From 0f0dcfc7a01c4b3a8b15b12b5257f08797fd0926 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 3 Jun 2022 16:04:40 +0200 Subject: refactor(connector): move MS-Connector from new directory 'connector' to 'ms_specific_connector' --- .../MsSpecificEidasNodeSpringResourceProvider.java | 54 +++ ...ficSpringBootApplicationContextInitializer.java | 82 +++++ .../SpringBootApplicationInitializer.java | 105 ++++++ .../attributes/AuthBlockAttributeBuilder.java | 68 ++++ .../attributes/EidasBindAttributeBuilder.java | 64 ++++ .../connector/builder/PvpSubjectNameGenerator.java | 40 +++ .../connector/config/MsConnectorMessageSource.java | 21 ++ .../connector/config/PvpEndPointConfiguration.java | 158 +++++++++ .../connector/config/PvpMetadataConfiguration.java | 269 +++++++++++++++ .../controller/ProcessEngineSignalController.java | 59 ++++ .../connector/controller/Pvp2SProfileEndpoint.java | 80 +++++ .../health/Saml2MetadataHealthIndicator.java | 44 +++ .../processes/CountrySelectionProcessImpl.java | 68 ++++ .../tasks/EvaluateCountrySelectionTask.java | 83 +++++ .../tasks/GenerateCountrySelectionFrameTask.java | 84 +++++ .../provider/PvpEndPointCredentialProvider.java | 97 ++++++ .../provider/PvpMetadataConfigurationFactory.java | 51 +++ .../connector/provider/PvpMetadataProvider.java | 183 ++++++++++ .../verification/AuthnRequestValidator.java | 382 +++++++++++++++++++++ ...iz.components.spring.api.SpringResourceProvider | 1 + .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 2 + ....egiz.eaaf.core.api.idp.auth.modules.AuthModule | 1 + .../src/main/resources/application.properties | 288 ++++++++++++++++ .../src/main/resources/applicationContext.xml | 45 +++ .../src/main/resources/logback.xml | 30 ++ .../processes/CountrySelection.process.xml | 29 ++ .../properties/external_statuscodes_map.properties | 76 ++++ .../main/resources/properties/messages.properties | 131 +++++++ .../resources/properties/messages_de.properties | 132 +++++++ .../properties/status_messages_en.properties | 75 ++++ .../resources/specific_eIDAS_connector.beans.xml | 75 ++++ .../main/resources/templates/countrySelection.html | 269 +++++++++++++++ .../resources/templates/eidas_node_forward.html | 36 ++ .../main/resources/templates/error_message.html | 37 ++ .../resources/templates/language_selection.html | 15 + .../resources/templates/other_login_method.html | 90 +++++ .../resources/templates/pvp2_post_binding.html | 36 ++ .../src/main/resources/templates/residency.html | 251 ++++++++++++++ .../src/main/resources/tomcat.properties | 15 + .../src/main/webapp/WEB-INF/web.xml | 22 ++ .../src/main/webapp/autocommit.js | 5 + .../src/main/webapp/css/css_country.css | 62 ++++ .../src/main/webapp/css/css_error.css | 26 ++ .../src/main/webapp/img/ajax-loader.gif | Bin 0 -> 673 bytes .../src/main/webapp/img/countries/Belgium-EU_.png | Bin 0 -> 1886 bytes .../main/webapp/img/countries/Belgium-EU_gray.png | Bin 0 -> 1903 bytes .../src/main/webapp/img/countries/Bulgaria-EU_.png | Bin 0 -> 2152 bytes .../main/webapp/img/countries/Bulgaria-EU_gray.png | Bin 0 -> 1649 bytes .../src/main/webapp/img/countries/Croatia-EU_.png | Bin 0 -> 5354 bytes .../main/webapp/img/countries/Croatia-EU_gray.png | Bin 0 -> 5177 bytes .../src/main/webapp/img/countries/Cyprus-EU_.png | Bin 0 -> 4848 bytes .../main/webapp/img/countries/Cyprus-EU_gray.png | Bin 0 -> 4826 bytes .../webapp/img/countries/CzechRepublic-EU_.png | Bin 0 -> 3191 bytes .../webapp/img/countries/CzechRepublic-EU_gray.png | Bin 0 -> 2335 bytes .../src/main/webapp/img/countries/Denmark-EU_.png | Bin 0 -> 2326 bytes .../main/webapp/img/countries/Denmark-EU_gray.png | Bin 0 -> 1794 bytes .../src/main/webapp/img/countries/Estonia-EU_.png | Bin 0 -> 1664 bytes .../main/webapp/img/countries/Estonia-EU_gray.png | Bin 0 -> 1630 bytes .../src/main/webapp/img/countries/Finland-EU_.png | Bin 0 -> 2061 bytes .../main/webapp/img/countries/Finland-EU_gray.png | Bin 0 -> 2065 bytes .../src/main/webapp/img/countries/France-EU_.png | Bin 0 -> 2124 bytes .../main/webapp/img/countries/France-EU_gray.png | Bin 0 -> 2119 bytes .../main/webapp/img/countries/Germany-EU_gray.png | Bin 0 -> 2420 bytes .../src/main/webapp/img/countries/Greece-EU_.png | Bin 0 -> 2443 bytes .../main/webapp/img/countries/Greece-EU_gray.png | Bin 0 -> 2433 bytes .../src/main/webapp/img/countries/Hungary-EU_.png | Bin 0 -> 1817 bytes .../main/webapp/img/countries/Hungary-EU_gray.png | Bin 0 -> 1803 bytes .../src/main/webapp/img/countries/Iceland.png | Bin 0 -> 1922 bytes .../src/main/webapp/img/countries/Iceland_gray.png | Bin 0 -> 1921 bytes .../src/main/webapp/img/countries/Ireland-EU_.png | Bin 0 -> 2072 bytes .../main/webapp/img/countries/Ireland-EU_gray.png | Bin 0 -> 1558 bytes .../src/main/webapp/img/countries/Italy-EU_.png | Bin 0 -> 1708 bytes .../main/webapp/img/countries/Italy-EU_gray.png | Bin 0 -> 1697 bytes .../src/main/webapp/img/countries/Latvia-EU_.png | Bin 0 -> 1558 bytes .../main/webapp/img/countries/Latvia-EU_gray.png | Bin 0 -> 1560 bytes .../src/main/webapp/img/countries/Lichtenstein.png | Bin 0 -> 13536 bytes .../webapp/img/countries/Lichtenstein_gray.png | Bin 0 -> 13536 bytes .../main/webapp/img/countries/Lithuania-EU_.png | Bin 0 -> 1860 bytes .../webapp/img/countries/Lithuania-EU_gray.png | Bin 0 -> 1846 bytes .../main/webapp/img/countries/Luxembourg-EU_.png | Bin 0 -> 1720 bytes .../webapp/img/countries/Luxembourg-EU_gray.png | Bin 0 -> 1678 bytes .../src/main/webapp/img/countries/Malta-EU_.png | Bin 0 -> 2554 bytes .../main/webapp/img/countries/Malta-EU_gray.png | Bin 0 -> 2523 bytes .../src/main/webapp/img/countries/Poland-EU_.png | Bin 0 -> 1617 bytes .../main/webapp/img/countries/Poland-EU_gray.png | Bin 0 -> 1604 bytes .../src/main/webapp/img/countries/Portugal-EU_.png | Bin 0 -> 4661 bytes .../main/webapp/img/countries/Portugal-EU_gray.png | Bin 0 -> 4702 bytes .../src/main/webapp/img/countries/Romania-EU_.png | Bin 0 -> 1662 bytes .../main/webapp/img/countries/Romania-EU_gray.png | Bin 0 -> 1615 bytes .../src/main/webapp/img/countries/Slovakia-EU_.png | Bin 0 -> 4376 bytes .../main/webapp/img/countries/Slovakia-EU_gray.png | Bin 0 -> 4408 bytes .../src/main/webapp/img/countries/Slovenia-EU_.png | Bin 0 -> 3021 bytes .../main/webapp/img/countries/Slovenia-EU_gray.png | Bin 0 -> 3034 bytes .../src/main/webapp/img/countries/Spain-EU_.png | Bin 0 -> 4226 bytes .../main/webapp/img/countries/Spain-EU_gray.png | Bin 0 -> 4205 bytes .../src/main/webapp/img/countries/Sweden-EU_.png | Bin 0 -> 2031 bytes .../main/webapp/img/countries/Sweden-EU_gray.png | Bin 0 -> 2035 bytes .../main/webapp/img/countries/TestLoginLogo.png | Bin 0 -> 1777 bytes .../webapp/img/countries/TheNetherlands-EU_.png | Bin 0 -> 1900 bytes .../img/countries/TheNetherlands-EU_gray.png | Bin 0 -> 1899 bytes .../webapp/img/countries/UnitedKingdom-EU_.png | Bin 0 -> 4158 bytes .../webapp/img/countries/UnitedKingdom-EU_gray.png | Bin 0 -> 4175 bytes .../webapp/img/countries/countries_eu_gray.png | Bin 0 -> 2420 bytes .../src/main/webapp/img/countries/demo.png | Bin 0 -> 2191 bytes .../src/main/webapp/img/countries/germany-eu_.png | Bin 0 -> 2441 bytes .../src/main/webapp/img/globus_eu.png | Bin 0 -> 301722 bytes ms_specific_connector/src/main/webapp/index.html | 24 ++ .../src/main/webapp/js/jquery-3.6.0.min.js | 2 + .../src/main/webapp/js/js_country.js | 42 +++ 109 files changed, 3809 insertions(+) create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificSpringBootApplicationContextInitializer.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/SpringBootApplicationInitializer.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/builder/PvpSubjectNameGenerator.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/config/MsConnectorMessageSource.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/health/Saml2MetadataHealthIndicator.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataConfigurationFactory.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java create mode 100644 ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java create mode 100644 ms_specific_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider create mode 100644 ms_specific_connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder create mode 100644 ms_specific_connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule create mode 100644 ms_specific_connector/src/main/resources/application.properties create mode 100644 ms_specific_connector/src/main/resources/applicationContext.xml create mode 100644 ms_specific_connector/src/main/resources/logback.xml create mode 100644 ms_specific_connector/src/main/resources/processes/CountrySelection.process.xml create mode 100644 ms_specific_connector/src/main/resources/properties/external_statuscodes_map.properties create mode 100644 ms_specific_connector/src/main/resources/properties/messages.properties create mode 100644 ms_specific_connector/src/main/resources/properties/messages_de.properties create mode 100644 ms_specific_connector/src/main/resources/properties/status_messages_en.properties create mode 100644 ms_specific_connector/src/main/resources/specific_eIDAS_connector.beans.xml create mode 100644 ms_specific_connector/src/main/resources/templates/countrySelection.html create mode 100644 ms_specific_connector/src/main/resources/templates/eidas_node_forward.html create mode 100644 ms_specific_connector/src/main/resources/templates/error_message.html create mode 100644 ms_specific_connector/src/main/resources/templates/language_selection.html create mode 100644 ms_specific_connector/src/main/resources/templates/other_login_method.html create mode 100644 ms_specific_connector/src/main/resources/templates/pvp2_post_binding.html create mode 100644 ms_specific_connector/src/main/resources/templates/residency.html create mode 100644 ms_specific_connector/src/main/resources/tomcat.properties create mode 100644 ms_specific_connector/src/main/webapp/WEB-INF/web.xml create mode 100644 ms_specific_connector/src/main/webapp/autocommit.js create mode 100644 ms_specific_connector/src/main/webapp/css/css_country.css create mode 100644 ms_specific_connector/src/main/webapp/css/css_error.css create mode 100644 