - String formatedDateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirth).toDate()); + Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH); + String formatedDateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirthObj).toDate()); prDateOfBirth.getFirstChild().setNodeValue(formatedDateOfBirth); - identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink(); + identityLink = new SimpleIdentityLinkAssertionParser(idlassertion).parseIdentityLink(); - //resign IDL - IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), authConfig.getStorkFakeIdLResigningKey()); - identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink(); - + Pair<String, String> bPKCalc = new BPKBuilder().generateAreaSpecificPersonIdentifier( + identityLink.getIdentificationValue(), + identityLink.getIdentificationType(), + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + bPK = bPKCalc.getFirst(); + + } else { //contact SZR Gateway - Logger.debug("Starting connecting SZR Gateway"); + log.debug("Starting connecting SZR Gateway"); + PersonInfoType personInfo = new PersonInfoType(); + PersonNameType personName = new PersonNameType(); + PhysicalPersonType naturalPerson = new PhysicalPersonType(); + TravelDocumentType eDocument = new TravelDocumentType(); + + naturalPerson.setName(personName ); + personInfo.setPerson(naturalPerson ); + personInfo.setTravelDocument(eDocument ); + + //parse some eID attributes + String dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirthObj).toDate()); + Trible<String, String, String> eIdentifier = + eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIdentifierObj); + String uniqueId = (String)eIdentifierObj; + String citizenCountry = eIdentifier.getFirst(); + + //person information + personName.setFamilyName((String)familyNameObj); + personName.setGivenName((String)givenNameObj); + naturalPerson.setDateOfBirth(dateOfBirth); + eDocument.setIssuingCountry(citizenCountry); + eDocument.setDocumentNumber(uniqueId); + + //eID document information + eDocument.setDocumentType(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, + Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); + + //TODO: that should be removed + eDocument.setIssueDate(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE, + Constants.SZR_CONSTANTS_DEFAULT_ISSUING_DATE)); + eDocument.setIssuingAuthority(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY, + Constants.SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY)); + + //TODO: keys are not available in eIDAS + List<KeyValueType> keyValue = dummyCodeForKeys(); + + /*TODO: + * Validate if IDL signature is valid after using this method + * MAYBE we had to switch to 'getIdentityLinkInRawMode' method! + */ + IdentityLinkType result = szrClient.getIdentityLink( + personInfo, + keyValue, + basicConfig.getBasicMOAIDConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_INSERTERNB, + true) + ); + + Element idlFromSZR = (Element)result.getAssertion(); + identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink(); + + + //get bPK from SZR + bPK = szrClient.getBPK( + personInfo, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), + basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, + "no VKZ defined")); + + } + + if (identityLink == null) { + log.error("ERnB did not return an identity link."); + throw new SZRCommunicationException("ernb.00", null); + + } - //TODO:!!!!!! + if (bPK == null) { + log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + throw new SZRCommunicationException("ernb.01", null); } - Logger.debug("SZR communication was successfull"); + log.debug("ERnB communication was successfull"); + + revisionsLogger.logEvent(pendingReq, -1); + authProcessData.setForeigner(true); + authProcessData.setIdentityLink(identityLink); + authProcessData.setGenericDataToSession( + PVPAttributeDefinitions.EID_ISSUING_NATION_NAME, + eIDASResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst()); + + //set bPK and bPKType into auth session + authProcessData.setGenericDataToSession( + PVPAttributeDefinitions.BPK_NAME, + extendBPKbyPrefix( + bPK, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()) + ); + authProcessData.setGenericDataToSession( + PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); - if (identityLink == null) { - Logger.error("SZR Gateway did not return an identity link."); - throw new MOAIDException("stork.10", null); - } - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); - moasession.setForeigner(true); - moasession.setIdentityLink(identityLink); - moasession.setBkuURL("Not applicable (eIDASAuthentication)"); - //store MOA-session to database + //store pending-request requestStoreage.storePendingRequest(pendingReq); - + } catch (eIDASAttributeException e) { throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); - } catch (MOAIDException | MOADatabaseException e) { + } catch (EAAFException e) { throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); } catch (Exception e) { - Logger.error("IdentityLink generation for foreign person FAILED.", e); + log.error("IdentityLink generation for foreign person FAILED.", e); throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); } } + private List<KeyValueType> dummyCodeForKeys() { + if (basicConfig.getBasicMOAIDConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY, + false)) { + List<KeyValueType> keyvalueList = new ArrayList<KeyValueType>(); + try { + PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Constants.SZR_CONSTANTS_DEFAULT_PUBL_KEY); + KeyFactory kf = KeyFactory.getInstance("RSA"); + + PublicKey pb = kf.generatePublic(spec); + + RSAPublicKey rsapb = (RSAPublicKey)pb; + BigInteger modulus = rsapb.getModulus(); + BigInteger exponent = rsapb.getPublicExponent(); + + // set key values + RSAKeyValueType rsa = new RSAKeyValueType(); + rsa.setExponent(new String(Base64Utils.encode(exponent.toByteArray()))); + rsa.setModulus(new String(Base64Utils.encode(modulus.toByteArray()))); + + KeyValueType key = new KeyValueType(); + key.setRSAKeyValue(rsa); + + keyvalueList.add(key); + + return keyvalueList; + } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { + log.error("TestCode has an internal ERROR", e); + + } + + } + + return null; + + } + + private String extendBPKbyPrefix(String bpk, String type) { + String bPKType = null; + + if (type.startsWith(EAAFConstants.URN_PREFIX_WBPK)) + bPKType = type.substring((EAAFConstants.URN_PREFIX_WBPK).length()); + + else if (type.startsWith(EAAFConstants.URN_PREFIX_CDID)) + bPKType = type.substring((EAAFConstants.URN_PREFIX_CDID).length()); + + else if (type.startsWith(EAAFConstants.URN_PREFIX_EIDAS)) + bPKType = type.substring((EAAFConstants.URN_PREFIX_EIDAS).length()); + + + if (bPKType != null ) { + log.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + bPKType); + return bPKType + ":" + bpk; + + } else { + log.warn("Service Provider Target with: " + type + " is NOT supported. Set bPK as it is ..."); + return bpk; + + } + + } + + //TODO: update for complexe attributes + private Map<String, Object> converteIDASAttrToSimpleMap( + ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap) { + Map<String, Object> result = new HashMap<String, Object>(); + + for (AttributeDefinition<?> el : attributeMap.keySet()) { + + final Class parameterizedType = el.getParameterizedType(); + if ((DateTime.class).equals(parameterizedType)) { + DateTime attribute = eIDASResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList()); + if (attribute != null) + result.put(el.getFriendlyName(), attribute); + else + log.info("Ignore empty 'DateTime' attribute"); + + } else if ((PostalAddress.class).equals(parameterizedType)) { + PostalAddress addressAttribute = eIDASResponseUtils.translateAddressAttribute(el, attributeMap.get(el).asList()); + if (addressAttribute != null) + result.put(el.getFriendlyName(), addressAttribute); + else + log.info("Ignore empty 'PostalAddress' attribute"); + + } else { + List<String> natPersonIdObj = eIDASResponseUtils.translateStringListAttribute(el, attributeMap.get(el).asList()); + String stringAttr = natPersonIdObj.get(0); + if (StringUtils.isNotEmpty(stringAttr)) + result.put(el.getFriendlyName(), stringAttr); + else + log.info("Ignore empty 'String' attribute"); + + } + } + + return result; + } + + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java index 358b681e..da554249 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java @@ -2,66 +2,64 @@ *******************************************************************************/ package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.tasks; -import java.io.StringWriter; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; +import java.util.Map; import java.util.UUID; +import java.util.regex.Matcher; +import java.util.regex.Pattern; +import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.lang3.BooleanUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.SingleSignOnService; -import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Component; -import org.springframework.util.StringUtils; +import org.springframework.web.util.UriComponentsBuilder; -import com.google.common.net.MediaType; +import com.google.common.collect.ImmutableSortedSet; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.CPEPS; -import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; -import eu.eidas.auth.commons.EidasStringUtil; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry; +import eu.eidas.auth.commons.EidasParameterKeys; import eu.eidas.auth.commons.attribute.AttributeDefinition; -import eu.eidas.auth.commons.attribute.AttributeDefinition.Builder; -import eu.eidas.auth.commons.light.impl.LightRequest; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; -import eu.eidas.auth.commons.protocol.IRequestMessage; -import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance; -import eu.eidas.auth.commons.protocol.eidas.LevelOfAssuranceComparison; +import eu.eidas.auth.commons.light.ILightRequest; +import eu.eidas.auth.commons.light.impl.LightRequest; import eu.eidas.auth.commons.protocol.eidas.SpType; -import eu.eidas.auth.commons.protocol.eidas.impl.EidasAuthenticationRequest; +import eu.eidas.auth.commons.tx.BinaryLightToken; +import eu.eidas.specificcommunication.BinaryLightTokenHelper; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import eu.eidas.specificcommunication.protocol.impl.SpecificConnectorCommunicationServiceImpl; /** * @author tlenz * - */ -@Component("GenerateAuthnRequestTask") + */ +@Component("ConnecteIDASNodeTask") public class GenerateAuthnRequestTask extends AbstractAuthServletTask { - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ + private static final Logger log = LoggerFactory.getLogger(GenerateAuthnRequestTask.class); + + @Autowired IConfiguration basicConfig; + @Autowired eIDASAttributeRegistry attrRegistry; + @Autowired ApplicationContext context; + @Autowired ITransactionStorage transactionStore; + @Autowired IGUIFormBuilder guiBuilder; + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) @@ -69,245 +67,196 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { try{ //get service-provider configuration - IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); + ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); // get target and validate citizen countryCode - String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); + String citizenCountryCode = (String) executionContext.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY); if (StringUtils.isEmpty(citizenCountryCode)) { // illegal state; task should not have been executed without a selected country - throw new AuthenticationException("eIDAS.03", new Object[] { "" }); + throw new eIDASAuthenticationException("eidas.03", new Object[] { "" }); } - CPEPS cpeps = authConfig.getStorkConfig().getCPEPSWithFullName(citizenCountryCode); - if(null == cpeps) { - Logger.error("PEPS unknown for country: " + citizenCountryCode); - throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode}); - } - Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode); - - //TODO: load authnReq End-Point URL from configuration - SingleSignOnService authnReqEndpoint = null; + //TODO: maybe add countryCode validation before request ref. impl. eIDAS node + log.debug("Request eIDAS auth. for citizen of country: " + citizenCountryCode); - + //TODO: switch to entityID and set new status codes -// revisionsLogger.logEvent(oaConfig, pendingReq, -// MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, -// metadataUrl); + //revisionsLogger.logEvent(oaConfig, pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, metadataUrl); - // assemble requested attributes - Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes(); - - // - prepare attribute list - - // - fill container - List<AttributeDefinition<?>> reqAttrList = new ArrayList<AttributeDefinition<?>>(); - //TODO: update requested attribute builder -// for (StorkAttribute current : attributesFromConfig) { -// AttributeDefinition<?> newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(current.getName()); -// -// if (newAttribute == null) { -// Logger.warn("eIDAS attribute with friendlyName:" + current.getName() + " is not supported."); -// -// } else { -// boolean globallyMandatory = false; -// for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes()) -// if (current.getName().equals(currentGlobalAttribute.getName())) { -// globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory()); -// break; -// } -// -// Builder<?> attrBuilder = AttributeDefinition.builder(newAttribute).required(current.getMandatory() || globallyMandatory); -// reqAttrList.add(attrBuilder.build()); -// -// } -// } - - //request -// if (reqAttrList.isEmpty()) { -// Logger.info("No attributes requested by OA:" + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() -// + " --> Request attr:" + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + " by default"); -// AttributeDefinition<?> newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); -// Builder<?