ms_specific_connector/src/main/webapp/img/ajax-loader.gif create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Belgium-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Belgium-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Bulgaria-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Bulgaria-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Croatia-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Croatia-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Cyprus-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Cyprus-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/CzechRepublic-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/CzechRepublic-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Denmark-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Denmark-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Estonia-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Estonia-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Finland-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Finland-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/France-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/France-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Germany-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Greece-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Greece-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Hungary-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Hungary-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Iceland.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Iceland_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Ireland-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Ireland-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Italy-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Italy-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Latvia-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Latvia-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Lichtenstein.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Lichtenstein_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Lithuania-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Lithuania-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Luxembourg-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Luxembourg-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Malta-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Malta-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Poland-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Poland-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Portugal-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Portugal-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Romania-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Romania-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Slovakia-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Slovakia-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Slovenia-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Slovenia-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Spain-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Spain-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Sweden-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/Sweden-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/TestLoginLogo.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/TheNetherlands-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/TheNetherlands-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/UnitedKingdom-EU_.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/UnitedKingdom-EU_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/countries_eu_gray.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/demo.png create mode 100644 ms_specific_connector/src/main/webapp/img/countries/germany-eu_.png create mode 100644 ms_specific_connector/src/main/webapp/img/globus_eu.png create mode 100644 ms_specific_connector/src/main/webapp/index.html create mode 100644 ms_specific_connector/src/main/webapp/js/jquery-3.6.0.min.js create mode 100644 ms_specific_connector/src/main/webapp/js/js_country.js (limited to 'ms_specific_connector/src/main') diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java new file mode 100644 index 00000000..45e5c7d4 --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java @@ -0,0 +1,54 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.connector; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +public class MsSpecificEidasNodeSpringResourceProvider implements SpringResourceProvider { + + @Override + public Resource[] getResourcesToLoad() { + final ClassPathResource generic = + new ClassPathResource("/applicationContext.xml", MsSpecificEidasNodeSpringResourceProvider.class); + final ClassPathResource msEidasNode = new ClassPathResource( + "/specific_eIDAS_connector.beans.xml", MsSpecificEidasNodeSpringResourceProvider.class); + + return new Resource[] { generic, msEidasNode}; + + } + + @Override + public String[] getPackagesToScan() { + return null; + } + + @Override + public String getName() { + return "MS-specific eIDAS-Connector SpringResourceProvider"; + } + +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificSpringBootApplicationContextInitializer.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificSpringBootApplicationContextInitializer.java new file mode 100644 index 00000000..399d1286 --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificSpringBootApplicationContextInitializer.java @@ -0,0 +1,82 @@ +package at.asitplus.eidas.specific.connector; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.Properties; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.context.ConfigurableApplicationContext; +import org.springframework.core.env.MutablePropertySources; +import org.springframework.core.env.PropertiesPropertySource; + +import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class MsSpecificSpringBootApplicationContextInitializer extends + SpringBootApplicationContextInitializer { + + private static final String SYSTEMD_PROP_NAME = "eidas.ms.configuration"; + private static final String PATH_FILE_PREFIX = "file:"; + + @Override + public void initialize(ConfigurableApplicationContext applicationContext) { + String configPath = System.getProperty(SYSTEMD_PROP_NAME); + if (StringUtils.isNotEmpty(configPath)) { + log.debug("Find configuration-source from SystemD Property: '{}' ...", SYSTEMD_PROP_NAME); + if (configPath.startsWith(PATH_FILE_PREFIX)) { + configPath = configPath.substring(PATH_FILE_PREFIX.length()); + + } + injectConfiguration(configPath, applicationContext); + + } else { + log.info("Find NO SystemD Property: '{}' Maybe no configuration available", SYSTEMD_PROP_NAME); + + } + + super.initialize(applicationContext); + + } + + private void injectConfiguration(String configPath, ConfigurableApplicationContext applicationContext) { + InputStream is = null; + try { + Path path = Paths.get(configPath); + if (Files.exists(path)) { + File file = new File(configPath); + Properties props = new Properties(); + is = new FileInputStream(file); + props.load(is); + MutablePropertySources sources = applicationContext.getEnvironment().getPropertySources(); + sources.addFirst(new PropertiesPropertySource(SYSTEMD_PROP_NAME, props)); + log.info("Set configuration-source from SystemD-Property: {}", SYSTEMD_PROP_NAME); + + } else { + log.error("Configuration from SystemD Property: '{}' at Location: {} DOES NOT exist", + SYSTEMD_PROP_NAME, configPath); + + } + + } catch (IOException e) { + log.error("Configuration from SystemD Property: '{}' at Location: {} CAN NOT be loaded", + SYSTEMD_PROP_NAME, configPath, e); + + } finally { + try { + if (is != null) { + is.close(); + + } + } catch (IOException e) { + log.error("Can not close InputStream of configLoader: {}", configPath, e); + + } + } + } +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/SpringBootApplicationInitializer.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/SpringBootApplicationInitializer.java new file mode 100644 index 00000000..6616db23 --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/SpringBootApplicationInitializer.java @@ -0,0 +1,105 @@ +package at.asitplus.eidas.specific.connector; + +import org.opensaml.core.config.InitializationException; +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.builder.SpringApplicationBuilder; +import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; +import org.springframework.context.ConfigurableApplicationContext; +import org.springframework.web.context.WebApplicationContext; + +import at.gv.egiz.eaaf.core.api.IStatusMessenger; +import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; +import at.gv.egiz.eaaf.core.impl.logging.SimpleStatusMessager; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import lombok.extern.slf4j.Slf4j; +import net.shibboleth.utilities.java.support.component.ComponentInitializationException; + +@Slf4j +@SpringBootApplication(scanBasePackages = { + "at.asitplus.eidas.specific.connector", + "at.gv.egiz.eaaf.utils.springboot.ajp" + }) +public class SpringBootApplicationInitializer extends SpringBootServletInitializer { + + private static ConfigurableApplicationContext ctx; + + /** + * Starts MS-specific eIDAS-Implementation SpringBoot application. + * + * @param args Starting parameters + * @throws Throwable In case of a start-up error + */ + public static void main(final String[] args) throws Throwable { + try { + log.info("=============== Initializing Spring-Boot context! ==============="); + LogMessageProviderFactory.setStatusMessager(new SimpleStatusMessager()); + final SpringApplication springApp = + new SpringApplication(SpringBootApplicationInitializer.class); + springApp.addInitializers(new MsSpecificSpringBootApplicationContextInitializer()); + + log.info("Bootstrap openSAML .... "); + EaafOpenSaml3xInitializer.eaafInitialize(); + + log.debug("Run SpringBoot initialization process ... "); + ctx = springApp.run(args); + + // initialize status messenger + LogMessageProviderFactory.setStatusMessager(ctx.getBean(IStatusMessenger.class)); + + log.info("Initialization