> attrBuilder = AttributeDefinition.builder(newAttribute).required(true); -// reqAttrList.add(attrBuilder.build()); -// -// } - - //build requested attribute set - ImmutableAttributeMap reqAttrMap = new ImmutableAttributeMap.Builder().putAll(reqAttrList).build(); //build eIDAS AuthnRequest - LightRequest.Builder authnRequestBuilder = LightRequest.builder(); - + LightRequest.Builder authnRequestBuilder = LightRequest.builder(); authnRequestBuilder.id(UUID.randomUUID().toString()); - authnRequestBuilder.providerName(pendingReq.getAuthURL()); - String issur = pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA; - authnRequestBuilder.issuer(issur); - //TODO: - //authnRequestBuilder.destination(authnReqEndpoint.getLocation()); - - authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT); + String issur = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_ENTITYID); + if (StringUtils.isEmpty(issur)) { + log.error("Found NO 'eIDAS node issuer' in configuration. Authentication NOT possible!"); + throw new EAAFConfigurationException("Found NO 'eIDAS node issuer' in configuration. Authentication NOT possible!"); + + } + authnRequestBuilder.issuer(issur); - //set minimum required eIDAS LoA from OA config - String LoA = oaConfig.getQaaLevel(); - //TODO: -// if (MiscUtil.isNotEmpty(LoA)) -// authnRequestBuilder.levelOfAssurance(LevelOfAssurance.fromString(oaConfig.getQaaLevel())); -// else - authnRequestBuilder.levelOfAssurance(LevelOfAssurance.HIGH.getValue()); - //TODO: check if required - //authnRequestBuilder.levelOfAssuranceComparison(LevelOfAssuranceComparison.MINIMUM); + //TODO: set matching mode if eIDAS ref. impl. support this method + + //TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA schemes + String loa = EAAFConstants.EIDAS_LOA_HIGH; + if (spConfig.getRequiredLoA() != null) { + if (spConfig.getRequiredLoA().isEmpty()) + log.info("No eIDAS LoA requested. Use LoA HIGH as default"); + + else { + if (spConfig.getRequiredLoA().size() > 1 ) + log.info("Currently only ONE requested LoA is supported for service provider. Use first one ... "); + + loa = spConfig.getRequiredLoA().get(0); + + } + } + + log.debug("Request eIdAS node with LoA: " + loa); + authnRequestBuilder.levelOfAssurance(loa); - //set correct SPType for this online application - if (oaConfig.hasBaseIdTransferRestriction()) - authnRequestBuilder.spType(SpType.PRIVATE.getValue()); - else + //set correct SPType for requested target sector + String publicSectorTargetSelector = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS, + Constants.POLICY_DEFAULT_ALLOWED_TARGETS); + Pattern p = Pattern.compile(publicSectorTargetSelector); + Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier()); + if (m.matches()) { + log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'"); authnRequestBuilder.spType(SpType.PUBLIC.getValue()); + + //TODO: only for eIDAS ref. node 2.0 because it need 'Providername' for any SPType + String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); + if (StringUtils.isNotEmpty(providerName) + && basicConfig.getBasicMOAIDConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME, + false) + ) + authnRequestBuilder.providerName(providerName); + + } else { + log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'"); + authnRequestBuilder.spType(SpType.PRIVATE.getValue()); + //TODO: switch to RequesterId in further version + //set provider name for private sector applications + String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); + if (StringUtils.isNotEmpty(providerName)) + authnRequestBuilder.providerName(providerName); - //TODO - //set service provider (eIDAS node) countryCode -// authnRequestBuilder.serviceProviderCountryCode( -// authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT")); - - //set citizen country code for foreign uses - authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode()); - - //add requested attributes - authnRequestBuilder.requestedAttributes(reqAttrMap); - + } - LightRequest lightAuthnReq = authnRequestBuilder.build(); + //set nameIDFormat + authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT); + //set citizen country code for foreign uses + authnRequestBuilder.citizenCountryCode(citizenCountryCode); + //set relay state + authnRequestBuilder.relayState(pendingReq.getPendingRequestId()); - //IRequestMessage authnRequest = engine.generateRequestMessage(authnRequestBuilder.build(), issur); + //build and add requested attribute set + ImmutableAttributeMap reqAttrMap = translateToEidasAttributes(attrRegistry.getAttributeSetFromConfiguration()); + authnRequestBuilder.requestedAttributes(reqAttrMap); - //encode AuthnRequest -// byte[] token = authnRequest.getMessageBytes(); -// String SAMLRequest = EidasStringUtil.encodeToBase64(token); + //build request + LightRequest lightAuthnReq = authnRequestBuilder.build(); + //put request into cache + BinaryLightToken token = putRequestInCommunicationCache(lightAuthnReq); + final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token); + + //Workaround, because eIDAS node ref. impl. does not return relayState + if (basicConfig.getBasicMOAIDConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER, + false)) { + log.trace("Put lightRequestId into transactionstore as session-handling backup"); + transactionStore.put(lightAuthnReq.getId(), pendingReq.getPendingRequestId(), -1); + + } -// if (SAMLConstants.SAML2_POST_BINDING_URI.equals(authnReqEndpoint.getBinding())) -// buildPostBindingRequest(pendingReq, authnReqEndpoint, SAMLRequest, authnRequest, response); -// -// //TODO: redirect Binding is not completely implemented -// //else if (SAMLConstants.SAML2_REDIRECT_BINDING_URI.equals(authnReqEndpoint.getBinding())) -// //buildRedirecttBindingRequest(pendingReq, authnReqEndpoint, token, authnRequest, response); -// -// else { -// Logger.error("eIDAS-node use an unsupported binding (" -// + authnReqEndpoint.getBinding() + "). Request eIDAS node not possible."); -// throw new MOAIDException("eIDAS.02", new Object[]{"eIDAS-node use an unsupported binding"}); -// -// } + if (basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD, + Constants.FORWARD_METHOD_GET + ).equals(Constants.FORWARD_METHOD_GET)) { + + log.debug("Use http-redirect for eIDAS node forwarding ... "); + //send redirect + UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL)); + redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64); + response.sendRedirect(redirectUrl.build().encode().toString()); + + } else { + log.debug("Use http-post for eIDAS node forwarding ... "); + StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( + basicConfig, + pendingReq, + Constants.TEMPLATE_POST_FORWARD_NAME, + null); + + config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT, + basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL)); + config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME, + EidasParameterKeys.TOKEN.toString()); + config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, + tokenBase64); + + guiBuilder.build(response, config, "BKU-Selection form"); + + } - - -// }catch (EIDASSAMLEngineException e){ -// throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", -// new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e)); - } catch (MOAIDException e) { + + } catch (eIDASAuthenticationException e) { throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e); } catch (Exception e) { - Logger.error("eIDAS AuthnRequest generation FAILED.", e); + log.warn("eIDAS AuthnRequest generation FAILED.", e); throw new TaskExecutionException(pendingReq, e.getMessage(), e); } + } + + private ImmutableAttributeMap translateToEidasAttributes(final Map<String, Boolean> requiredAttributes) { + ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder(); + for (Map.Entry<String,Boolean> attribute : requiredAttributes.entrySet()) { + final String name = attribute.getKey(); + final ImmutableSortedSet<AttributeDefinition<?>> byFriendlyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(name); + if (!byFriendlyName.isEmpty()) { + final AttributeDefinition<?> attributeDefinition = byFriendlyName.first(); + builder.put(AttributeDefinition.builder(attributeDefinition).required(attribute.getValue()).build()); + + } else + log.warn("Can NOT request UNKNOWN attribute: " + attribute.getKey() + " Ignore it!"); + + } + + return builder.build(); + + } - /** - * Encode the eIDAS request with POST binding - * - * @param pendingReq - * @param authnReqEndpoint - * @param SAMLRequest - * @param authnRequest - * @param response - * @throws MOAIDException - */ - private void buildPostBindingRequest(IRequest pendingReq, SingleSignOnService authnReqEndpoint, - String SAMLRequest, IRequestMessage authnRequest, HttpServletResponse response) - throws MOAIDException { - //send + private BinaryLightToken putRequestInCommunicationCache(ILightRequest iLightRequest) throws ServletException { + final BinaryLightToken binaryLightToken; try { - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/eidas_postbinding_template.vm"); - VelocityContext context = new VelocityContext(); - - String actionType = "SAMLRequest"; - context.put(actionType, SAMLRequest); - context.put("RelayState", pendingReq.getRequestID()); - context.put("action", authnReqEndpoint.getLocation()); - - Logger.debug("Using SingleSignOnService url as action: " + authnReqEndpoint.getLocation()); - Logger.debug("Encoded " + actionType + " original: " + SAMLRequest); + final SpecificConnectorCommunicationServiceImpl springManagedSpecificConnectorCommunicationService = + (SpecificConnectorCommunicationServiceImpl) context.getBean(SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); - Logger.trace("Starting template merge"); - StringWriter writer = new StringWriter(); - - Logger.trace("Doing template merge"); - template.merge(context, writer); - - Logger.trace("Template merge done"); - Logger.trace("Sending html content: " + writer.getBuffer().toString()); + binaryLightToken = springManagedSpecificConnectorCommunicationService.putRequest(iLightRequest); - - byte[] content = writer.getBuffer().toString().getBytes("UTF-8"); - response.setContentType(MediaType.HTML_UTF_8.toString()); - response.setContentLength(content.length); - response.getOutputStream().write(content); - - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, - MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, - authnRequest.getRequest().getId()); - - } catch (Exception e) { - Logger.error("Velocity general error: " + e.getMessage()); - throw new MOAIDException("eIDAS.02", new Object[]{e.getMessage()}, e); + } catch (SpecificCommunicationException e) { + log.error("Unable to process specific request"); + throw new ServletException(e); } - - } - - /** - * Select a SingleSignOnService endPoint from eIDAS node metadata. - * This endPoint receives the Authn. request - * - * @param idpEntity - * @return - */ - private SingleSignOnService selectSingleSignOnServiceFromMetadata(EntityDescriptor idpEntity) { - //select SingleSignOn Service endpoint from IDP metadata - SingleSignOnService endpoint = null; - if (idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) == null) { - return null; - - } - - for (SingleSignOnService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { - - // use POST binding as default if it exists - if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) - endpoint = sss; - - //TODO: redirect Binding is not completely implemented - // use Redirect binding as backup -// else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) -// && endpoint == null ) -// endpoint = sss; - - } - - return endpoint; - } - + + return binaryLightToken; + } + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java index 055c402f..f0b37ede 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java @@ -5,84 +5,78 @@ package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.tasks; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.opensaml.saml2.core.StatusCode; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; -import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; -import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; -import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASResponseNotSuccessException; -import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.eidas.validator.eIDASResponseValidator; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; -import eu.eidas.auth.commons.EidasStringUtil; -import eu.eidas.auth.commons.protocol.IAuthenticationResponse; -import eu.eidas.auth.engine.ProtocolEngineI; -import eu.eidas.engine.exceptions.EIDASSAMLEngineException; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.validator.eIDASResponseValidator; +import eu.eidas.auth.commons.light.ILightResponse; -@Component("ReceiveAuthnResponseTask") +@Component("ReceiveResponseFromeIDASNodeTask") public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { - - @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; + private static final Logger log = LoggerFactory.getLogger(ReceiveAuthnResponseTask.class); - @Override + @Autowired private ApplicationContext context; + @Autowired private IConfiguration basicConfig; + @Autowired private eIDASAttributeRegistry attrRegistry; + + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - - try{ - //get SAML Response - String base64SamlToken = request.getParameter("SAMLResponse"); - if (MiscUtil.isEmpty(base64SamlToken)) { - Logger.warn("No eIDAS SAMLReponse found in http request."); - throw new MOAIDException("HTTP request includes no eIDAS SAML-Response element.", null); + try{ + +// //get token from Request +// final String tokenBase64 = request.getParameter(EidasParameterKeys.TOKEN.toString()); +// if (StringUtils.isEmpty(tokenBase64)) { +// log.warn("NO eIDAS message token found."); +// throw new eIDASAuthenticationException("TODO", null, +// "NO eIDAS message token found."); +// +// } +// +// //get eIDAS response from cache +// final SpecificConnectorCommunicationServiceImpl specificConnectorCommunicationService = +// (SpecificConnectorCommunicationServiceImpl) context.getBean(SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); +// ILightResponse eIDASResponse = specificConnectorCommunicationService.getAndRemoveResponse(tokenBase64, +// ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); + + ILightResponse eIDASResponse = (ILightResponse) request.