of MS-specific eIDAS-Connector finished."); + + } catch (final Throwable e) { + log.error("MS-specific eIDAS-Connector initialization FAILED!", e); + throw e; + + } + + } + + + protected SpringApplicationBuilder createSpringApplicationBuilder() { + try { + log.info("Bootstrap openSAML .... "); + EaafOpenSaml3xInitializer.eaafInitialize(); + + } catch (InitializationException | ComponentInitializationException e) { + throw new RuntimeException(e); + + } + + SpringApplicationBuilder builder = new SpringApplicationBuilder(); + builder.initializers(new MsSpecificSpringBootApplicationContextInitializer()); + return builder; + + } + + protected WebApplicationContext run(SpringApplication application) { + WebApplicationContext internalContext = (WebApplicationContext) application.run(); + + // initialize status messenger + LogMessageProviderFactory.setStatusMessager(internalContext.getBean(IStatusMessenger.class)); + + log.info("Initialization of MS-specific eIDAS-Connector finished."); + + return internalContext; + } + + /** + * Stops SpringBoot application of MS-specific eIDAS-Implementation. + * + */ + public static void exit() { + if (ctx != null) { + log.info("Stopping SpringBoot application ... "); + SpringApplication.exit(ctx, () -> 0); + ctx = null; + + } else { + log.info("No SpringBoot context. Nothing todo"); + + } + + } + +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java new file mode 100644 index 00000000..17eb0704 --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java @@ -0,0 +1,68 @@ +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.connector.attributes; + +import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME; +import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME; + +import java.nio.charset.StandardCharsets; +import java.util.Base64; + +import org.apache.commons.lang3.StringUtils; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; + + +@PvpMetadata +public class AuthBlockAttributeBuilder implements IPvpAttributeBuilder { + + @Override + public String getName() { + return EID_AUTHBLOCK_SIGNED_NAME; + } + + @Override + public ATT build(final ISpConfiguration oaParam, final IAuthData authData, + final IAttributeGenerator g) throws AttributeBuilderException { + + String authBlock = authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); + if (StringUtils.isNotEmpty(authBlock)) { + return g.buildStringAttribute(EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, EID_AUTHBLOCK_SIGNED_NAME, + Base64.getEncoder().encodeToString(authBlock.getBytes(StandardCharsets.UTF_8))); + + } else { + throw new UnavailableAttributeException(EID_AUTHBLOCK_SIGNED_NAME); + } + + } + + @Override + public ATT buildEmpty(final IAttributeGenerator g) { + return g.buildEmptyAttribute(EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, EID_AUTHBLOCK_SIGNED_NAME); + } + +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java new file mode 100644 index 00000000..18eb74f8 --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java @@ -0,0 +1,64 @@ +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.connector.attributes; + +import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME; +import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME; + +import org.apache.commons.lang3.StringUtils; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; + +@PvpMetadata +public class EidasBindAttributeBuilder implements IPvpAttributeBuilder { + + + @Override + public String getName() { + return EID_EIDBIND_NAME; + } + + @Override + public ATT build(final ISpConfiguration oaParam, final IAuthData authData, + final IAttributeGenerator g) throws AttributeBuilderException { + + String eidasBind = authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class); + if (StringUtils.isNotEmpty(eidasBind)) { + return g.buildStringAttribute(EID_EIDBIND_FRIENDLY_NAME, EID_EIDBIND_NAME, eidasBind); + + } else { + throw new UnavailableAttributeException(EID_EIDBIND_NAME); + } + + } + + @Override + public ATT buildEmpty(final IAttributeGenerator g) { + return g.buildEmptyAttribute(EID_EIDBIND_FRIENDLY_NAME, EID_EIDBIND_NAME); + } + +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/builder/PvpSubjectNameGenerator.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/builder/PvpSubjectNameGenerator.java new file mode 100644 index 00000000..d4e97433 --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/builder/PvpSubjectNameGenerator.java @@ -0,0 +1,40 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.builder; + +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; +import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator; + +public class PvpSubjectNameGenerator implements ISubjectNameIdGenerator { + + @Override + public Pair generateSubjectNameId(IAuthData authData, ISpConfiguration spConfig) + throws Pvp2Exception { + return Pair.newInstance(authData.getBpk(), authData.getBpkType()); + } + +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/config/MsConnectorMessageSource.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/config/MsConnectorMessageSource.java new file mode 100644 index 00000000..59df6375 --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/config/MsConnectorMessageSource.java @@ -0,0 +1,21 @@ +package at.asitplus.eidas.specific.connector.config; + +import java.util.Arrays; +import java.util.List; + +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + +/** + * Inject eIDAS Connector specific messages into Spring based message-source. + * + * @author tlenz + * + */ +public class MsConnectorMessageSource implements IMessageSourceLocation { + + @Override + public List getMessageSourceLocation() { + return Arrays.asList("classpath:/properties/messages"); + } + +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java new file mode 100644 index 00000000..81c37bd0 --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java @@ -0,0 +1,158 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.config; + +import java.util.Arrays; +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.saml2.metadata.ContactPerson; +import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration; +import org.opensaml.saml.saml2.metadata.EmailAddress; +import org.opensaml.saml.saml2.metadata.GivenName; +import org.opensaml.saml.saml2.metadata.Organization; +import org.opensaml.saml.saml2.metadata.OrganizationDisplayName; +import org.opensaml.saml.saml2.metadata.OrganizationName; +import org.opensaml.saml.saml2.metadata.OrganizationURL; +import org.opensaml.saml.saml2.metadata.SurName; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + +@Service("PVPEndPointConfiguration") +public class PvpEndPointConfiguration implements IPvp2BasicConfiguration { + private static final Logger log = LoggerFactory.getLogger(PvpEndPointConfiguration.class); + + private static final String DEFAULT_XML_LANG = "en"; + + @Autowired(required = true) + IConfiguration basicConfiguration; + + @Override + public String getIdpEntityId(String authUrl) throws EaafException { + return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_METADATA; + + } + + @Override + public String getIdpSsoPostService(String authUrl) throws EaafException { + return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_POST; + + } + + @Override + public String getIdpSsoRedirectService(String authUrl) throws EaafException { + return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_REDIRECT; + + } + + @Override + public String getIdpSsoSoapService(String extractAuthUrlFromRequest) throws EaafException { + log.warn("PVP S-Profile End-Point does NOT support SOAP Binding"); + return null; + + } + + @Override + public List getIdpContacts() throws EaafException { + final ContactPerson contactPerson = Saml2Utils.createSamlObject(ContactPerson.class); + final GivenName givenName = Saml2Utils.createSamlObject(GivenName.class); + final SurName surname = Saml2Utils.createSamlObject(SurName.class); + final EmailAddress emailAddress = Saml2Utils.createSamlObject(EmailAddress.class); + + givenName.setValue(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_GIVENNAME)); + surname.setValue(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_SURNAME)); + emailAddress.setURI(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_EMAIL)); + + contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL); + contactPerson.setGivenName(givenName); + contactPerson.setSurName(surname); + contactPerson.getEmailAddresses().add(emailAddress); + + return Arrays.asList(contactPerson); + + } + + @Override + public Organization getIdpOrganisation() throws EaafException { + final Organization organisation = Saml2Utils.createSamlObject(Organization.class); + final OrganizationName orgName = Saml2Utils.createSamlObject(OrganizationName.class); + final OrganizationDisplayName orgDisplayName = Saml2Utils.createSamlObject(OrganizationDisplayName.class); + final OrganizationURL orgUrl = Saml2Utils.createSamlObject(OrganizationURL.class); + + orgName.setXMLLang(DEFAULT_XML_LANG); + orgName.setValue(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_NAME)); + + orgDisplayName.setXMLLang(DEFAULT_XML_LANG); + orgDisplayName.setValue(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME)); + + orgUrl.setXMLLang(DEFAULT_XML_LANG); + orgUrl.setURI(getAndVerifyFromConfiguration( + MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_URL)); + + + organisation.getOrganizationNames().add(orgName); + organisation.getDisplayNames().add(orgDisplayName); + organisation.getURLs().add(orgUrl); + + return organisation; + } + + @Override + public IConfiguration getBasicConfiguration() { + return basicConfiguration; + } + + private String removePostFix(String url) { + if (url != null && url.endsWith("/")) { + return url.substring(0, url.length() - 1); + } else { + return url; + } + } + + private String getAndVerifyFromConfiguration(String configKey) throws EaafConfigurationException { + final String value = basicConfiguration.getBasicConfiguration(configKey); + if (StringUtils.isEmpty(value)) { + throw new EaafConfigurationException("config.08", + new Object[] {configKey}); + + } + + return value; + } +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java new file mode 100644 index 00000000..e83fd4cf --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java @@ -0,0 +1,269 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.config; + +import java.util.Arrays; +import java.util.List; + +import org.opensaml.saml.saml2.core.Attribute; +import org.opensaml.saml.saml2.core.NameIDType; +import org.opensaml.saml.saml2.metadata.ContactPerson; +import org.opensaml.saml.saml2.metadata.Organization; +import org.opensaml.saml.saml2.metadata.RequestedAttribute; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; + +public class PvpMetadataConfiguration implements IPvpMetadataBuilderConfiguration { + private static final Logger log = LoggerFactory.getLogger(PvpMetadataConfiguration.class); + + private final IConfiguration basicConfig; + private final String authUrl; + private final IPvp2CredentialProvider pvpIdpCredentials; + private final IPvp2BasicConfiguration pvpBasicConfig; + + /** + * Configuration object to create PVP2 S-Profile metadata. + * + * @param basicConfig Application configuration + * @param authUrl Public-URL Prefix of the application + * @param pvpBasicConfig PVP2 configuration object + * @param pvpIdpCredentials2 PVP2 credentials + */ + public PvpMetadataConfiguration(IConfiguration basicConfig, String authUrl, + IPvp2BasicConfiguration pvpBasicConfig, IPvp2CredentialProvider pvpIdpCredentials2) { + this.authUrl = authUrl; + this.pvpIdpCredentials = pvpIdpCredentials2; + this.basicConfig = basicConfig; + this.pvpBasicConfig = pvpBasicConfig; + + } + + @Override + public String getSpNameForLogging() { + return "PVP2 S-Profile IDP"; + } + + @Override + public int getMetadataValidUntil() { + return Integer.parseInt(basicConfig.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_PVP2_METADATA_VALIDITY, + String.valueOf(MsEidasNodeConstants.DEFAULT_PVP_METADATA_VALIDITY))); + + } + + @Override + public boolean buildEntitiesDescriptorAsRootElement() { + return false; + + } + + @Override + public boolean buildIdpSsoDescriptor() { + return true; + + } + + @Override + public boolean buildSpSsoDescriptor() { + return false; + + } + + @Override + public String getEntityID() { + try { + return pvpBasicConfig.getIdpEntityId(authUrl); + + } catch (final EaafException e) { + log.error("Can NOT build PVP metadata configuration.", e); + throw new RuntimeException("Can NOT build PVP metadata configuration."); + + } + + } + + @Override + public String getEntityFriendlyName() { + return null; + + } + + @Override + public List getContactPersonInformation() { + try { + return pvpBasicConfig.getIdpContacts(); + + } catch (final EaafException e) { + log.error("Can NOT build PVP metadata configuration.", e); + throw new RuntimeException("Can NOT build PVP metadata configuration."); + + } + + } + + @Override + public Organization getOrgansiationInformation() { + try { + return pvpBasicConfig.getIdpOrganisation(); + + } catch (final EaafException e) { + log.error("Can NOT build PVP metadata configuration.", e); + throw new RuntimeException("Can NOT build PVP metadata configuration."); + + } + } + + @Override + public EaafX509Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { + return pvpIdpCredentials.getMetaDataSigningCredential(); + + } + + @Override + public EaafX509Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { + return pvpIdpCredentials.getMessageSigningCredential(); + + } + + @Override + public EaafX509Credential getEncryptionCredentials() throws CredentialsNotAvailableException { + return null; + + } + + @Override + public String getIdpWebSsoPostBindingUrl() { + try { + return pvpBasicConfig.getIdpSsoPostService(authUrl); + + } catch (final EaafException e) { + log.error("Can NOT build PVP metadata configuration.", e); + throw new RuntimeException("Can NOT build PVP metadata configuration."); + + } + + } + + @Override + public String getIdpWebSsoRedirectBindingUrl() { + try { + return pvpBasicConfig.getIdpSsoRedirectService(authUrl); + + } catch (final EaafException e) { + log.error("Can NOT build PVP metadata configuration.", e); + throw new RuntimeException("Can NOT build PVP metadata configuration."); + + } + } + + @Override + public String getIdpSloPostBindingUrl() { + return null; + + } + + @Override + public String getIdpSloRedirectBindingUrl() { + return null; + + } + + @Override + public String getSpAssertionConsumerServicePostBindingUrl() { + return null; + + } + + @Override + public String getSpAssertionConsumerServiceRedirectBindingUrl() { + return null; + + } + + @Override + public String getSpSloPostBindingUrl() { + return null; + + } + + @Override + public String getSpSloRedirectBindingUrl() { + return null; + + } + + @Override + public String getSpSloSoapBindingUrl() { + return null; + + } + + @Override + public List getIdpPossibleAttributes() { + return PvpAttributeBuilder.buildSupportedEmptyAttributes(); + + } + + @Override + public List getIdpPossibleNameIdTypes() { + return Arrays.asList(NameIDType.PERSISTENT, + NameIDType.TRANSIENT, + NameIDType.UNSPECIFIED); + } + + @Override + public List getSpRequiredAttributes() { + return null; + + } + + @Override + public List getSpAllowedNameIdTypes() { + return null; + + } + + @Override + public boolean wantAssertionSigned() { + return false; + + } + + @Override + public boolean wantAuthnRequestSigned() { + return true; + + } + +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java new file mode 100644 index 00000000..f360185b --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java @@ -0,0 +1,59 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.connector.controller; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; + +/** + * Default process-engine signaling controller. + * + * @author tlenz + * + */ +@Controller +public class ProcessEngineSignalController extends AbstractProcessEngineSignalController { + + @RequestMapping(value = { + MsEidasNodeConstants.ENDPOINT_COUNTRYSELECTION, + MsEidasNodeConstants.ENDPOINT_OTHER_LOGIN_METHOD_SELECTION, + MsEidasNodeConstants.ENDPOINT_RESIDENCY_INPUT + }, + method = { RequestMethod.POST, RequestMethod.GET }) + public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) + throws IOException, EaafException { + signalProcessManagement(req, resp); + + } +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java new file mode 100644 index 00000000..923864cc --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java @@ -0,0 +1,80 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.controller; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.AbstractPvp2XProtocol; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PvpSProfilePendingRequest; + +@Controller +public class Pvp2SProfileEndpoint extends AbstractPvp2XProtocol { + + public static final String NAME = Pvp2SProfileEndpoint.class.getName(); + public static final String PROTOCOL_ID = "pvp2-s"; + + @RequestMapping(value = MsEidasNodeConstants.ENDPOINT_PVP_METADATA, method = { RequestMethod.POST, + RequestMethod.GET }) + public void pvpMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EaafException { + super.pvpMetadataRequest(req, resp); + + } + + @RequestMapping(value = MsEidasNodeConstants.ENDPOINT_PVP_POST, method = { RequestMethod.POST }) + public void pvpIdpPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EaafException { + super.pvpIdpPostRequest(req, resp); + + } + + @RequestMapping(value = MsEidasNodeConstants.ENDPOINT_PVP_REDIRECT, method = { RequestMethod.GET }) + public void pvpIdpRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EaafException { + super.pvpIdpRedirecttRequest(req, resp); + + } + + @Override + public String getAuthProtocolIdentifier() { + return PROTOCOL_ID; + } + + @Override + public String getName() { + return NAME; + } + + @Override + protected boolean childPreProcess(HttpServletRequest arg0, HttpServletResponse arg1, + PvpSProfilePendingRequest arg2) + throws Throwable { + return false; + } + +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/health/Saml2MetadataHealthIndicator.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/health/Saml2MetadataHealthIndicator.java new file mode 100644 index 00000000..592231b0 --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/health/Saml2MetadataHealthIndicator.java @@ -0,0 +1,44 @@ +package at.asitplus.eidas.specific.connector.health; + +import javax.xml.transform.TransformerFactoryConfigurationError; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.actuate.health.Health; +import org.springframework.boot.actuate.health.HealthIndicator; + +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataConfigurationFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import lombok.Setter; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class Saml2MetadataHealthIndicator implements HealthIndicator { + + @Autowired + private PvpMetadataBuilder metadatabuilder; + @Autowired + private IPvpMetadataConfigurationFactory configFactory; + + @Setter + private AbstractCredentialProvider pvpIdpCredentials; + + @Override + public Health health() { + try { + // build metadata + final IPvpMetadataBuilderConfiguration metadataConfig = + configFactory.generateMetadataBuilderConfiguration( + "http://localhost/monitoring", + pvpIdpCredentials); + metadatabuilder.buildPvpMetadata(metadataConfig); + return Health.up().build(); + + } catch (Exception | TransformerFactoryConfigurationError e) { + return Health.down().down(e).build(); + + } + } + +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java new file mode 100644 index 00000000..2ec86f53 --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java @@ -0,0 +1,68 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.processes; + +import org.apache.commons.lang3.StringUtils; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; + +/** + * Auth-Process selector for User's country selection. + * + * @author tlenz + * + */ +public class CountrySelectionProcessImpl implements AuthModule { + + @Override + public int getPriority() { + return 0; + + } + + @Override + public String selectProcess(ExecutionContext context, IRequest pendingReq) { + final Object selectedCountryObj = context.