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE); + if (eIDASResponse == null) { + log.warn("NO eIDAS response-message found."); + throw new eIDASAuthenticationException("eidas.01", null); } - //get MOASession - defaultTaskInitialization(request, executionContext); + log.debug("Receive eIDAS response with RespId:" + eIDASResponse.getId() + " for ReqId:" + eIDASResponse.getInResponseToId()); - //decode SAML response - byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken); - - //get eIDAS SAML-engine - ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); - - //validate SAML token - IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken, - request.getRemoteHost(), - Constants.CONFIG_PROPS_SKEWTIME_BEFORE, - Constants.CONFIG_PROPS_SKEWTIME_AFTER, - pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA); - - if (samlResp.isEncrypted()) { - Logger.info("Received encrypted eIDAS SAML-Response."); - //TODO: check if additional decryption operation is required - - } - - - //check response StatusCode - if (!samlResp.getStatusCode().equals(StatusCode.SUCCESS_URI)) { - Logger.info("Receice eIDAS Response with StatusCode:" + samlResp.getStatusCode() - + " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getStatusMessage()); - throw new EIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getStatusMessage()}); + + //check response StatusCode + if (!eIDASResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) { + log.info("Receice eIDAS Response with StatusCode:" + eIDASResponse.getStatus().getStatusCode() + + " Subcode:" + eIDASResponse.getStatus().getSubStatusCode() + " Msg:" + eIDASResponse.getStatus().getStatusMessage()); + throw new eIDASAuthenticationException("eidas.02", new Object[]{eIDASResponse.getStatus().getStatusCode(), eIDASResponse.getStatus().getStatusMessage()}); } + // extract all Attributes from response + + + // ********************************************************** - // ******* MOA-ID specific response validation ********** + // ******* MS-specificresponse validation ********** // ********************************************************** - String spCountry = authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); - eIDASResponseValidator.validateResponse(pendingReq, samlResp, spCountry); + String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); + eIDASResponseValidator.validateResponse(pendingReq, eIDASResponse, spCountry, attrRegistry); // ********************************************************** @@ -90,51 +84,24 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { // ********************************************************** //update MOA-Session data with received information - Logger.debug("Store eIDAS response information into MOA-session."); - - moasession.setQAALevel(samlResp.getLevelOfAssurance()); - - moasession.setGenericDataToSession( - AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, - samlResp.getAttributes()); - - moasession.setGenericDataToSession( - AuthenticationSessionStorageConstants.eIDAS_RESPONSE, - decSamlToken); + log.debug("Store eIDAS response information into pending-request."); + AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + authProcessData.setQAALevel(eIDASResponse.getLevelOfAssurance()); + authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eIDASResponse); - //set issuer nation as PVP attribute into MOASession - moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); - //store MOA-session to database requestStoreage.storePendingRequest(pendingReq); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, - MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, - samlResp.getId()); + revisionsLogger.logEvent(pendingReq, -1, eIDASResponse.getId()); - } catch (MOAIDException e) { + } catch (EAAFException e) { throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); - - }catch (EIDASSAMLEngineException e) { - Logger.warn("eIDAS Response validation FAILED.", e); - Logger.debug("eIDAS response was: " + request.getParameter("SAMLResponse")); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, - MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); - throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", - new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e)); - } catch (MOADatabaseException e) { - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, - MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); - throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", - new MOAIDException("init.04", new Object[]{""}, e)); - } catch (Exception e) { - Logger.warn("eIDAS Response processing FAILED.", e); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, - MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); + log.warn("eIDAS Response processing FAILED.", e); + revisionsLogger.logEvent(pendingReq, -1); throw new TaskExecutionException(pendingReq, e.getMessage(), - new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e)); + new eIDASAuthenticationException("eidas.05", new Object[]{e.getMessage()}, e)); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/utils/LoggingHandler.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/utils/LoggingHandler.java new file mode 100644 index 00000000..c58d369b --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/utils/LoggingHandler.java @@ -0,0 +1,52 @@ +package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.utils; + +import java.io.ByteArrayOutputStream; +import java.util.Set; + +import javax.xml.namespace.QName; +import javax.xml.soap.SOAPMessage; +import javax.xml.ws.handler.MessageContext; +import javax.xml.ws.handler.soap.SOAPHandler; +import javax.xml.ws.handler.soap.SOAPMessageContext; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class LoggingHandler implements SOAPHandler<SOAPMessageContext> { + + Logger log = LoggerFactory.getLogger(LoggingHandler.class); + + public boolean handleMessage(SOAPMessageContext context) { + SOAPMessage msg = context.getMessage(); + boolean request = ((Boolean) context + .get(SOAPMessageContext.MESSAGE_OUTBOUND_PROPERTY)).booleanValue(); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + + try { + if (request) { + msg.writeTo(bos); + } else { // This is the response message + msg.writeTo(bos); + } + + log.trace(bos.toString()); + log.trace(new String(bos.toByteArray())); + + } catch (Exception e) { + log.trace(e.getMessage(), e); + } + return true; + } + + public boolean handleFault(SOAPMessageContext context) { + return handleMessage(context); + } + + public void close(MessageContext context) { + } + + public Set<QName> getHeaders() { + return null; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/utils/eIDASResponseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/utils/eIDASResponseUtils.java new file mode 100644 index 00000000..165c35cb --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/utils/eIDASResponseUtils.java @@ -0,0 +1,98 @@ +package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.utils; + +import java.util.ArrayList; +import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.joda.time.DateTime; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.collect.ImmutableList; + +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeValue; +import eu.eidas.auth.commons.attribute.AttributeValueMarshaller; +import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; + +public class eIDASResponseUtils { + private static final Logger log = LoggerFactory.getLogger(eIDASResponseUtils.class); + + public static final String PERSONALIDENIFIER_VALIDATION_PATTERN = "^[A-Z,a-z]{2}/[A-Z,a-z]{2}/.*"; + + /** + * Validate a eIDAS PersonalIdentifier attribute value + * This validation is done according to eIDAS SAML Attribute Profile - Section 2.2.3 Unique Identifier + * + * @param uniqueID eIDAS attribute value of a unique identifier + * @return true if the uniqueID matches to eIDAS to Unique Identifier specification, otherwise false + */ + public static boolean validateEidasPersonalIdentifier(String uniqueID) { + Pattern pattern = Pattern.compile(PERSONALIDENIFIER_VALIDATION_PATTERN ); + Matcher matcher = pattern.matcher(uniqueID); + return matcher.matches(); + + } + + + /** + * Parse an eIDAS PersonalIdentifier attribute value into it components. + * This processing is done according to eIDAS SAML Attribute Profile - Section 2.2.3 Unique Identifier + * + * @param uniqueID eIDAS attribute value of a unique identifier + * @return {@link Trible} that contains: + * <br> First : citizen country + * <br> Second: destination country + * <br> Third : unique identifier + * <br> or null if the attribute value has a wrong format + */ + public static Trible<String, String, String> parseEidasPersonalIdentifier(String uniqueID) { + if (!validateEidasPersonalIdentifier(uniqueID)) { + log.error("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + + " looks wrong formated. Value:" + ((String)uniqueID)); + return null; + + } + return Trible.newInstance(uniqueID.substring(0, 2), uniqueID.substring(3, 5), uniqueID.substring(6)); + + } + + public static List<String> translateStringListAttribute(AttributeDefinition<?> attributeDefinition, ImmutableList<? extends AttributeValue<?>> attributeValues) { + final List<String> stringListAttribute = new ArrayList<String>(); + AttributeValueMarshaller<?> attributeValueMarshaller = attributeDefinition.getAttributeValueMarshaller(); + for (AttributeValue<?> attributeValue : attributeValues) { + String valueString = null; + try { + valueString = attributeValueMarshaller.marshal((AttributeValue) attributeValue); + stringListAttribute.add(valueString); + } catch (AttributeValueMarshallingException e) { + throw new IllegalStateException(e); + + } + } + + return stringListAttribute; + + } + + public static DateTime translateDateAttribute(AttributeDefinition<?> attributeDefinition, ImmutableList<? extends AttributeValue<?>> attributeValues) { + if (attributeValues.size() != 0) { + final AttributeValue<?> firstAttributeValue = attributeValues.get(0); + return (DateTime) firstAttributeValue.getValue(); + + } + + return null; + } + + public static PostalAddress translateAddressAttribute(AttributeDefinition<?> attributeDefinition, ImmutableList<? extends AttributeValue<?>> attributeValues) { + final AttributeValue<?> firstAttributeValue = attributeValues.get(0); + return (PostalAddress) firstAttributeValue.getValue(); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java new file mode 100644 index 00000000..3791d0d7 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java @@ -0,0 +1,135 @@ +package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.validator; + +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.collect.ImmutableList; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASValidationException; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeValue; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance; + +/** + * @author tlenz + * + */ +public class eIDASResponseValidator { + private static final Logger log = LoggerFactory.getLogger(eIDASResponseValidator.class); + + public static void validateResponse(IRequest pendingReq, ILightResponse eIDASResponse, String spCountry, eIDASAttributeRegistry attrRegistry) throws eIDASValidationException { + + /*-----------------------------------------------------| + * validate received LoA against minimum required LoA | + *_____________________________________________________| + */ + LevelOfAssurance respLoA = LevelOfAssurance.fromString(eIDASResponse.getLevelOfAssurance()); + List<String> allowedLoAs = pendingReq.getServiceProviderConfiguration().getRequiredLoA(); + boolean loaValid = false; + for (String allowedLoaString : allowedLoAs) { + LevelOfAssurance allowedLoa = LevelOfAssurance.fromString(allowedLoaString); + if (respLoA.numericValue() >= allowedLoa.numericValue()) { + log.debug("Response contains valid LoA. Resume process ... "); + loaValid = true; + break; + + } else + log.trace("Allowed LoA: " + allowedLoaString + " DOES NOT match response LoA: " + eIDASResponse.getLevelOfAssurance()); + + } + + if (!loaValid) { + log.error("eIDAS Response LevelOfAssurance is lower than the required! " + + "(Resp-LoA:" + respLoA.getValue() + " Req-LoA:" + allowedLoAs.toArray() + ")"); + throw new eIDASValidationException("eidas.06", new Object[]{respLoA.getValue()}); + + } + + + + /*-----------------------------------------------------| + * validate 'PersonalIdentifier' attribute | + *_____________________________________________________| + */ + AttributeDefinition<?> attrDefinition = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); + final ImmutableList<? extends AttributeValue<?>> attributeValues = eIDASResponse.getAttributes().getAttributeMap().get(attrDefinition).asList(); + List<String> personalIdObj = eIDASResponseUtils.translateStringListAttribute(attrDefinition, attributeValues); + + //check if attribute exists + if (personalIdObj == null || personalIdObj.isEmpty()) { + log.warn("eIDAS Response include NO 'PersonalIdentifier' attriubte " + + ".... That can be a BIG problem in further processing steps"); + throw new eIDASValidationException("eidas.05", new Object[] {"NO 'PersonalIdentifier' attriubte"}); + + } else if (personalIdObj.size() > 1) { + log.warn("eIDAS Response include MORE THAN ONE 'PersonalIdentifier' attriubtes " + + ".... That can be a BIG problem in further processing steps"); + throw new eIDASValidationException("eidas.05", new Object[] {"MORE THAN ONE 'PersonalIdentifier' attriubtes"}); + + } else { + String natPersId = personalIdObj.get(0); + //validate attribute value format + Trible<String, String, String> split = + eIDASResponseUtils.parseEidasPersonalIdentifier(natPersId); + if (split == null) { + throw new eIDASValidationException("eidas.07", + new Object[]{ + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + "Wrong identifier format"}); + + } else { + //validation according to eIDAS SAML Attribute Profile, Section 2.2.3 + if (StringUtils.isEmpty(split.getSecond())) { + log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + + " includes NO destination country. Value:" + natPersId); + throw new eIDASValidationException("eidas.07", + new Object[]{ + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + "No or empty destination country"}); + + } + if (!split.getSecond().equalsIgnoreCase(spCountry)) { + log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + + " includes wrong destination country. Value:" + natPersId + + " SP-Country:" + spCountry); + throw new eIDASValidationException("eidas.07", + new Object[]{ + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + "Destination country does not match to SP country"}); + + } + + if (StringUtils.isEmpty(split.getFirst())) { + log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + + " includes NO citizen country. Value:" + natPersId); + throw new eIDASValidationException("eidas.07", + new Object[]{ + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + "No or empty citizen country"}); + + } + if (!split.getSecond().equalsIgnoreCase(spCountry)) { + log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + + " includes a relaying-party country that does not match to service-provider country. " + + " Value:" + natPersId + + " SP Country:" + spCountry); + throw new eIDASValidationException("eidas.07", + new Object[]{ + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + "Citizen country does not match to eIDAS-node country that generates the response"}); + + } + } + } + + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index 958c3391..14ef4b42 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -3,18 +3,17 @@ xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> - <pd:Task id="createAuthnRequest" class="GenerateAuthnRequestTask" /> - <pd:Task id="receiveAuthnResponse" class="ReceiveAuthnResponseTask" - async="true" /> - <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> - <pd:Task id="generateIdentityLink" class="CreateIdentityLinkTask" /> + <pd:Task id="createAuthnRequest" class="ConnecteIDASNodeTask" /> + <pd:Task id="receiveAuthnResponse" class="ReceiveResponseFromeIDASNodeTask" async="true" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + <pd:Task id="generateIdentityLink" class="CreateIdentityLinkTask" /> <pd:StartEvent id="start" /> - <pd:Transition from="start" to="createAuthnRequest" /> - <pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" /> - <pd:Transition from="receiveAuthnResponse" to="generateIdentityLink" /> - <pd:Transition from="generateIdentityLink" to="finalizeAuthentication" /> - <pd:Transition from="finalizeAuthentication" to="end" /> + <pd:Transition from="start" to="createAuthnRequest" /> + <pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" /> + <pd:Transition from="receiveAuthnResponse" to="generateIdentityLink" /> + <pd:Transition from="generateIdentityLink" to="finalizeAuthentication" /> + <pd:Transition from="finalizeAuthentication" to="end" /> <pd:EndEvent id="end" /> </pd:ProcessDefinition> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/additional-attributes.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/additional-attributes.xml new file mode 100644 index 00000000..a72ac1e8 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/additional-attributes.