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY); + if (selectedCountryObj != null && selectedCountryObj instanceof String) { + final String selectedCountry = (String) selectedCountryObj; + if (StringUtils.isNotEmpty(selectedCountry)) { + return null; + } + + } + + return "CountrySelectionProcess"; + + } + + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:processes/CountrySelection.process.xml" }; + + } + +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java new file mode 100644 index 00000000..b2c5c51d --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java @@ -0,0 +1,83 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.processes.tasks; + +import java.util.Enumeration; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Component; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask; + +/** + * Evaluate the User's country selection. + * + * @author tlenz + * + */ +@Component("EvaluateCountrySelectionTask") +public class EvaluateCountrySelectionTask extends AbstractLocaleAuthServletTask { + private static final Logger log = LoggerFactory.getLogger(EvaluateCountrySelectionTask.class); + + @Override + public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) + throws TaskExecutionException { + try { + + // set parameter execution context + final Enumeration reqParamNames = request.getParameterNames(); + while (reqParamNames.hasMoreElements()) { + final String paramName = reqParamNames.nextElement(); + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)) { + for (final String el : MsEidasNodeConstants.COUNTRY_SELECTION_PARAM_WHITELIST) { + if (el.equalsIgnoreCase(paramName)) { + executionContext.put(paramName, + StringEscapeUtils.escapeHtml(request.getParameter(paramName))); + } + } + } + } + + log.info("Country selection finished. Starting auth. process for country ... "); + + } catch (final Exception e) { + log.warn("EvaluateBKUSelectionTask has an internal error", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } + +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java new file mode 100644 index 00000000..57a4c19a --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java @@ -0,0 +1,84 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.processes.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.asitplus.eidas.specific.core.MsConnectorEventCodes; +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask; + +/** + * Create country-selection page. + * + * @author tlenz + * + */ +@Component("GenerateCountrySelectionFrameTask") +public class GenerateCountrySelectionFrameTask extends AbstractLocaleAuthServletTask { + + @Autowired + ISpringMvcGuiFormBuilder guiBuilder; + @Autowired + IConfiguration basicConfig; + + + @Override + public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) throws TaskExecutionException { + try { + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.STARTING_COUNTRY_SELECTION); + + final IGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( + basicConfig, + pendingReq, + basicConfig.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_CCSELECTION, + MsEidasNodeConstants.TEMPLATE_HTML_COUNTRYSELECTION), + MsEidasNodeConstants.ENDPOINT_COUNTRYSELECTION, + resourceLoader); + + guiBuilder.build(request, response, config, "BKU-Selection form"); + + } catch (final Exception e) { + throw new TaskExecutionException(pendingReq, + "Can not build GUI. Msg:" + e.getMessage(), + new EaafException("gui.00", new Object[] { e.getMessage() }, e)); + + } + + } + +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java new file mode 100644 index 00000000..98e88eff --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java @@ -0,0 +1,97 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.provider; + +import org.springframework.beans.factory.annotation.Autowired; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; + +public class PvpEndPointCredentialProvider extends AbstractCredentialProvider { + + @Autowired(required = true) + IConfiguration basicConfiguration; + + @Override + public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException { + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setFriendlyName("PVP2 S-Profile EndPoint"); + keyStoreConfig.setKeyStoreType( + basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.CONFIG_PROPS_KEYSTORE_TYPE, + KeyStoreType.PKCS12.getKeyStoreType())); + keyStoreConfig.setKeyStoreName( + basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.CONFIG_PROPS_KEYSTORE_NAME)); + keyStoreConfig.setSoftKeyStoreFilePath(basicConfiguration.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_PVP2_KEYSTORE_PATH)); + keyStoreConfig.setSoftKeyStorePassword( + basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_PVP2_KEYSTORE_PASSWORD)); + + keyStoreConfig.validate(); + + return keyStoreConfig; + } + + + @Override + public String getMetadataKeyAlias() { + return basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_PVP2_KEY_METADATA_ALIAS); + } + + @Override + public String getMetadataKeyPassword() { + return basicConfiguration.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_PVP2_KEY_METADATA_PASSWORD); + + } + + @Override + public String getSignatureKeyAlias() { + return basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_PVP2_KEY_SIGNING_ALIAS); + + } + + @Override + public String getSignatureKeyPassword() { + return basicConfiguration.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_PVP2_KEY_SIGNING_PASSWORD); + + } + + @Override + public String getEncryptionKeyAlias() { + return null; + + } + + @Override + public String getEncryptionKeyPassword() { + return null; + + } + +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataConfigurationFactory.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataConfigurationFactory.java new file mode 100644 index 00000000..e8bc4eb8 --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataConfigurationFactory.java @@ -0,0 +1,51 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.provider; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.asitplus.eidas.specific.connector.config.PvpMetadataConfiguration; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataConfigurationFactory; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; + +@Service("PVPMetadataConfigurationFactory") +public class PvpMetadataConfigurationFactory implements IPvpMetadataConfigurationFactory { + + @Autowired + private IConfiguration basicConfig; + @Autowired + private IPvp2BasicConfiguration pvpBasicConfig; + + @Override + public IPvpMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authUrl, + IPvp2CredentialProvider pvpIdpCredentials) { + return new PvpMetadataConfiguration(basicConfig, authUrl, pvpBasicConfig, pvpIdpCredentials); + + } + +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java new file mode 100644 index 00000000..6161c271 --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java @@ -0,0 +1,183 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.provider; + +import java.io.IOException; +import java.security.KeyStore; +import java.security.Provider; +import java.security.cert.CertificateException; +import java.text.MessageFormat; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.metadata.resolver.MetadataResolver; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; + +@Service("PVPMetadataProvider") +public class PvpMetadataProvider extends AbstractChainingMetadataProvider { + private static final Logger log = LoggerFactory.getLogger(PvpMetadataProvider.class); + + private static final String PROVIDER_ID_PATTERN = "eIDAS resolver: {0}"; + + @Autowired(required = true) + IConfigurationWithSP basicConfig; + @Autowired + private PvpMetadataResolverFactory metadataProviderFactory; + @Autowired + private IHttpClientFactory httpClientFactory; + + @Autowired + private EaafKeyStoreFactory keyStoreFactory; + + + @Override + protected String getMetadataUrl(String entityId) throws EaafConfigurationException { + final ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId); + if (spConfig != null) { + String metadataUrl = entityId; + + final String metadataUrlFromConfig = spConfig.getConfigurationValue( + MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL); + if (StringUtils.isNotEmpty(metadataUrlFromConfig)) { + log.debug("Use metdataURL from configuration for EntityId: " + entityId); + metadataUrl = metadataUrlFromConfig; + + } + + return metadataUrl; + + } else { + log.info("No ServiceProvider with entityId: " + entityId + " in configuration."); + } + + return null; + } + + @Override + protected MetadataResolver createNewMetadataProvider(String entityId) + throws EaafConfigurationException, IOException, CertificateException { + final ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId); + if (spConfig != null) { + try { + String metadataUrl = spConfig.getConfigurationValue( + MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL); + if (StringUtils.isEmpty(metadataUrl)) { + log.debug("Use EntityId: " + entityId + " instead of explicite metadataURL ... "); + metadataUrl = entityId; + + } + + KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setFriendlyName(MessageFormat.format(PROVIDER_ID_PATTERN, entityId)); + keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); + keyStoreConfig.setSoftKeyStoreFilePath( + spConfig.getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE)); + keyStoreConfig.setSoftKeyStorePassword(spConfig.getConfigurationValue( + MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE_PASSWORD)); + + keyStoreConfig.validate(); + + Pair keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); + + final List filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + filterList.add(new SimpleMetadataSignatureVerificationFilter( + keyStore.getFirst(), entityId)); + filterList.add(new PvpEntityCategoryFilter( + basicConfig.getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES, + true))); + + final MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); + + try { + return metadataProviderFactory.createMetadataProvider(getMetadataUrl(entityId), + filter, + MessageFormat.format(PROVIDER_ID_PATTERN, entityId), + httpClientFactory.getHttpClient()); + + } catch (final Pvp2MetadataException e) { + log.info("Can NOT build metadata provider for