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ~ Copyright (c) 2017 by European Commission + ~ + ~ Licensed under the EUPL, Version 1.2 or - as soon they will be + ~ approved by the European Commission - subsequent versions of the + ~ EUPL (the "Licence"); + ~ You may not use this work except in compliance with the Licence. + ~ You may obtain a copy of the Licence at: + ~ https://joinup.ec.europa.eu/page/eupl-text-11-12 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the Licence is distributed on an "AS IS" basis, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + ~ implied. + ~ See the Licence for the specific language governing permissions and + ~ limitations under the Licence. + --> + +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> +<properties> + <comment>Dynamic attributes</comment> + + <entry key="1.NameUri">http://eidas.europa.eu/attributes/naturalperson/AdditionalAttribute</entry> + <entry key="1.FriendlyName">AdditionalAttribute</entry> + <entry key="1.PersonType">NaturalPerson</entry> + <entry key="1.Required">false</entry> + <entry key="1.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry> + <entry key="1.XmlType.LocalPart">string</entry> + <entry key="1.XmlType.NamespacePrefix">xs</entry> + <entry key="1.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="2.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalAdditionalAttribute</entry> + <entry key="2.FriendlyName">LegalAdditionalAttribute</entry> + <entry key="2.PersonType">LegalPerson</entry> + <entry key="2.Required">false</entry> + <entry key="2.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry> + <entry key="2.XmlType.LocalPart">string</entry> + <entry key="2.XmlType.NamespacePrefix">xs</entry> + <entry key="2.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + +</properties> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/eidas-attributes.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/eidas-attributes.xml new file mode 100644 index 00000000..c9288d59 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS/eidas-attributes.xml @@ -0,0 +1,379 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ~ Copyright (c) 2017 by European Commission + ~ + ~ Licensed under the EUPL, Version 1.2 or - as soon they will be + ~ approved by the European Commission - subsequent versions of the + ~ EUPL (the "Licence"); + ~ You may not use this work except in compliance with the Licence. + ~ You may obtain a copy of the Licence at: + ~ https://joinup.ec.europa.eu/page/eupl-text-11-12 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the Licence is distributed on an "AS IS" basis, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + ~ implied. + ~ See the Licence for the specific language governing permissions and + ~ limitations under the Licence. + --> + +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> +<properties> + <comment>eIDAS attributes</comment> + + <entry key="1.NameUri">http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier</entry> + <entry key="1.FriendlyName">PersonIdentifier</entry> + <entry key="1.PersonType">NaturalPerson</entry> + <entry key="1.Required">true</entry> + <entry key="1.UniqueIdentifier">true</entry> + <entry key="1.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="1.XmlType.LocalPart">PersonIdentifierType</entry> + <entry key="1.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="1.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="2.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName</entry> + <entry key="2.FriendlyName">FamilyName</entry> + <entry key="2.PersonType">NaturalPerson</entry> + <entry key="2.Required">true</entry> + <entry key="2.TransliterationMandatory">true</entry> + <entry key="2.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="2.XmlType.LocalPart">CurrentFamilyNameType</entry> + <entry key="2.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="2.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="3.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName</entry> + <entry key="3.FriendlyName">FirstName</entry> + <entry key="3.PersonType">NaturalPerson</entry> + <entry key="3.Required">true</entry> + <entry key="3.TransliterationMandatory">true</entry> + <entry key="3.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="3.XmlType.LocalPart">CurrentGivenNameType</entry> + <entry key="3.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="3.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="4.NameUri">http://eidas.europa.eu/attributes/naturalperson/DateOfBirth</entry> + <entry key="4.FriendlyName">DateOfBirth</entry> + <entry key="4.PersonType">NaturalPerson</entry> + <entry key="4.Required">true</entry> + <entry key="4.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="4.XmlType.LocalPart">DateOfBirthType</entry> + <entry key="4.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="4.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller</entry> + + <entry key="5.NameUri">http://eidas.europa.eu/attributes/naturalperson/BirthName</entry> + <entry key="5.FriendlyName">BirthName</entry> + <entry key="5.PersonType">NaturalPerson</entry> + <entry key="5.Required">false</entry> + <entry key="5.TransliterationMandatory">true</entry> + <entry key="5.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="5.XmlType.LocalPart">BirthNameType</entry> + <entry key="5.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="5.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="6.NameUri">http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth</entry> + <entry key="6.FriendlyName">PlaceOfBirth</entry> + <entry key="6.PersonType">NaturalPerson</entry> + <entry key="6.Required">false</entry> + <entry key="6.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="6.XmlType.LocalPart">PlaceOfBirthType</entry> + <entry key="6.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="6.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="7.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentAddress</entry> + <entry key="7.FriendlyName">CurrentAddress</entry> + <entry key="7.PersonType">NaturalPerson</entry> + <entry key="7.Required">false</entry> + <entry key="7.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="7.XmlType.LocalPart">CurrentAddressType</entry> + <entry key="7.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="7.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller</entry> + + <entry key="8.NameUri">http://eidas.europa.eu/attributes/naturalperson/Gender</entry> + <entry key="8.FriendlyName">Gender</entry> + <entry key="8.PersonType">NaturalPerson</entry> + <entry key="8.Required">false</entry> + <entry key="8.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry> + <entry key="8.XmlType.LocalPart">GenderType</entry> + <entry key="8.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="8.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller</entry> + + <entry key="9.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier</entry> + <entry key="9.FriendlyName">LegalPersonIdentifier</entry> + <entry key="9.PersonType">LegalPerson</entry> + <entry key="9.Required">true</entry> + <entry key="9.UniqueIdentifier">true</entry> + <entry key="9.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="9.XmlType.LocalPart">LegalPersonIdentifierType</entry> + <entry key="9.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="9.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="10.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalName</entry> + <entry key="10.FriendlyName">LegalName</entry> + <entry key="10.PersonType">LegalPerson</entry> + <entry key="10.Required">true</entry> + <entry key="10.TransliterationMandatory">true</entry> + <entry key="10.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="10.XmlType.LocalPart">LegalNameType</entry> + <entry key="10.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="10.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="11.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalPersonAddress</entry> + <entry key="11.FriendlyName">LegalAddress</entry> + <entry key="11.PersonType">LegalPerson</entry> + <entry key="11.Required">false</entry> + <entry key="11.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="11.XmlType.LocalPart">LegalPersonAddressType</entry> + <entry key="11.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="11.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.LegalAddressAttributeValueMarshaller</entry> + + <entry key="12.NameUri">http://eidas.europa.eu/attributes/legalperson/VATRegistrationNumber</entry> + <entry key="12.FriendlyName">VATRegistration</entry> + <entry key="12.PersonType">LegalPerson</entry> + <entry key="12.Required">false</entry> + <entry key="12.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="12.XmlType.LocalPart">VATRegistrationNumberType</entry> + <entry key="12.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="12.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="13.NameUri">http://eidas.europa.eu/attributes/legalperson/TaxReference</entry> + <entry key="13.FriendlyName">TaxReference</entry> + <entry key="13.PersonType">LegalPerson</entry> + <entry key="13.Required">false</entry> + <entry key="13.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="13.XmlType.LocalPart">TaxReferenceType</entry> + <entry key="13.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="13.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="14.NameUri">http://eidas.europa.eu/attributes/legalperson/D-2012-17-EUIdentifier</entry> + <entry key="14.FriendlyName">D-2012-17-EUIdentifier</entry> + <entry key="14.PersonType">LegalPerson</entry> + <entry key="14.Required">false</entry> + <entry key="14.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="14.XmlType.LocalPart">D-2012-17-EUIdentifierType</entry> + <entry key="14.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="14.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="15.NameUri">http://eidas.europa.eu/attributes/legalperson/LEI</entry> + <entry key="15.FriendlyName">LEI</entry> + <entry key="15.PersonType">LegalPerson</entry> + <entry key="15.Required">false</entry> + <entry key="15.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="15.XmlType.LocalPart">LEIType</entry> + <entry key="15.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="15.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="16.NameUri">http://eidas.europa.eu/attributes/legalperson/EORI</entry> + <entry key="16.FriendlyName">EORI</entry> + <entry key="16.PersonType">LegalPerson</entry> + <entry key="16.Required">false</entry> + <entry key="16.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="16.XmlType.LocalPart">EORIType</entry> + <entry key="16.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="16.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="17.NameUri">http://eidas.europa.eu/attributes/legalperson/SEED</entry> + <entry key="17.FriendlyName">SEED</entry> + <entry key="17.PersonType">LegalPerson</entry> + <entry key="17.Required">false</entry> + <entry key="17.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="17.XmlType.LocalPart">SEEDType</entry> + <entry key="17.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="17.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="18.NameUri">http://eidas.europa.eu/attributes/legalperson/SIC</entry> + <entry key="18.FriendlyName">SIC</entry> + <entry key="18.PersonType">LegalPerson</entry> + <entry key="18.Required">false</entry> + <entry key="18.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry> + <entry key="18.XmlType.LocalPart">SICType</entry> + <entry key="18.XmlType.NamespacePrefix">eidas-legal</entry> + <entry key="18.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="19.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/PersonIdentifier</entry> + <entry key="19.FriendlyName">RepresentativePersonIdentifier</entry> + <entry key="19.PersonType">RepresentativeNaturalPerson</entry> + <entry key="19.Required">false</entry> + <entry key="19.UniqueIdentifier">true</entry> + <entry key="19.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="19.XmlType.LocalPart">PersonIdentifierType</entry> + <entry key="19.XmlType.NamespacePrefix">eidas-natural</entry> + <entry key="19.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="20.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentFamilyName</entry> + <entry key="20.FriendlyName">RepresentativeFamilyName</entry> + <entry key="20.PersonType">RepresentativeNaturalPerson</entry> + <entry key="20.Required">false</entry> + <entry key="20.TransliterationMandatory">true</entry> + <entry key="20.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="20.XmlType.LocalPart">CurrentFamilyNameType</entry> + <entry key="20.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="20.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="21.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentGivenName</entry> + <entry key="21.FriendlyName">RepresentativeFirstName</entry> + <entry key="21.PersonType">RepresentativeNaturalPerson</entry> + <entry key="21.Required">false</entry> + <entry key="21.TransliterationMandatory">true</entry> + <entry key="21.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="21.XmlType.LocalPart">CurrentGivenNameType</entry> + <entry key="21.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="21.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="22.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/DateOfBirth</entry> + <entry key="22.FriendlyName">RepresentativeDateOfBirth</entry> + <entry key="22.PersonType">RepresentativeNaturalPerson</entry> + <entry key="22.Required">false</entry> + <entry key="22.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="22.XmlType.LocalPart">DateOfBirthType</entry> + <entry key="22.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="22.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller</entry> + + <entry key="23.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/BirthName</entry> + <entry key="23.FriendlyName">RepresentativeBirthName</entry> + <entry key="23.PersonType">RepresentativeNaturalPerson</entry> + <entry key="23.Required">false</entry> + <entry key="23.TransliterationMandatory">true</entry> + <entry key="23.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="23.XmlType.LocalPart">BirthNameType</entry> + <entry key="23.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="23.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="24.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/PlaceOfBirth</entry> + <entry key="24.FriendlyName">RepresentativePlaceOfBirth</entry> + <entry key="24.PersonType">RepresentativeNaturalPerson</entry> + <entry key="24.Required">false</entry> + <entry key="24.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="24.XmlType.LocalPart">PlaceOfBirthType</entry> + <entry key="24.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="24.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="25.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentAddress</entry> + <entry key="25.FriendlyName">RepresentativeCurrentAddress</entry> + <entry key="25.PersonType">RepresentativeNaturalPerson</entry> + <entry key="25.Required">false</entry> + <entry key="25.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="25.XmlType.LocalPart">CurrentAddressType</entry> + <entry key="25.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="25.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvCurrentAddressAttributeValueMarshaller</entry> + + <entry key="26.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/Gender</entry> + <entry key="26.FriendlyName">RepresentativeGender</entry> + <entry key="26.PersonType">RepresentativeNaturalPerson</entry> + <entry key="26.Required">false</entry> + <entry key="26.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry> + <entry key="26.XmlType.LocalPart">GenderType</entry> + <entry key="26.XmlType.NamespacePrefix">eidas-reprentative-natural</entry> + <entry key="26.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller</entry> + + <entry key="27.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonIdentifier</entry> + <entry key="27.FriendlyName">RepresentativeLegalPersonIdentifier</entry> + <entry key="27.PersonType">RepresentativeLegalPerson</entry> + <entry key="27.Required">false</entry> + <entry key="27.UniqueIdentifier">true</entry> + <entry key="27.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="27.XmlType.LocalPart">LegalPersonIdentifierType</entry> + <entry key="27.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="27.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="28.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalName</entry> + <entry key="28.FriendlyName">RepresentativeLegalName</entry> + <entry key="28.PersonType">RepresentativeLegalPerson</entry> + <entry key="28.Required">false</entry> + <entry key="28.TransliterationMandatory">true</entry> + <entry key="28.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="28.XmlType.LocalPart">LegalNameType</entry> + <entry key="28.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="28.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="29.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress</entry> + <entry key="29.FriendlyName">RepresentativeLegalAddress</entry> + <entry key="29.PersonType">RepresentativeLegalPerson</entry> + <entry key="29.Required">false</entry> + <entry key="29.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="29.XmlType.LocalPart">LegalPersonAddressType</entry> + <entry key="29.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="29.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller</entry> + + <entry key="30.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber</entry> + <entry key="30.FriendlyName">RepresentativeVATRegistration</entry> + <entry key="30.PersonType">RepresentativeLegalPerson</entry> + <entry key="30.Required">false</entry> + <entry key="30.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="30.XmlType.LocalPart">VATRegistrationNumberType</entry> + <entry key="30.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="30.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="31.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/TaxReference</entry> + <entry key="31.FriendlyName">RepresentativeTaxReference</entry> + <entry key="31.PersonType">RepresentativeLegalPerson</entry> + <entry key="31.Required">false</entry> + <entry key="31.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="31.XmlType.LocalPart">TaxReferenceType</entry> + <entry key="31.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="31.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="32.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/D-2012-17-EUIdentifier</entry> + <entry key="32.FriendlyName">RepresentativeD-2012-17-EUIdentifier</entry> + <entry key="32.PersonType">RepresentativeLegalPerson</entry> + <entry key="32.Required">false</entry> + <entry key="32.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="32.XmlType.LocalPart">D-2012-17-EUIdentifierType</entry> + <entry key="32.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="32.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="33.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LEI</entry> + <entry key="33.FriendlyName">RepresentativeLEI</entry> + <entry key="33.PersonType">RepresentativeLegalPerson</entry> + <entry key="33.Required">false</entry> + <entry key="33.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="33.XmlType.LocalPart">LEIType</entry> + <entry key="33.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="33.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="34.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/EORI</entry> + <entry key="34.FriendlyName">RepresentativeEORI</entry> + <entry key="34.PersonType">RepresentativeLegalPerson</entry> + <entry key="34.Required">false</entry> + <entry key="34.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="34.XmlType.LocalPart">EORIType</entry> + <entry key="34.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="34.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="35.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/SEED</entry> + <entry key="35.FriendlyName">RepresentativeSEED</entry> + <entry key="35.PersonType">RepresentativeLegalPerson</entry> + <entry key="35.Required">false</entry> + <entry key="35.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="35.XmlType.LocalPart">SEEDType</entry> + <entry key="35.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="35.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="36.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/SIC</entry> + <entry key="36.FriendlyName">RepresentativeSIC</entry> + <entry key="36.PersonType">RepresentativeLegalPerson</entry> + <entry key="36.Required">false</entry> + <entry key="36.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="36.XmlType.LocalPart">SICType</entry> + <entry key="36.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="36.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + <entry key="39.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress</entry> + <entry key="39.FriendlyName">RepresentativeLegalAddress</entry> + <entry key="39.PersonType">RepresentativeLegalPerson</entry> + <entry key="39.Required">false</entry> + <entry key="39.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="39.XmlType.LocalPart">LegalPersonAddressType</entry> + <entry key="39.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="39.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller</entry> + + <entry key="40.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber</entry> + <entry key="40.FriendlyName">RepresentativeVATRegistration</entry> + <entry key="40.PersonType">RepresentativeLegalPerson</entry> + <entry key="40.Required">false</entry> + <entry key="40.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry> + <entry key="40.XmlType.LocalPart">VATRegistrationNumberType</entry> + <entry key="40.XmlType.NamespacePrefix">eidas-reprentative-legal</entry> + <entry key="40.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> + + +</properties> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 1ad8cbeb..4664bc27 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -9,6 +9,27 @@ <context:annotation-config /> + <import resource="classpath:specificCommunicationDefinitionApplicationContext.xml"/> + + <bean id="SZRClientForeIDAS" + class="at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient" /> + + <bean id="specificConnectorAttributesFile" class="java.lang.String"> + <constructor-arg value="eidas-attributes.xml"/> + </bean> + + <bean id="specificAdditionalAttributesFile" class="java.lang.String"> + <constructor-arg value="additional-attributes.xml"/> + </bean> + + <bean id="specificConnectorAttributesFileWithPath" class="java.lang.String"> + <constructor-arg value="#{specificConnectorConfigRepository}#{specificConnectorAttributesFile}"/> + </bean> + + <bean id="specificConnectorAdditionalAttributesFileWithPath" class="java.lang.String"> + <constructor-arg value="#{specificConnectorConfigRepository}#{specificAdditionalAttributesFile}"/> + </bean> + <bean id="eIDASAuthModule" class="at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.eIDASAuthenticationModulImpl"> <property name="priority" value="2" /> @@ -17,13 +38,18 @@ <bean id="eIDASSignalServlet" class="at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.eIDASSignalServlet" /> + <bean id="attributeRegistry" + class="at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry"> + <property name="eidasAttributesFile" ref="specificConnectorAttributesFileWithPath"/> + <property name="additionalAttributesFile" ref="specificConnectorAdditionalAttributesFileWithPath"/> + </bean> <!-- Authentication Process Tasks --> - <bean id="GenerateAuthnRequestTask" + <bean id="ConnecteIDASNodeTask" class="at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.tasks.GenerateAuthnRequestTask" scope="prototype" /> - <bean id="ReceiveAuthnResponseTask" + <bean id="ReceiveResponseFromeIDASNodeTask" class="at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.tasks.ReceiveAuthnResponseTask" scope="prototype" /> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml new file mode 100644 index 00000000..09084a34 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:si="http://www.w3.org/2001/XMLSchema-instance" AssertionID="szr.bmi.gv.at-AssertionID13456264458587874" IssueInstant="2012-08-22T11:07:25+01:00" Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" MinorVersion="0" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person si:type="pr:PhysicalPersonType"><pr:Identification><pr:Value>wJO/bvDJjUysG0yARn7I6w==</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type></pr:Identification><pr:Name><pr:GivenName>XXXRúùd</pr:GivenName><pr:FamilyName primary="undefined">XXXVàn Nisteĺrooy</pr:FamilyName></pr:Name><pr:DateOfBirth>1969-02-13</pr:DateOfBirth></pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"><saml:AttributeValue><ecdsa:ECDSAKeyValue><ecdsa:DomainParameters><ecdsa:NamedCurve URN="urn:oid:1.2.840.10045.3.1.7"/></ecdsa:DomainParameters><ecdsa:PublicKey><ecdsa:X Value="22280299907126338788314199678167217078072953115254374209747379168424021905237" si:type="ecdsa:PrimeFieldElemType"/><ecdsa:Y Value="40387096985250872237992703378062984723606079359080588656963239072881568409170" si:type="ecdsa:PrimeFieldElemType"/></ecdsa:PublicKey></ecdsa:ECDSAKeyValue></saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"><saml:AttributeValue><dsig:RSAKeyValue><dsig:Modulus>4Y4FL09VhczsfYQgFPuycP8quJNZBAAu1R1rFXNodI2711B6BTMjAGQn6xuFWfd3/nyFav/MLTr/ +t2VazvANS4TRFxJAcWyIx7xbxCdzZr6gJ+FCmq4g5JPrQvt50v3JX+wKSYft1gHBOWlDn90Ia4Gm +P8MVuze21T+VVKM6ZklmS6d5PT1er/uYQFydGErmJ17xlSQG6Fi5xuftopBDyJxG1tL1KIebpLFg +gaM2EyuB1HxH8/+Mfqa4UgeqIH65</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></saml:AttributeValue></saml:Attribute></saml:AttributeStatement> + <dsig:Signature> + <dsig:SignedInfo> + <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <dsig:Reference URI=""> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> + <dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath> + </dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + </dsig:Transforms> + <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <dsig:DigestValue>KEQEPY2O3Z3IRaISSSoRZVPzsHE=</dsig:DigestValue> + </dsig:Reference> + <dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"> + <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <dsig:DigestValue>gzGhjH1kdmPcPbgen0xojNIoJLk=</dsig:DigestValue> + </dsig:Reference> + </dsig:SignedInfo> + <dsig:SignatureValue> + 06wqWHgplwpu3N5HMhzb6QC5NkXMO1z4N4oc1L6eDqwZlvFJ9X1XGW//QqviKO9oog3il7IzdfJwnjygR4trgGCIqx+JYCDHJCrG9l8zlxlSW0ZqfsygGXthutcQ1aeUpfO6jYuhnWOUywa8BgzukRtWT+AOJBQZPRYTb8IBmey+uAwlhFLni94eMOd81l+efCvkWi3jRajwsG8ZOaNxSZT3aEV5vj+32Aqtx2MPEVzQWtIA7GqZi+EzcdSdHQvHhg7UB+8kqbU70ENAJbEMTANFZYvLOJ0Om9KfDtPf/+R2TvTc360fNo9RnPl04pHPhCIjcGZhFZorBpUhXFwd2Q== + </dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIF3TCCBMWgAwIBAgIDByniMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIwIAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMB4XDTEwMDcyODExMzY0M1oXDTE1MDcyODExMzY0M1owgbYxCzAJBgNVBAYTAkFUMR4wHAYDVQQKDBVEYXRlbnNjaHV0emtvbW1pc3Npb24xIjAgBgNVBAsMGVN0YW1temFobHJlZ2lzdGVyYmVob2VyZGUxLjAsBgNVBAMMJVNpZ25hdHVyc2VydmljZSBEYXRlbnNjaHV0emtvbW1pc3Npb24xFTATBgNVBAUTDDMyNTkyODMyMzk5ODEcMBoGCSqGSIb3DQEJARYNZHNrQGRzay5ndi5hdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+dBSEBGj2jUXIK1Mp3lVxc/Za+pJMiyKrX3G1ZxgX/ikx7D9scsPYMt473LlAWl9cmCbHbJK+PV2XNNdURLMUCIX+4vUNs2MHeDTQtX8BXjJFpwJYSoaRJQ39FVS/1r5sWcra9Hhdm7w5Gtx/2ukyDX0kdkxawkhP4EQEzi/SI+Fugn+WqgQ1nAdlbxb/dcBw5w1h9b3lmuwUf4z3ooQWUD2DgA/kKd1KejNR43mLUsmvSzevPxT9zs78pOR1OacB7IszTVJPXeOEaaNZHnnB/UeO3g8LEV/3OkXcUgcMkbIIiaBHlll71Pq0COj9kqjXoe7OrRjLY5i3KwOpa6TMCAwEAAaOCAgcwggIDMBMGA1UdIwQMMAqACEkcWDpP6A0DMH8GCCsGAQUFBwEBBHMwcTAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AuYS10cnVzdC5hdC9vY3NwMEYGCCsGAQUFBzAChjpodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMmEuY3J0MFQGA1UdIARNMEswSQYGKigAEQESMD8wPQYIKwYBBQUHAgEWMWh0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Etc2lnbi1BbXRzc2lnbmF0dXIwgZ4GA1UdHwSBljCBkzCBkKCBjaCBioaBh2xkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMixvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQITAgOnhr0tbowDgYDVR0PAQH/BAQDAgSwMCAGA1UdEQQZMBeBFW1hcmN1cy5oaWxkQGRzay5ndi5hdDAJBgNVHRMEAjAAMA4GByooAAoBBwEEAwEB/zAUBgcqKAAKAQEBBAkMB0JTQi1EU0swDQYJKoZIhvcNAQEFBQADggEBAHTklnvPCH/bJSOlIPbLUEkSGuFHsektSZ8Vr22x/Yv7EzsxoQrJIiz2mQ2gQqFuExdWYxvsowjiSbiis9iUf1c0zscvDS3mIZxGs4M89XHsjHnIyb+Fuwnamw65QrFvM1tNB1ZMjxJ3x+YmHLHdtT3BEBcr3/NCRHd2S0HoBspNz9HVgJaZY1llR7poKBvnAc4g1i+QTvyVb00PtKxR9Lw/9ABInX/1pzpxqrPy7Ib2OP8z6dd3WHmIsCiSHUaj0Dxwwln6fYJjhxZ141SnbovlCLYtrsZLXoi9ljIqX4xO0PwMI2RfNc9cXxTRrRS6rEOvX7PpvgXiDXhp592Yyp4=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo> + <dsig:Object> + <dsig:Manifest Id="manifest"> + <dsig:Reference URI=""> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> + <dsig:XPath>not(ancestor-or-self::dsig:Signature)</dsig:XPath> + </dsig:Transform> + </dsig:Transforms> + <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <dsig:DigestValue>8e7RjLnA4Mgltq5ruIJzheKGxu0=</dsig:DigestValue> + </dsig:Reference> + </dsig:Manifest> + </dsig:Object> + </dsig:Signature> +</saml:Assertion>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.WSDL b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.WSDL new file mode 100644 index 00000000..4ad2645a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR-1.WSDL @@ -0,0 +1,901 @@ +<?xml version="1.0" encoding="UTF-8"?> +<definitions targetNamespace="urn:SZRServices" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:pvp="http://egov.gv.at/pvp1.