entityId: {}", entityId); + throw new EaafConfigurationException("module.eidasauth.04", + new Object[] { entityId, e.getMessage() }, e); + + } + + } catch (final EaafException e) { + log.info("Can NOT initialize Metadata signature-verification filter. Reason: " + e.getMessage()); + throw new EaafConfigurationException("config.27", + new Object[] { "Can NOT initialize Metadata signature-verification filter. Reason: " + e + .getMessage() }, e); + + } + + } else { + log.info("No ServiceProvider with entityId: " + entityId + " in configuration."); + } + + return null; + } + + @Override + protected List getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException { + return Collections.emptyList(); + } + + @Override + protected String getMetadataProviderId() { + return "Service-provider chainging metadata provider"; + + } + + @Override + public void doDestroy() { + this.fullyDestroy(); + + } + +} diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java new file mode 100644 index 00000000..23702264 --- /dev/null +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java @@ -0,0 +1,382 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.verification; + +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.core.xml.XMLObject; +import org.opensaml.saml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml.saml2.core.AuthnRequest; +import org.opensaml.saml.saml2.core.NameIDPolicy; +import org.opensaml.saml.saml2.core.NameIDType; +import org.opensaml.saml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml.saml2.core.Scoping; +import org.opensaml.saml.saml2.metadata.SPSSODescriptor; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; +import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor; +import at.gv.egiz.eaaf.modules.pvp2.exception.NameIdFormatNotSupportedException; +import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance; + +public class AuthnRequestValidator implements IAuthnRequestPostProcessor { + + private static final Logger log = LoggerFactory.getLogger(AuthnRequestValidator.class); + + @Autowired(required = true) + private IConfiguration basicConfig; + + @Override + public void process(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, + SPSSODescriptor spSsoDescriptor) throws AuthnRequestValidatorException { + try { + // validate NameIDPolicy + final NameIDPolicy nameIdPolicy = authnReq.getNameIDPolicy(); + if (nameIdPolicy != null) { + final String nameIdFormat = nameIdPolicy.getFormat(); + if (nameIdFormat != null) { + if (!(NameIDType.TRANSIENT.equals(nameIdFormat) + || NameIDType.PERSISTENT.equals(nameIdFormat))) { + + throw new NameIdFormatNotSupportedException(nameIdFormat); + + } + + } else { + log.trace("Find NameIDPolicy, but NameIDFormat is 'null'"); + } + } else { + log.trace("AuthnRequest includes no 'NameIDPolicy'"); + } + + // post-process RequesterId + final String spEntityId = extractScopeRequsterId(authnReq); + if (StringUtils.isEmpty(spEntityId)) { + log.info("NO service-provider entityID in Authn. request. Stop authn. process ... "); + throw new AuthnRequestValidatorException("pvp2.22", + new Object[] { "NO relaying-party entityID in Authn. request" }, pendingReq); + + } else { + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, spEntityId); + } + + // post-process ProviderName + final String providerName = authnReq.getProviderName(); + if (StringUtils.isEmpty(providerName)) { + log.info("Authn. request contains NO SP friendlyName"); + } else { + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_PROVIDERNAME, providerName); + } + + // post-process requested LoA + postprocessLoaLevel(pendingReq, authnReq); + + // post-process requested LoA comparison-level + pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode( + extractComparisonLevel(authnReq)); + + // extract information from requested attributes + extractFromRequestedAttriutes(pendingReq, authnReq); + + } catch (final EaafStorageException e) { + log.info("Can NOT store Authn. Req. data into pendingRequest.", e); + throw new AuthnRequestValidatorException("internal.02", null, e); + + } + + } + + private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq) + throws AuthnRequestValidatorException, EaafStorageException { + // validate and process requested attributes + boolean sectorDetected = false; + + final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration( + ServiceProviderConfiguration.class); + + if (authnReq.getExtensions() != null) { + final List requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects(); + for (final XMLObject reqAttrObj : requestedAttributes) { + if (reqAttrObj instanceof EaafRequestedAttributes) { + final EaafRequestedAttributes reqAttr = (EaafRequestedAttributes) reqAttrObj; + if (reqAttr.getAttributes() != null && reqAttr.getAttributes().size() != 0) { + for (final EaafRequestedAttribute el : reqAttr.getAttributes()) { + log.trace("Processing req. attribute '" + el.getName() + "' ... "); + if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) { + sectorDetected = extractBpkTargetIdentifier(el, spConfig); + + } else if (el.getName().equals(ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME)) { + extractUniqueTransactionId(el, pendingReq); + + } else if (el.getName().equals(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME)) { + extractBindingPublicKey(el, pendingReq); + + } else { + log.debug("Ignore req. attribute: " + el.getName()); + + } + } + + } else { + log.debug("No requested Attributes in Authn. Request"); + + } + + } else { + log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString()); + + } + } + } + + if (!sectorDetected) { + log.warn("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information."); + throw new AuthnRequestValidatorException("pvp2.22", new Object[] { + "NO or NO VALID target-sector information" }); + + } + + } + + private void extractBindingPublicKey(EaafRequestedAttribute el, IRequest pendingReq) + throws EaafStorageException { + if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { + final String bindingPubKey = el.getAttributeValues().get(0).getDOM().getTextContent(); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey); + log.info("Find Binding Public-Key. eIDAS authentication will be used to create an ID Austria Binding"); + + } else { + log.warn( + "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", + el.getName()); + + } + } + + /** + * Extract unique transactionId from AuthnRequest. + * + * @param el Requested attribute from AuthnRequest + * @param pendingReq Current pendingRequest object (has to be of type + * {@link RequestImpl}) + * @return true if transactionId extraction was successful, + * otherwise false + */ + private boolean extractUniqueTransactionId(EaafRequestedAttribute el, IRequest pendingReq) { + if (!(pendingReq instanceof RequestImpl)) { + log.warn( + "Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}", + RequestImpl.class.getName()); + + } else { + if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { + final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent(); + ((RequestImpl) pendingReq).setUniqueTransactionIdentifier(transactionId); + log.info("Find transactionId: {} from requesting service. Replace old id: {} ", + transactionId, TransactionIdUtils.getTransactionId()); + TransactionIdUtils.setTransactionId(transactionId); + + return true; + + } else { + log.warn( + "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", + el.getName()); + + } + + } + + return false; + } + + /** + * Extract the bPK target from requested attribute. + * + * @param el Requested attribute from AuthnRequest + * @param spConfig Service-Provider configuration for current process + * @return true if bPK target extraction was successful, otherwise + * false + */ + private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el, + ServiceProviderConfiguration spConfig) { + if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { + final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent(); + try { + spConfig.setBpkTargetIdentifier(sectorId); + return true; + + } catch (final EaafException e) { + log.warn("Requested sector: " + sectorId + " DOES NOT match to allowed sectors for SP: " + + spConfig.getUniqueIdentifier()); + } + + } else { + log.warn("Req. attribute '" + el.getName() + + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute"); + } + + return false; + + } + + private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq) + throws AuthnRequestValidatorException { + final List reqLoA = extractLoA(authnReq); + log.trace("SP requests LoA with: {}", String.join(", ", reqLoA)); + + LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration( + MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL, + EaafConstants.EIDAS_LOA_HIGH)); + if (minimumLoAFromConfig == null) { + log.warn("Can not load minimum LoA from configuration. Use LoA: {} as default", + EaafConstants.EIDAS_LOA_HIGH); + minimumLoAFromConfig = LevelOfAssurance.HIGH; + + } + + log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...", + minimumLoAFromConfig); + final List allowedLoA = new ArrayList<>(); + for (final String loa : reqLoA) { + try { + final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa); + String selectedLoA = EaafConstants.EIDAS_LOA_HIGH; + if (intLoa != null + && intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) { + log.info("Client: {} requested LoA: {} will be upgraded to: {}", + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), + loa, + minimumLoAFromConfig); + selectedLoA = minimumLoAFromConfig.getValue(); + + } + + if (!allowedLoA.contains(selectedLoA)) { + log.debug("Allow LoA: {} for Client: {}", + selectedLoA, + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); + allowedLoA.add(selectedLoA); + + } + + } catch (final IllegalArgumentException e) { + log.warn("LoA: {} is currently NOT supported and it will be ignored.", loa); + + } + + } + + pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA( + allowedLoA); + + } + + private String extractComparisonLevel(AuthnRequest authnReq) { + if (authnReq.getRequestedAuthnContext() != null) { + final RequestedAuthnContext authContext = authnReq.getRequestedAuthnContext(); + return