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:szr="urn:SZRServices" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext" xmlns:xs="http://www.w3.org/2001/XMLSchema"> + <types> + <xs:schema elementFormDefault="qualified" targetNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#"> + <xs:complexType name="PhysicalPersonType"> + <xs:sequence> + <xs:element minOccurs="0" name="Identification" type="pd:IdentificationType" /> + <xs:element minOccurs="1" name="Name" type="pd:PersonNameType" /> + <xs:element minOccurs="0" name="AlternativeName" type="pd:AlternativeNameType" /> + <xs:element minOccurs="0" name="Sex" type="xs:string" /> + <xs:element minOccurs="0" name="DateOfBirth" type="xs:string" /> + <xs:element minOccurs="0" name="PlaceOfBirth" type="xs:string" /> + <xs:element minOccurs="0" name="CountryOfBirth" type="xs:string" /> + <xs:element minOccurs="0" name="Nationality" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="IdentificationType"> + <xs:sequence> + <xs:element minOccurs="0" name="Value" type="xs:string" /> + <xs:element minOccurs="0" name="Type" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="PersonNameType"> + <xs:sequence> + <xs:element minOccurs="0" name="PrefixedDegree" type="xs:string" /> + <xs:element name="GivenName" type="xs:string" nillable="true" /> + <xs:element name="FamilyName" type="xs:string" nillable="true" /> + <xs:element minOccurs="0" name="SuffixedDegree" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="AlternativeNameType"> + <xs:sequence> + <xs:element name="FamilyName" type="xs:string" nillable="true" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="PostalAddressType"> + <xs:sequence> + <xs:element minOccurs="0" name="PostalCode" type="xs:string" /> + <xs:element minOccurs="0" name="Municipality" type="xs:string" /> + <xs:element minOccurs="0" name="Locality" type="xs:string" /> + <xs:element minOccurs="0" name="StateCode3" type="xs:string" /> + <xs:element minOccurs="0" name="DeliveryAddress" type="pd:DeliveryAddressType" /> + <xs:element minOccurs="0" name="HistoricRecord" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="DeliveryAddressType"> + <xs:sequence> + <xs:element minOccurs="0" name="AddressLine" type="xs:string" /> + <xs:element minOccurs="0" name="StreetName" type="xs:string" /> + <xs:element minOccurs="0" name="BuildingNumber" type="xs:string" /> + <xs:element minOccurs="0" name="Unit" type="xs:string" /> + <xs:element minOccurs="0" name="DoorNumber" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:schema> + <xs:schema elementFormDefault="qualified" targetNamespace="http://www.w3.org/2001/04/xmldsig-more#"> + <xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType" nillable="true" /> + <xs:complexType name="ECDSAKeyValueType"> + <xs:sequence> + <xs:element minOccurs="0" name="DomainParameters" type="ecdsa:DomainParamsType" /> + <xs:element name="PublicKey" type="ecdsa:ECPointType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="DomainParamsType"> + <xs:sequence> + <xs:element minOccurs="0" name="NamedCurve" type="ecdsa:NamedCurveType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="NamedCurveType"> + <xs:attribute name="URN" type="xs:string" use="required" /> + </xs:complexType> + <xs:complexType name="ECPointType"> + <xs:sequence minOccurs="0"> + <xs:element name="X" type="ecdsa:PrimeFieldElemType" /> + <xs:element name="Y" type="ecdsa:PrimeFieldElemType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="PrimeFieldElemType"> + <xs:attribute name="Value" type="xs:string" use="required" /> + </xs:complexType> + </xs:schema> + <xs:schema elementFormDefault="qualified" targetNamespace="http://www.w3.org/2000/09/xmldsig#" xmlns="http://www.w3.org/2001/XMLSchema"> + <xs:import namespace="http://www.w3.org/2001/04/xmldsig-more#" /> + <xs:complexType name="KeyValueType"> + <xs:sequence> + <xs:element minOccurs="0" name="DSAKeyValue" type="dsig:DSAKeyValueType" /> + <xs:element minOccurs="0" name="RSAKeyValue" type="dsig:RSAKeyValueType" /> + <xs:element minOccurs="0" ref="ecdsa:ECDSAKeyValue" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="DSAKeyValueType"> + <xs:sequence> + <xs:element minOccurs="0" name="P" type="xs:string" /> + <xs:element minOccurs="0" name="Q" type="xs:string" /> + <xs:element minOccurs="0" name="J" type="xs:string" /> + <xs:element minOccurs="0" name="G" type="xs:string" /> + <xs:element minOccurs="0" name="Y" type="xs:string" /> + <!-- https://www.w3.org/TR/xmldsig-core/ defines PgenCounter THEN Seed, SZR.wsdl used Seed BEFORE PgenCounter. To keep it backwards compatible but allow the usual order, both ways are allowed. --> + <xs:choice maxOccurs="unbounded"> + <xs:element minOccurs="0" name="PgenCounter" type="xs:string" /> + <xs:element minOccurs="0" name="Seed" type="xs:string" /> + </xs:choice> + </xs:sequence> + </xs:complexType> + <xs:complexType name="RSAKeyValueType"> + <xs:sequence> + <xs:element minOccurs="0" name="Modulus" type="xs:string" /> + <xs:element minOccurs="0" name="Exponent" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:schema> + <xs:schema elementFormDefault="qualified" targetNamespace="urn:SZRServices"> + <xs:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" /> + <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" /> + <xs:element name="SZRException" type="szr:SZRException" /> + <xs:complexType name="SZRException" /> + <xs:complexType name="PersonInfoType"> + <xs:sequence> + <xs:element name="Person" type="pd:PhysicalPersonType" /> + <xs:element minOccurs="0" name="RegularDomicile" type="pd:PostalAddressType" /> + <xs:element minOccurs="0" name="AddressCodes" type="szr:AddressCodesType" /> + <xs:element minOccurs="0" name="TravelDocument" type="szr:TravelDocumentType" /> + <xs:element minOccurs="0" name="DateOfBirthWildcard" type="xs:boolean" /> + <xs:element minOccurs="0" name="AuskunftssperreGesetzt" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="TravelDocumentType"> + <xs:sequence> + <xs:element minOccurs="0" name="DocumentNumber" type="xs:string" /> + <xs:element minOccurs="0" name="DocumentType" type="xs:string" /> + <xs:element minOccurs="0" name="IssueDate" type="xs:string" /> + <xs:element minOccurs="0" name="IssuingAuthority" type="xs:string" /> + <xs:element minOccurs="0" name="IssuingCountry" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="AddressCodesType"> + <xs:sequence> + <xs:element minOccurs="0" name="GKZ" type="xs:string" /> + <xs:element minOccurs="0" name="OKZ" type="xs:string" /> + <xs:element minOccurs="0" name="SKZ" type="xs:string" /> + <xs:element minOccurs="0" name="ADRCD" type="xs:string" /> + <xs:element minOccurs="0" name="SUBCD" type="xs:string" /> + <xs:element minOccurs="0" name="OBJNR" type="xs:string" /> + <xs:element minOccurs="0" name="NTZLNR" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:element name="TransformBPK"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element name="InputBPK" type="xs:string" /> + <xs:element name="InputBereichsKennung" type="xs:string" /> + <xs:element name="Begruendung" type="xs:string" /> + <xs:element maxOccurs="unbounded" name="Target" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="TransformBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="TransformBPKReturn" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVKZPermission"> + <xs:complexType> + <xs:sequence> + <xs:element name="VKZ" type="xs:string" /> + <xs:element name="BereichsKennung" type="xs:string" /> + <xs:element minOccurs="0" name="ParticipantId" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVKZPermissionResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetVKZPermissionReturn" type="szr:GetVKZPermissionResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="IdentityLinkType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element name="Assertion" type="xs:anyType" /> + <xs:element minOccurs="0" name="AdditionalInfo" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="ResultRecord"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element name="Register" type="xs:string" /> + <xs:element name="bPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKKombiRequestType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="InsertERnP"> + <xs:simpleType> + <xs:restriction base="xs:string"> + <xs:enumeration value="NoInsert" /> + <xs:enumeration value="InsertOnNoMatch" /> + <xs:enumeration value="ForceInsert" /> + </xs:restriction> + </xs:simpleType> + </xs:element> + <xs:element minOccurs="0" name="Suchwizard" type="xs:boolean" /> + <xs:element name="VKZ" type="xs:string" nillable="true" /> + <xs:element minOccurs="0" name="BehoerdenKennzeichen" type="xs:string" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + <xs:element minOccurs="0" name="Sessionid" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKKombiResponseType"> + <xs:complexContent> + <xs:extension base="szr:GetBPKZPVResponseType"> + <xs:sequence> + <xs:element name="FoundWithSuchwizard" type="xs:boolean" /> + <xs:element name="Sessionid" type="xs:string" /> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + <xs:complexType name="GetBPKZPVRequestType"> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" default="false" /> + <xs:element minOccurs="1" name="VKZ" type="xs:string" /> + <xs:element minOccurs="0" name="BehoerdenKennzeichen" type="xs:string" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKZPVResponseType"> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="ResultRecord" type="szr:ResultRecord" /> + <xs:element name="InsertERnPResult" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKFromStammzahlEncryptedRequestType"> + <xs:sequence> + <xs:element minOccurs="1" name="StammzahlEncrypted" type="xs:string" /> + <xs:element minOccurs="0" name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="1" name="VKZ" type="xs:string" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetBPKFromStammzahlEncryptedResponseType"> + <xs:sequence> + <xs:element minOccurs="0" name="bPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + <xs:element name="GetIdentityLink"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element maxOccurs="unbounded" name="KeyValue" type="dsig:KeyValueType" /> + <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetIdentityLinkResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetIdentityLinkReturn" type="szr:IdentityLinkType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPK"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element minOccurs="0" name="VKZ" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + <xs:element minOccurs="0" name="ListMultiplePersons" type="xs:boolean" /> + <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element minOccurs="0" name="GetBPKReturn" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" /> + <xs:element maxOccurs="5" minOccurs="0" name="PersonInfo" type="szr:PersonInfoType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKs"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="BereichsKennung" type="xs:string" /> + <xs:element name="VKZ" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Target" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKsResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="ResultRecord" type="szr:GetBPKsResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="GetBPKsResponseType"> + <xs:sequence> + <xs:element minOccurs="0" name="BPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPK" type="szr:FremdBPKType" /> + <xs:element minOccurs="0" name="Fault"> + <xs:complexType> + <xs:attribute name="Code" type="xs:string" /> + <xs:attribute name="String" type="xs:string" /> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + <xs:element name="GetBPKKombi"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKKombiRequest" type="szr:GetBPKKombiRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKKombiResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKKombiResponse" type="szr:GetBPKKombiResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKZPV"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKZPVRequest" type="szr:GetBPKZPVRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKZPVResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKZPVResponse" type="szr:GetBPKZPVResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKFromStammzahlEncrypted"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKFromStammzahlEncryptedRequest" type="szr:GetBPKFromStammzahlEncryptedRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetBPKFromStammzahlEncryptedResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="GetBPKFromStammzahlEncryptedResponse" type="szr:GetBPKFromStammzahlEncryptedResponseType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ValidateIdentityLink"> + <xs:complexType> + <xs:sequence> + <xs:element name="IdentityLink" type="szr:IdentityLinkType" /> + <xs:element name="BereichsKennung" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ValidateIdentityLinkResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="ValidateIdentityLinkReturn" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="BPKzuBasiszahl"> + <xs:complexType> + <xs:sequence> + <xs:element name="Bereich" type="xs:string" /> + <xs:element name="BPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" name="BasisZahl" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="BPKzuBasiszahlResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="BPKzuBasiszahlReturn" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="FremdBPKRequestType"> + <xs:sequence> + <xs:element name="BereichsKennung" type="xs:string" /> + <xs:element name="VKZ" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="FremdBPKType"> + <xs:sequence> + <xs:element name="BereichsKennung" type="xs:string" /> + <xs:element name="FremdBPK" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:complexType name="GetVKZPermissionResponseType"> + <xs:sequence> + <xs:element name="isAllowed" type="xs:boolean" /> + <xs:element minOccurs="0" name="behSchluessel" type="xs:string" /> + </xs:sequence> + </xs:complexType> + <xs:element name="BasiszahlZuBPK"> + <xs:complexType> + <xs:sequence> + <xs:element minOccurs="0" name="VKZ" type="xs:string" /> + <xs:element maxOccurs="unbounded" name="BasisZahl" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="Bereich" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKTargets" type="szr:FremdBPKRequestType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="BasiszahlZuBPKReturnType"> + <xs:sequence> + <xs:element maxOccurs="unbounded" minOccurs="0" name="BPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKs" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + <xs:element name="BasiszahlZuBPKResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="BasiszahlZuBPKReturn" type="szr:BasiszahlZuBPKReturnType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ZMRAnwendungsIntegration"> + <xs:complexType> + <xs:sequence> + <xs:element name="Bereich" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKTargets" type="szr:FremdBPKRequestType" /> + <xs:element maxOccurs="unbounded" name="ZMRfremdbPK" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="ZMRAnwendungsIntegrationReturnType"> + <xs:sequence> + <xs:element name="BPK" type="xs:string" /> + <xs:element maxOccurs="unbounded" minOccurs="0" name="FremdBPKs" type="szr:FremdBPKType" /> + </xs:sequence> + </xs:complexType> + <xs:element name="ZMRAnwendungsIntegrationResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" name="ZMRAnwendungsIntegrationReturn" type="szr:ZMRAnwendungsIntegrationReturnType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahl"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Stammzahl" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlEncrypted"> + <xs:complexType> + <xs:sequence> + <xs:element name="PersonInfo" type="szr:PersonInfoType" /> + <xs:element minOccurs="0" name="InsertERnP" type="xs:boolean" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetStammzahlEncryptedResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Stammzahl" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="GetVersion" /> + <xs:element name="GetVersionResponse"> + <xs:complexType> + <xs:sequence> + <xs:element name="Version" type="xs:string" /> + <xs:element name="Revision" type="xs:string" /> + <xs:element name="Time" type="xs:string" /> + <xs:element name="IdentityLinkNotAfter" type="xs:string" /> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:schema> + <xs:schema targetNamespace="http://egov.gv.at/pvp1.xsd"> + <xs:include schemaLocation="pvp1.xsd" /> + </xs:schema> + <xs:schema elementFormDefault="qualified" targetNamespace="http://schemas.xmlsoap.org/ws/2002/04/secext"> + <xs:element name="Security"> + <xs:complexType> + <xs:sequence> + <!-- add the pvpToken here. You can also uncomment the following line if you support XSD 1.1 --> + <!-- <xs:element ref="pvp:pvpToken" /> --> + <xs:any processContents="lax" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + <xs:anyAttribute processContents="lax" /> + </xs:complexType> + </xs:element> + </xs:schema> + </types> + <message name="Header"> + <part name="SecurityHeader" element="wsse:Security" /> + </message> + <message name="GetIdentityLinkRequest"> + <part element="szr:GetIdentityLink" name="parameters" /> + </message> + <message name="GetIdentityLinkResponse"> + <part element="szr:GetIdentityLinkResponse" name="parameters" /> + </message> + <message name="GetBPKRequest"> + <part element="szr:GetBPK" name="parameters" /> + </message> + <message name="GetBPKResponse"> + <part element="szr:GetBPKResponse" name="parameters" /> + </message> + <message name="GetBPKsRequest"> + <part element="szr:GetBPKs" name="parameters" /> + </message> + <message name="GetBPKsResponse"> + <part element="szr:GetBPKsResponse" name="parameters" /> + </message> + <message name="GetBPKKombiRequest"> + <part element="szr:GetBPKKombi" name="parameters" /> + </message> + <message name="GetBPKKombiResponse"> + <part element="szr:GetBPKKombiResponse" name="parameters" /> + </message> + <message name="GetBPKZPVRequest"> + <part element="szr:GetBPKZPV" name="parameters" /> + </message> + <message name="GetBPKZPVResponse"> + <part element="szr:GetBPKZPVResponse" name="parameters" /> + </message> + <message name="GetBPKFromStammzahlEncryptedRequest"> + <part element="szr:GetBPKFromStammzahlEncrypted" name="parameters" /> + </message> + <message name="GetBPKFromStammzahlEncryptedResponse"> + <part element="szr:GetBPKFromStammzahlEncryptedResponse" name="parameters" /> + </message> + <message name="BPKzuBasiszahlRequest"> + <part element="szr:BPKzuBasiszahl" name="parameters" /> + </message> + <message name="BPKzuBasiszahlResponse"> + <part element="szr:BPKzuBasiszahlResponse" name="parameters" /> + </message> + <message name="BasiszahlZuBPKRequest"> + <part element="szr:BasiszahlZuBPK" name="parameters" /> + </message> + <message name="BasiszahlZuBPKResponse"> + <part element="szr:BasiszahlZuBPKResponse" name="parameters" /> + </message> + <message name="ValidateIdentityLinkRequest"> + <part element="szr:ValidateIdentityLink" name="parameters" /> + </message> + <message name="ValidateIdentityLinkResponse"> + <part element="szr:ValidateIdentityLinkResponse" name="parameters" /> + </message> + <message name="TransformBPKRequest"> + <part element="szr:TransformBPK" name="parameters" /> + </message> + <message name="TransformBPKResponse"> + <part element="szr:TransformBPKResponse" name="parameters" /> + </message> + <message name="GetVKZPermissionRequest"> + <part element="szr:GetVKZPermission" name="parameters" /> + </message> + <message name="GetVKZPermissionResponse"> + <part element="szr:GetVKZPermissionResponse" name="parameters" /> + </message> + <message name="ZMRAnwendungsIntegrationRequest"> + <part element="szr:ZMRAnwendungsIntegration" name="parameters" /> + </message> + <message name="ZMRAnwendungsIntegrationResponse"> + <part element="szr:ZMRAnwendungsIntegrationResponse" name="parameters" /> + </message> + <message name="GetStammzahlRequest"> + <part element="szr:GetStammzahl" name="parameters" /> + </message> + <message name="GetStammzahlResponse"> + <part element="szr:GetStammzahlResponse" name="parameters" /> + </message> + <message name="GetStammzahlEncryptedRequest"> + <part element="szr:GetStammzahlEncrypted" name="parameters" /> + </message> + <message name="GetStammzahlEncryptedResponse"> + <part element="szr:GetStammzahlEncryptedResponse" name="parameters" /> + </message> + <message name="GetVersionRequest"> + <part element="szr:GetVersion" name="parameters" /> + </message> + <message name="GetVersionResponse"> + <part element="szr:GetVersionResponse" name="parameters" /> + </message> + <message name="SZRException"> + <part element="szr:SZRException" name="fault" /> + </message> + <portType name="SZR"> + <operation name="GetIdentityLink"> + <input message="szr:GetIdentityLinkRequest" name="GetIdentityLinkRequest" /> + <output message="szr:GetIdentityLinkResponse" name="GetIdentityLinkResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPK"> + <jaxws:bindings xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"> + <jaxws:enableWrapperStyle>false</jaxws:enableWrapperStyle> + </jaxws:bindings> + <input message="szr:GetBPKRequest" name="GetBPKRequest" /> + <output message="szr:GetBPKResponse" name="GetBPKResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKs"> + <input message="szr:GetBPKsRequest" name="GetBPKsRequest" /> + <output message="szr:GetBPKsResponse" name="GetBPKsResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKKombi"> + <input message="szr:GetBPKKombiRequest" name="GetBPKKombiRequest" /> + <output message="szr:GetBPKKombiResponse" name="GetBPKKombiResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKZPV"> + <input message="szr:GetBPKZPVRequest" name="GetBPKZPVRequest" /> + <output message="szr:GetBPKZPVResponse" name="GetBPKZPVResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetBPKFromStammzahlEncrypted"> + <input message="szr:GetBPKFromStammzahlEncryptedRequest" name="GetBPKFromStammzahlEncryptedRequest" /> + <output message="szr:GetBPKFromStammzahlEncryptedResponse" name="GetBPKFromStammzahlEncryptedResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="ValidateIdentityLink"> + <input message="szr:ValidateIdentityLinkRequest" name="ValidateIdentityLinkRequest" /> + <output message="szr:ValidateIdentityLinkResponse" name="ValidateIdentityLinkResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="TransformBPK"> + <input message="szr:TransformBPKRequest" name="TransformBPKRequest" /> + <output message="szr:TransformBPKResponse" name="TransformBPKResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetVKZPermission"> + <input message="szr:GetVKZPermissionRequest" name="GetVKZPermissionRequest" /> + <output message="szr:GetVKZPermissionResponse" name="GetVKZPermissionResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="BPKzuBasiszahl"> + <input message="szr:BPKzuBasiszahlRequest" name="BPKzuBasiszahlRequest" /> + <output message="szr:BPKzuBasiszahlResponse" name="BPKzuBasiszahlResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="BasiszahlZuBPK"> + <input message="szr:BasiszahlZuBPKRequest" name="BasiszahlZuBPKRequest" /> + <output message="szr:BasiszahlZuBPKResponse" name="BasiszahlZuBPKResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="ZMRAnwendungsIntegration"> + <input message="szr:ZMRAnwendungsIntegrationRequest" name="ZMRAnwendungsIntegrationRequest" /> + <output message="szr:ZMRAnwendungsIntegrationResponse" name="ZMRAnwendungsIntegrationResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetStammzahl"> + <input message="szr:GetStammzahlRequest" name="GetStammzahlRequest" /> + <output message="szr:GetStammzahlResponse" name="GetStammzahlResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetStammzahlEncrypted"> + <input message="szr:GetStammzahlEncryptedRequest" name="GetStammzahlEncryptedRequest" /> + <output message="szr:GetStammzahlEncryptedResponse" name="GetStammzahlEncryptedResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + <operation name="GetVersion"> + <input message="szr:GetVersionRequest" name="GetVersionRequest" /> + <output message="szr:GetVersionResponse" name="GetVersionResponse" /> + <fault message="szr:SZRException" name="SZRException" /> + </operation> + </portType> + <binding name="SZRSoapBinding" type="szr:SZR"> + <wsdlsoap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" /> + <operation name="GetIdentityLink"> + <wsdlsoap:operation soapAction="" /> + <input name="GetIdentityLinkRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetIdentityLinkResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPK"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKs"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKsRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKsResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKKombi"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKKombiRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKKombiResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKZPV"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKZPVRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKZPVResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetBPKFromStammzahlEncrypted"> + <wsdlsoap:operation soapAction="" /> + <input name="GetBPKFromStammzahlEncryptedRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetBPKFromStammzahlEncryptedResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetVKZPermission"> + <wsdlsoap:operation soapAction="" /> + <input name="GetVKZPermissionRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetVKZPermissionResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="ValidateIdentityLink"> + <wsdlsoap:operation soapAction="" /> + <input name="ValidateIdentityLinkRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="ValidateIdentityLinkResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="TransformBPK"> + <wsdlsoap:operation soapAction="" /> + <input name="TransformBPKRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="TransformBPKResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="BPKzuBasiszahl"> + <wsdlsoap:operation soapAction="" /> + <input name="BPKzuBasiszahlRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="BPKzuBasiszahlResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="BasiszahlZuBPK"> + <wsdlsoap:operation soapAction="" /> + <input name="BasiszahlZuBPKRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="BasiszahlZuBPKResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="ZMRAnwendungsIntegration"> + <wsdlsoap:operation soapAction="" /> + <input name="ZMRAnwendungsIntegrationRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="ZMRAnwendungsIntegrationResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetStammzahl"> + <wsdlsoap:operation soapAction="" /> + <input name="GetStammzahlRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetStammzahlResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetStammzahlEncrypted"> + <wsdlsoap:operation soapAction="" /> + <input name="GetStammzahlEncryptedRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetStammzahlEncryptedResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + <operation name="GetVersion"> + <wsdlsoap:operation soapAction="" /> + <input name="GetVersionRequest"> + <wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" /> + <wsdlsoap:body use="literal" /> + </input> + <output name="GetVersionResponse"> + <wsdlsoap:body use="literal" /> + </output> + <fault name="SZRException"> + <wsdlsoap:fault name="SZRException" use="literal" /> + </fault> + </operation> + </binding> + <service name="SZRService"> + <port binding="szr:SZRSoapBinding" name="SZRBusinesspartnerTestumgebung"> + <wsdlsoap:address location="https://pvawp.bmi.gv.at/at.gv.bmi.szrsrv-b/services/SZR" /> + </port> + <port binding="szr:SZRSoapBinding" name="SZRTestumgebung"> + <wsdlsoap:address location="https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services-T/services/SZR" /> + </port> + <port binding="szr:SZRSoapBinding" name="SZRProduktionsumgebung"> + <wsdlsoap:address location="https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services/services/SZR" /> + </port> + </service> +</definitions>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp1.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp1.xsd new file mode 100644 index 00000000..09c0b1e3 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp1.xsd @@ -0,0 +1,133 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v2004 rel. 2 U (http://www.xmlspy.com) by BM (Bundeskanzleramt) --> +<!-- PVP Schema 1.8.10 --> +<!-- pvpToken wird über das Element <Security> aus der Spezifikation WS-Security in den SOAP-Header eingebunden --> +<!--erstellt: rainer.hoerbe@bmi.gv.at 2004-04-30 --> +<!--geändert: rainer.hoerbe@beko.at 2007-04-04: Extensions Points definiert --> +<xs:schema targetNamespace="http://egov.gv.at/pvp1.xsd" xmlns="http://egov.gv.at/pvp1.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified"> + <xs:element name="pvpToken"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="pvpTokenType" /> + </xs:complexContent> + </xs:complexType> + </xs:element> + <xs:complexType name="pvpTokenType"> + <xs:sequence> + <xs:element name="authenticate"> + <xs:complexType> + <xs:sequence> + <xs:element name="participantId" type="xs:string" /> + <xs:element name="gvOuDomain" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:choice> + <xs:element name="userPrincipal"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="pvpPrincipalType"> + <xs:sequence> + <xs:element name="gvGid" type="xs:string" /> + <xs:element name="mail" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:element name="tel" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:element name="bpk" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:element name="gvFunction" type="xs:string" minOccurs="0" maxOccurs="1" /> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + <xs:element name="systemPrincipal" type="pvpPrincipalType" /> + </xs:choice> + <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"> + <xs:annotation> + <xs:documentation>additional authentication properties</xs:documentation> + </xs:annotation> + </xs:any> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="authorize" minOccurs="0" maxOccurs="1"> + <xs:complexType> + <xs:sequence> + <xs:sequence minOccurs="0"> + <xs:element name="gvOuId" type="xs:string" /> + <xs:element name="ou" type="xs:string" /> + </xs:sequence> + <xs:element name="role" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + <xs:attribute name="value" type="xs:string" use="required" /> + </xs:complexType> + </xs:element> + <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"> + <xs:annotation> + <xs:documentation>additional authorization properties</xs:documentation> + </xs:annotation> + </xs:any> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="accounting" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:any processContents="skip" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="pvpChainedToken" type="pvpTokenType" minOccurs="0" /> + <xs:element name="pvpExtension" block="extension" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + <xs:attribute name="version" type="gvVersionType" use="required" /> + <xs:anyAttribute namespace="##any" processContents="lax" /> + </xs:complexType> + <xs:complexType name="pvpPrincipalType"> + <xs:sequence> + <xs:element name="userId" type="xs:string" /> + <xs:element name="cn" type="xs:string" /> + <xs:element name="gvOuId" type="xs:string" /> + <xs:element name="ou" type="xs:string" /> + <xs:element name="gvOuOKZ" type="xs:string" minOccurs="0" /> <!-- steht auch in der pvp doku, fehlt aber im normalen pvp1.xsd --> + <xs:element name="gvSecClass" type="gvSecClassType" minOccurs="0" /> + <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"> + <xs:annotation> + <xs:documentation>additional principal attributes</xs:documentation> + </xs:annotation> + </xs:any> + </xs:sequence> + <xs:anyAttribute namespace="##any" processContents="lax" /> + </xs:complexType> + <xs:simpleType name="gvSecClassType"> + <xs:restriction base="xs:integer"> + <xs:enumeration value="0" /> + <xs:enumeration value="1" /> + <xs:enumeration value="2" /> + <xs:enumeration value="3" /> + </xs:restriction> + </xs:simpleType> + <xs:simpleType name="gvVersionType"> + <xs:restriction base="xs:string"> + <xs:enumeration value="1.0" /> + <xs:enumeration value="1.1" /> + <xs:enumeration value="1.2" /> + <xs:enumeration value="1.8" /> + <xs:enumeration value="1.9" /> + </xs:restriction> + </xs:simpleType> + <xs:simpleType name="logLevelType"> + <xs:restriction base="xs:integer"> + <xs:enumeration value="0" /> + <xs:enumeration value="1" /> + <xs:enumeration value="2" /> + <xs:enumeration value="3" /> + <xs:enumeration value="4" /> + <xs:enumeration value="5" /> + </xs:restriction> + </xs:simpleType> +</xs:schema> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/templates/eidas_node_forward.html b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/templates/eidas_node_forward.html new file mode 100644 index 00000000..85e1d18f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/templates/eidas_node_forward.html @@ -0,0 +1,30 @@ +<!DOCTYPE html> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> +<head> + <script src="$contextPath/autocommit.js"></script> +</head> +<body> + <noscript> + <p> + <strong>Note:</strong> Since your browser does not support + JavaScript, you must press the Continue button once to proceed. + </p> + </noscript> + + <div id="alert">Your login is being processed. Thank you for + waiting.</div> + + <form action="${endPoint}" method="post" target="_parent"> + <div> + <input type="hidden" name="${tokenName}" value="${tokenValue}" /> + </div> + <noscript> + <div> + <p>Your browser does not support JavaScript. Click the button to continuing the process .</p> + <input type="submit" value="Continue" /> + </div> + </noscript> + </form> + +</body> +</html>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/gv/egiz/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/gv/egiz/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTest.java new file mode 100644 index 00000000..33050b12 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/gv/egiz/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTest.java @@ -0,0 +1,172 @@ +package at.gv.egiz.test.eidas.specific.modules.authmodule_eIDASv2; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.NoSuchProviderException; +import java.security.PublicKey; +import java.security.interfaces.RSAPublicKey; +import java.util.ArrayList; +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.Base64Utils; +import org.w3._2000._09.xmldsig.KeyValueType; +import org.w3._2000._09.xmldsig.RSAKeyValueType; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; +import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; +import szrservices.IdentityLinkType; +import szrservices.PersonInfoType; +import szrservices.SZRException_Exception; +import szrservices.TravelDocumentType; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_basic_test.xml") +public class SZRClientTest { + private static final Logger log = LoggerFactory.getLogger(SZRClientTest.class); + + @Autowired SZRClient szrClient; + @Autowired IConfiguration basicConfig; + + private static final String givenName = "Franz"; + private static final String familyName = "Mustermann"; + private static final String dateOfBirth = "1987-05-05"; + private static final String eIDASeID = "IS/AT/123456789ABCDE"; + + private static final String DUMMY_TARGET = EAAFConstants.URN_PREFIX_CDID + "ZP"; + + @Test + public void dummyTest() { + + } + + + //@Test + public void getIdentityLink() throws SZRException_Exception, EAAFParserException, NoSuchProviderException, IOException, InvalidKeyException, SZRCommunicationException { + log.debug("Starting connecting SZR Gateway"); + IdentityLinkType result = szrClient.getIdentityLink( + getPersonInfo(), + dummyCodeForKeys(), + basicConfig.getBasicMOAIDConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_INSERTERNB, + true) + ); + + Element idlFromSZR = (Element)result.getAssertion(); + IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink(); + if (identityLink == null) + throw new SZRCommunicationException("ernb.00", new Object[] {"bPK is null or empty"}); + + } + + //@Test + public void getbPKTest() throws SZRException_Exception, SZRCommunicationException { + String bPK = szrClient.getBPK(getPersonInfo(), DUMMY_TARGET, + basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, + "no VKZ defined")); + + if (StringUtils.isEmpty(bPK)) + throw new SZRCommunicationException("ernb.01", new Object[] {"bPK is null or empty"}); + + + } + + private PersonInfoType getPersonInfo() { + PersonInfoType personInfo = new PersonInfoType(); + PersonNameType personName = new PersonNameType(); + PhysicalPersonType naturalPerson = new PhysicalPersonType(); + TravelDocumentType eDocument = new TravelDocumentType(); + + naturalPerson.setName(personName ); + personInfo.setPerson(naturalPerson ); + personInfo.setTravelDocument(eDocument ); + + //parse some eID attributes + Trible<String, String, String> eIdentifier = + eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIDASeID); + String uniqueId = (String)eIDASeID; + String citizenCountry = eIdentifier.getFirst(); + + //person information + personName.setFamilyName((String)familyName); + personName.setGivenName((String)givenName); + naturalPerson.setDateOfBirth(dateOfBirth); + eDocument.setIssuingCountry(citizenCountry); + eDocument.setDocumentNumber(uniqueId); + + //eID document information + eDocument.setDocumentType(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, + Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); + + //TODO: that should be removed + eDocument.setIssueDate(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE, + Constants.SZR_CONSTANTS_DEFAULT_ISSUING_DATE)); + eDocument.setIssuingAuthority(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY, + Constants.SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY)); + + return personInfo; + } + + + private List<KeyValueType> dummyCodeForKeys() throws IOException, NoSuchProviderException, InvalidKeyException { + if (basicConfig.getBasicMOAIDConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY, + false)) { + List<KeyValueType> keyvalueList = new ArrayList<KeyValueType>(); + try { + //Security.addProvider(new BouncyCastleProvider()); + //PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Constants.SZR_CONSTANTS_DEFAULT_PUBL_KEY); + //KeyFactory kf = KeyFactory.getInstance("RSA", "BC"); + + //PublicKey pb = kf.generatePublic(spec); + PublicKey pb = new iaik.security.rsa.RSAPublicKey(Constants.SZR_CONSTANTS_DEFAULT_PUBL_KEY); + + RSAPublicKey rsapb = (RSAPublicKey)pb; + BigInteger modulus = rsapb.getModulus(); + BigInteger exponent = rsapb.getPublicExponent(); + + // set key values + RSAKeyValueType rsa = new RSAKeyValueType(); + rsa.setExponent(new String(Base64Utils.encode(exponent.toByteArray()))); + rsa.setModulus(new String(Base64Utils.encode(modulus.toByteArray()))); + + KeyValueType key = new KeyValueType(); + key.setRSAKeyValue(rsa); + + keyvalueList.add(key); + + return keyvalueList; + } catch (Exception e) { + log.error("TestCode has an internal ERROR", e); + throw e; + } + + } + + return null; + + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml new file mode 100644 index 00000000..b381a0e9 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <context:annotation-config /> + + <bean id="SZRClientForeIDAS" + class="at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient" /> + + <bean id="BasicMSSpecificNodeConfig" + class="at.gv.egiz.eidas.specific.connector.config.BasicConfigurationProvider"> + <constructor-arg value="#{systemProperties['eidas.ms.configuration'] != null ? systemProperties['eidas.ms.configuration'] : 'file:/F:/Projekte/configs/ms_connector/default_config.properties' }"/> + </bean> + +</beans>
\ No newline at end of file diff --git a/eidas_modules/pom.xml b/eidas_modules/pom.xml index 2111af3a..1502ae6b 100644 --- a/eidas_modules/pom.xml +++ b/eidas_modules/pom.xml @@ -2,11 +2,10 @@ <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> - <groupId>at.gv.egiz.eidas</groupId> - <artifactId>ms_specific</artifactId> + <groupId>at.gv.egiz.eidas</groupId> + <artifactId>ms_specific</artifactId> <version>1.x</version> </parent> - <groupId>at.gv.egiz.eidas.ms_specific</groupId> <artifactId>modules</artifactId> <packaging>pom</packaging> @@ -14,7 +13,7 @@ <name>Modules for MS specific eIDAS Node</name> <modules> - <!-- <module>authmodule-eIDAS-v2</module> --> + <module>authmodule-eIDAS-v2</module> </modules> diff --git a/external_error_code_descr.txt b/external_error_code_descr.txt new file mode 100644 index 00000000..8334d59e --- /dev/null +++ b/external_error_code_descr.txt @@ -0,0 +1,28 @@ +1000 ... Anmeldungen sind für diesen SP nicht erlaubt +1005 .. Die Authentifizierung wurde durch den Benutzer abgebrochen +1099 ... generic error during authentication process + +1100 ... Transaction Id not found or invalid + +1300 ... Fehler beim Erstellen des eIDAS Authn. Requests +1301 ... eIDAS Response enthält einen Fehler +1302 ... Fehler beim Validieren der eIDAS Response + +4600 ... Die Response vom SZR enthält einern Fehler +4601 ... Die Response vom SZR ist ungültig + +6100 ... Fehler beim Erstellen der PVP 2.1 Response +6101 ... Fehler beim Verschlüsseln der PVP 2.1 Assertion +6102 ... Authentifizierung entspricht nicht dem geforderten QAA Level +6103 ... Für die im Reqeust angegebene EntityID konnten keine gültigen Metadaten gefunden werden +6104 ... Die Signatur des Requests konnte nicht gültig validiert werden. Entweder ist die Signatur ungültig oder das Signaturzertifikat stimmt nicht mit dem in den Metadaten hinterlegten Zertifikat überein. +6105 ... Der Request konnte nicht gültig validiert werden. +6199 ... Allgemeiner Fehler beim Verarbeiten der PVP 2.1 Anfrage + +9100 ... Fehler beim Einlesen einer externen Ressource. +9101 ... Fehler bei Zugriff auf den Datastore +9102 ... Fehler beim Erzeugen einer internen Datenstruktur +9103 ... Fehler bei der Verarbeitung eines Templates +9104 ... Fehler bei der Auswahl oder Initialisierung des gewünschten Anmeldeprozesses +9105 ... Fehler bei der Fortführung des Anmeldeprozesses +9199 ... generic internal error @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> - <groupId>at.gv.egiz.eidas</groupId> + <groupId>at.gv.egiz.eidas</groupId> <artifactId>ms_specific</artifactId> <version>1.x</version> <packaging>pom</packaging> @@ -15,14 +15,19 @@ <!-- ===================================================================== --> <egiz-spring-api>0.1</egiz-spring-api> - <eaaf-core.version>1.0.0-snapshot</eaaf-core.version> + <egiz-eventlog-slf4jBackend>0.4</egiz-eventlog-slf4jBackend> + <eaaf-core.version>1.0.1</eaaf-core.version> <!-- <org.springframework.version>5.0.6.RELEASE</org.springframework.version> --> <org.springframework.version>4.3.17.RELEASE</org.springframework.version> + <cxf.version>3.2.5</cxf.version> <org.apache.commons-lang3.version>3.7</org.apache.commons-lang3.version> - <org.apache.commons-text.version>1.3</org.apache.commons-text.version> - <surefire.version>2.20.1</surefire.version> + <org.apache.commons-text.version>1.3</org.apache.commons-text.version> + <commons-collections4.version>4.1</commons-collections4.version> + <com.google.guava.version>25.1-jre</com.google.guava.version> + <joda-time.version>2.10</joda-time.version> + <surefire.version>2.22.0</surefire.version> <org.slf4j.version>1.7.25</org.slf4j.version> </properties> @@ -50,9 +55,10 @@ </profiles> <modules> + <module>connector_lib</module> <module>connector</module> - <module>eidas_modules</module> - </modules> + <module>eidas_modules</module> + </modules> <dependencyManagement> <dependencies> @@ -63,6 +69,11 @@ <version>${egiz-spring-api}</version> </dependency> <dependency> + <groupId>at.gv.egiz.components</groupId> + <artifactId>eventlog-slf4j</artifactId> + <version>${egiz-eventlog-slf4jBackend}</version> + </dependency> + <dependency> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf-core</artifactId> <version>${eaaf-core.version}</version> @@ -72,6 +83,21 @@ <artifactId>eaaf_module_pvp2_idp</artifactId> <version>${eaaf-core.version}</version> </dependency> + <dependency> + <groupId>at.gv.egiz.eidas.ms_specific.modules</groupId> + <artifactId>authmodule-eIDAS-v2</artifactId> + <version>${egiz.eidas.version}</version> + </dependency> + <dependency> + <groupId>at.gv.egiz.eidas.ms_specific</groupId> + <artifactId>modules</artifactId> + <version>${egiz.eidas.version}</version> + </dependency> + <dependency> + <groupId>at.gv.egiz.eidas.ms_specific</groupId> + <artifactId>connector_lib</artifactId> + <version>${egiz.eidas.version}</version> + </dependency> <!-- Third party libs --> @@ -99,6 +125,26 @@ <groupId>org.apache.commons</groupId> <artifactId>commons-text</artifactId> <version>${org.apache.commons-text.version}</version> + </dependency> + <dependency> + <groupId>com.google.guava</groupId> + <artifactId>guava</artifactId> + <version>${com.google.guava.version}</version> + </dependency> + <dependency> + <groupId>joda-time</groupId> + <artifactId>joda-time</artifactId> + <version>${joda-time.version}</version> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-frontend-jaxws</artifactId> + <version>${cxf.version}</version> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-transports-http</artifactId> + <version>${cxf.version}</version> </dependency> <dependency> <groupId>javax.servlet</groupId> @@ -106,6 +152,11 @@ <version>3.0.1</version> <scope>provided</scope> </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-collections4</artifactId> + <version>${commons-collections4.version}</version> + </dependency> <!-- Testing --> @@ -115,6 +166,12 @@ <version>4.12</version> <scope>test</scope> </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <version>${org.springframework.version}</version> + <scope>test</scope> + </dependency> </dependencies> </dependencyManagement> @@ -131,14 +188,19 @@ <target>1.8</target> </configuration> </plugin> + <plugin> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-codegen-plugin</artifactId> + <version>${cxf.version}</version> + </plugin> + <!-- enable co-existence of testng and junit --> <plugin> <artifactId>maven-surefire-plugin</artifactId> <version>${surefire.version}</version> <configuration> - <threadCount>1</threadCount> - <argLine>--add-modules java.xml.bind</argLine> + <threadCount>1</threadCount> </configuration> <dependencies> <dependency> |