authContext.getComparison().toString(); + + } + + return null; + } + + private List extractLoA(AuthnRequest authnReq) throws AuthnRequestValidatorException { + final List result = new ArrayList<>(); + if (authnReq.getRequestedAuthnContext() != null) { + final RequestedAuthnContext authContext = authnReq.getRequestedAuthnContext(); + if (authContext.getComparison().equals(AuthnContextComparisonTypeEnumeration.MINIMUM)) { + if (authContext.getAuthnContextClassRefs().isEmpty()) { + log.debug("Authn. Req. contains no requested LoA"); + + } else if (authContext.getAuthnContextClassRefs().size() > 1) { + log.info("Authn. Req. contains MORE THAN ONE requested LoA, but " + + AuthnContextComparisonTypeEnumeration.MINIMUM + " allows only one"); + throw new AuthnRequestValidatorException("pvp2.22", + new Object[] { "Authn. Req. contains MORE THAN ONE requested LoA, but " + + AuthnContextComparisonTypeEnumeration.MINIMUM + " allows only one" }); + + } else { + result.add(authContext.getAuthnContextClassRefs().get(0).getAuthnContextClassRef()); + } + + } else if (authContext.getComparison().equals(AuthnContextComparisonTypeEnumeration.EXACT)) { + for (final AuthnContextClassRef el : authContext.getAuthnContextClassRefs()) { + result.add(el.getAuthnContextClassRef()); + } + + } else { + log.info("Currently only '" + AuthnContextComparisonTypeEnumeration.MINIMUM + "' and '" + + AuthnContextComparisonTypeEnumeration.EXACT + "' are supported"); + throw new AuthnRequestValidatorException("pvp2.22", + new Object[] { "Currently only '" + AuthnContextComparisonTypeEnumeration.MINIMUM + "' and '" + + AuthnContextComparisonTypeEnumeration.EXACT + "' are supported" }); + + } + + } + + return result; + } + + private String extractScopeRequsterId(AuthnRequest authnReq) { + if (authnReq.getScoping() != null) { + final Scoping scoping = authnReq.getScoping(); + if (scoping.getRequesterIDs() != null + && scoping.getRequesterIDs().size() > 0) { + if (scoping.getRequesterIDs().size() == 1) { + return scoping.getRequesterIDs().get(0).getRequesterID(); + } else { + log.info("Authn. request contains more than on RequesterIDs! Only use first one"); + return scoping.getRequesterIDs().get(0).getRequesterID(); + + } + } + } + + return null; + } + +} diff --git a/ms_specific_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/ms_specific_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 00000000..4c2aef74 --- /dev/null +++ b/ms_specific_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.asitplus.eidas.specific.connector.MsSpecificEidasNodeSpringResourceProvider \ No newline at end of file diff --git a/ms_specific_connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/ms_specific_connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder new file mode 100644 index 00000000..8508cc4b --- /dev/null +++ b/ms_specific_connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -0,0 +1,2 @@ +at.asitplus.eidas.specific.connector.attributes.AuthBlockAttributeBuilder +at.asitplus.eidas.specific.connector.attributes.EidasBindAttributeBuilder diff --git a/ms_specific_connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule b/ms_specific_connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule new file mode 100644 index 00000000..146191c0 --- /dev/null +++ b/ms_specific_connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule @@ -0,0 +1 @@ +at.asitplus.eidas.specific.connector.processes.CountrySelectionProcessImpl \ No newline at end of file diff --git a/ms_specific_connector/src/main/resources/application.properties b/ms_specific_connector/src/main/resources/application.properties new file mode 100644 index 00000000..700f4d74 --- /dev/null +++ b/ms_specific_connector/src/main/resources/application.properties @@ -0,0 +1,288 @@ +## Set Spring-Boot profile-configuration to 2.3 style +spring.config.use-legacy-processing=true + +## ApplicationServer configuration +server.servlet.contextPath=/ms_connector +#server.port=7080 + +app.build.artifactId=ms_connector + + + +############################################################################# +## SpringBoot Admin client +spring.boot.admin.client.enabled=false + +############################################################################# +## SpringBoot Actuator +management.endpoints.web.exposure.include=health,info + +############################################################################# +## Common parts of MS-speccific eIDAS application configuration + +#eidas.ms.context.url.prefix= +eidas.ms.context.url.request.validation=false +#eidas.ms.configRootDir=file:/.../config/ +eidas.ms.context.use.clustermode=true +eidas.ms.core.logging.level.info.errorcodes=auth.21 + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url= + + +##Specific logger configuration +eidas.ms.technicallog.write.MDS.into.techlog=true +eidas.ms.revisionlog.write.MDS.into.revisionlog=true +eidas.ms.revisionlog.logIPAddressOfUser=true + + +##Directory for static Web content +eidas.ms.webcontent.static.directory=webcontent/ +eidas.ms.webcontent.templates=templates/ +eidas.ms.webcontent.properties=properties/messages +eidas.ms.webcontent.templates.countryselection=countrySelection.html + + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.maxlifetime=300 +eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 +#eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + + +## HTTP-client defaults +eidas.ms.client.http.connection.timeout.socket=15 +eidas.ms.client.http.connection.timeout.connection=15 +eidas.ms.client.http.connection.timeout.request=15 + + +## Common PVP2 S-Profile (SAML2) configuration +#eidas.ms.pvp2.metadata.organisation.name=JUnit +#eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit +#eidas.ms.pvp2.metadata.organisation.url=http://junit.test +#eidas.ms.pvp2.metadata.contact.givenname=Max +#eidas.ms.pvp2.metadata.contact.surname=Mustermann +#eidas.ms.pvp2.metadata.contact.email=max@junit.test + +##only for advanced config +eidas.ms.configuration.pvp.scheme.validation=true +eidas.ms.configuration.pvp.enable.entitycategories=false + + + +############################################################################# +## MS-speccific eIDAS-Connector configuration + +## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector +eidas.ms.auth.eIDAS.eid.testidentity.default=false + +#eidas.ms.auth.eIDAS.node_v2.forward.endpoint= +eidas.ms.auth.eIDAS.node_v2.forward.method=POST +eidas.ms.auth.eIDAS.node_v2.countrycode=AT +eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.* + +## use SAML2 requestId as transactionIdentifier to mitigate problems with SAML2 relaystate +eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true + +## use hashed version of unique SP-Identifier as requesterId +eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm=true + +## user static requesterId for all SP's in case of LU +eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll=true + + +## set provider name for all public SPs +eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=false + +## set NameIdPolicy to 'unspecified' as work-around for DE Middleware v1.2.x +eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + +eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high + +#eidas.ms.auth.eIDAS.szrclient.useTestService=true +#eidas.ms.auth.eIDAS.szrclient.endpoint.prod= +#eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +#eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.type=jks +#eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/junit.jks +#eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=password +#eidas.ms.auth.eIDAS.szrclient.ssl.key.alias= +#eidas.ms.auth.eIDAS.szrclient.ssl.key.password= + +#eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.type= +#eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= +#eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= +eidas.ms.auth.eIDAS.szrclient.timeout.connection=15 +eidas.ms.auth.eIDAS.szrclient.timeout.response=30 +eidas.ms.auth.eIDAS.szrclient.params.vkz= + +eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false +eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject=false + + +# tech. AuthBlock signing for E-ID process +#eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s +#eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair +#eidas.ms.auth.eIDAS.authblock.keystore.path=keys/teststore.jks +#eidas.ms.auth.eIDAS.authblock.keystore.type=jks +#eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair +#eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s + + + +#### matching###### +# ZMR communication +#eidas.ms.auth.eIDAS.zmrclient.endpoint=http://localhost:1234/demozmr +#eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.type=jks +#eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.path=keys/junit.jks +#eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.password=password +#eidas.ms.auth.eIDAS.zmrclient.ssl.key.alias= +#eidas.ms.auth.eIDAS.zmrclient.ssl.key.password= + +#eidas.ms.auth.eIDAS.zmrclient.ssl.trustStore.type= +#eidas.ms.auth.eIDAS.zmrclient.ssl.trustStore.path= +#eidas.ms.auth.eIDAS.zmrclient.ssl.trustStore.password= + +eidas.ms.auth.eIDAS.zmrclient.timeout.connection=15 +eidas.ms.auth.eIDAS.zmrclient.timeout.response=30 + +#eidas.ms.auth.eIDAS.zmrclient.req.organisation.behoerdennr=jUnit123456 +eidas.ms.auth.eIDAS.zmrclient.req.update.reason.code=PERS_AENDERN +eidas.ms.auth.eIDAS.zmrclient.req.update.reason.text=KITT for eIDAS Matching +eidas.ms.auth.eIDAS.zmrclient.debug.logfullmessages=false + + +# ERnP communication +#eidas.ms.auth.eIDAS.ernpclient.endpoint=http://localhost:1718/demoernp +#eidas.ms.auth.eIDAS.ernpclient.req.organisation.behoerdennr=jUnit123456 +#eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.type=jks +#eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.path=../keystore/junit_test.jks +#eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.password=password +#eidas.ms.auth.eIDAS.ernpclient.ssl.key.alias=meta +#eidas.ms.auth.eIDAS.ernpclient.ssl.key.password=password + +# SAML2 ID Austria client for matching +#eidas.ms.modules.idaustriaclient.keystore.type=jks +#eidas.ms.modules.idaustriaclient.keystore.path= +#eidas.ms.modules.idaustriaclient.keystore.password= +#eidas.ms.modules.idaustriaclient.metadata.sign.alias= +#eidas.ms.modules.idaustriaclient.metadata.sign.password= +#eidas.ms.modules.idaustriaclient.request.sign.alias= +#eidas.ms.modules.idaustriaclient.request.sign.password= +#eidas.ms.modules.idaustriaclient.response.encryption.alias= +#eidas.ms.modules.idaustriaclient.response.encryption.password= + +#eidas.ms.modules.idaustriaclient.truststore.type=jks +#eidas.ms.modules.idaustriaclient.truststore.path= +#eidas.ms.modules.idaustriaclient.truststore.password= + +#eidas.ms.modules.idaustriaclient.idaustria.idp.entityId= +#eidas.ms.modules.idaustriaclient.idaustria.idp.metadataUrl= + + + + + +#Raw eIDAS Id data storage +eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true +eidas.ms.auth.eIDAS.szrclient.workarounds.use.getidentitylink.for.ida=true + +eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true +eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true + +eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=false +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false + + +##without mandates +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true + +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false + +##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT ----- +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true + + +## PVP2 S-Profile end-point configuration +#eidas.ms.pvp2.keystore.type=jks +#eidas.ms.pvp2.keystore.path=keys/junit.jks +#eidas.ms.pvp2.keystore.password=password +#eidas.ms.pvp2.key.metadata.alias=meta +#eidas.ms.pvp2.key.metadata.password=password +#eidas.ms.pvp2.key.signing.alias=sig +#eidas.ms.pvp2.key.signing.password=password +eidas.ms.pvp2.metadata.validity=24 + + +## Service Provider configuration +#eidas.ms.sp.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata +#eidas.ms.sp.0.pvp2.metadata.truststore=keys/junit.jks +#eidas.ms.sp.0.pvp2.metadata.truststore.password=password +#eidas.ms.sp.0.friendlyName=jUnit test +#eidas.ms.sp.0.pvp2.metadata.url= +#eidas.ms.sp.0.policy.allowed.requested.targets=.* +#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + + +##only for advanced config +eidas.ms.configuration.sp.disableRegistrationRequirement=false + + + +############################################################################# +## MS-speccific eIDAS-Proxy-Service configuration + +#### eIDAS ms-specific Proxy-Service configuration +eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy +#eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint= + +# Mandate configuration +eidas.ms.auth.eIDAS.proxy.mandates.enabled=false +#eidas.ms.auth.eIDAS.proxy.mandates.profiles.natural.default= +#eidas.ms.auth.eIDAS.proxy.mandates.profiles.legal.default= + + +## special foreign eIDAS-Connector configuration +#eidas.ms.connector.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata +#eidas.ms.connector.0.countryCode=CC +#eidas.ms.connector.0.mandates.enabled=false +#eidas.ms.connector.0.mandates.natural= +#eidas.ms.connector.0.mandates.legal= +#eidas.ms.connector.0.auth.idaustria.entityId= + + +## PVP2 S-Profile communication with ID Austria System +# EntityId and optional metadata of ID Austria System +#eidas.ms.modules.idaustriaauth.idp.entityId= +#eidas.ms.modules.idaustriaauth.idp.metadataUrl= + +# SAML2 client configuration +eidas.ms.modules.idaustriaauth.keystore.type=jks +#eidas.ms.modules.idaustriaauth.keystore.name= +#eidas.ms.modules.idaustriaauth.keystore.path= +#eidas.ms.modules.idaustriaauth.keystore.password= +#eidas.ms.modules.idaustriaauth.metadata.sign.alias= +#eidas.ms.modules.idaustriaauth.metadata.sign.password= +#eidas.ms.modules.idaustriaauth.request.sign.alias= +#eidas.ms.modules.idaustriaauth.request.sign.password= +#eidas.ms.modules.idaustriaauth.response.encryption.alias= +#eidas.ms.modules.idaustriaauth.response.encryption.password= + +# TrustStore to validate SAML2 metadata from ID Austria +#eidas.ms.modules.idaustriaauth.truststore.type=jks +#eidas.ms.modules.idaustriaauth.truststore.name= +#eidas.ms.modules.idaustriaauth.truststore.path= +#eidas.ms.modules.idaustriaauth.truststore.password= + + + diff --git a/ms_specific_connector/src/main/resources/applicationContext.xml b/ms_specific_connector/src/main/resources/applicationContext.xml new file mode 100644 index 00000000..5c5e245c --- /dev/null +++ b/ms_specific_connector/src/main/resources/applicationContext.xml @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/ms_specific_connector/src/main/resources/logback.xml b/ms_specific_connector/src/main/resources/logback.xml new file mode 100644 index 00000000..9679d9e4 --- /dev/null +++ b/ms_specific_connector/src/main/resources/logback.xml @@ -0,0 +1,30 @@ + + + + + + + + + + + + + %5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n + + + + + + + + + + + + + + + diff --git a/ms_specific_connector/src/main/resources/processes/CountrySelection.process.xml b/ms_specific_connector/src/main/resources/processes/CountrySelection.process.xml new file mode 100644 index 00000000..9c76e9a9 --- /dev/null +++ b/ms_specific_connector/src/main/resources/processes/CountrySelection.process.xml @@ -0,0 +1,29 @@ + + + + + + + + + + + + + + + + + + + diff --git a/ms_specific_connector/src/main/resources/properties/external_statuscodes_map.properties b/ms_specific_connector/src/main/resources/properties/external_statuscodes_map.properties new file mode 100644 index 00000000..a0951dfb --- /dev/null +++ b/ms_specific_connector/src/main/resources/properties/external_statuscodes_map.properties @@ -0,0 +1,76 @@ +eidas.00=1302 +eidas.01=1302 +eidas.02=1301 +eidas.03=1300 +eidas.04=1100 +eidas.05=1302 +eidas.06=1302 +eidas.07=1302 + +config.01=9099 +config.03=9099 +config.18=9099 +config.24=9099 + + +ernb.00=4601 +ernb.01=4601 +ernb.02=4600 +ernb.03=4602 + +auth.00=1100 + +auth.21=1005 +auth.26=1100 +auth.28=1100 + +auth.37=1101 +auth.38=1101 +auth.39=1099 + +process.01=9105 +process.02=9104 +process.03=9104 +process.04=9105 + +builder.00=9102 +builder.11=1099 + +parser.01=1101 + +gui.00=9103 + +pvp2.01=6100 +pvp2.02=6100 +pvp2.05=6105 +pvp2.07=6104 +pvp2.09=6199 +pvp2.10=6100 +pvp2.11=6105 +pvp2.12=6105 +pvp2.13=6199 +pvp2.14=6199 +pvp2.15=6103 +pvp2.16=6101 +pvp2.17=6102 +pvp2.20=6103 +pvp2.21=6104 +pvp2.22=6105 +pvp2.23=6105 +pvp2.24=6105 +pvp2.26=6103 +pvp2.27=6199 +pvp2.28=6105 + + +internal.00=9105 +internal.01=9199 +internal.02=9101 +internal.03=9199 +internal.04=9101 +internal.05=9106 +internal.06=9106 + +config.08=9008 +config.27=9008 +config.30=9008 \ No newline at end of file diff --git a/ms_specific_connector/src/main/resources/properties/messages.properties b/ms_specific_connector/src/main/resources/properties/messages.properties new file mode 100644 index 00000000..a2aaf95d --- /dev/null +++ b/ms_specific_connector/src/main/resources/properties/messages.properties @@ -0,0 +1,131 @@ +####### GUI elements #### +gui.general.language.selection.title=Language selection +gui.general.language.selection.de=Deutsch +gui.general.language.selection.en=English + +##Errorpage template +gui.errorpage.msg.title=Authentication error arise +gui.errorpage.msg.information=The authentication stops on account of a process error: +gui.errorpage.msg.errorcode=Error Code: +gui.errorpage.msg.errormsg=Error Message: +gui.errorpage.msg.stacktrace=Stacktrace: + +##Country-Selection page +gui.countryselection.title=eIDAS-Login Countryselection +gui.countryselection.logo.bmi.alt=Logo BMI +gui.countryselection.link.bmi=Mainpage BMI +gui.countryselection.header1=Federal Ministry of Internal Affairs +gui.countryselection.header2=Austrian Central eIDAS Node +gui.countryselection.header3=Operated by Federal Ministry of Internal Affairs +gui.countryselection.header.selection=Select your country +gui.countryselection.cancel=Cancel +gui.countryselection.notsupportedinfo=If you cannot find your country in this list then your electronic identity (eID) is not yet supported. + +gui.countryselection.infos.general.header=Information on Logins with European eIDs +gui.countryselection.infos.general.link.1=eIDAS regulation of the European Union +gui.countryselection.infos.general.link.2=Austrian Supplementary Register for Natural Persons (ERnP) +gui.countryselection.infos.general.part.1=This is the central eIDAS node of the Republic of Austria, operated by the +gui.countryselection.infos.general.part.2=It enables logins at Austrian online services using an electronic identity (eID) of another EU member state. You have been redirected to this page, as you have initiated a login to an online service using the option "EU Login". +gui.countryselection.infos.general.part.3=The central eIDAS node of the Republic of Austria allows you to login to Austrian online services using the eID of your home country. This way, compliance with the +gui.countryselection.infos.general.part.4=, which regulates the mutual cross-border acceptance of national eIDs, is achieved. The mutual cross-border acceptance of national eIDs is implemented successively within the EU. Currently, the central eIDAS node of the Republic of Austria supports logins using the eID systems of the Member States mentioned above. More Member States will be added according to availability of their respective eID solutions. +gui.countryselection.infos.general.part.5=After selecting your home country on this page, you are forwarded to the familiar login environment of the selected member state. There, you can login with your eID as usual. After successful completion of the login process, you are automatically forwarded and logged in to the online service, from which you have been redirected to this page. During your first login, your eID data is also registered in the +gui.countryselection.infos.general.part.6=This ensures that you will also be successfully and uniquely identified in subsequent logins at Austrian online services. + +gui.countryselection.country.be=Belgium +gui.countryselection.country.be.logo.alt=Belgium-eID +gui.countryselection.country.hr=Croatia +gui.countryselection.country.hr.logo.alt=Croatia-eID +gui.countryselection.country.cy=Cyprus +gui.countryselection.country.cy.logo.alt=Cyprus-eID +gui.countryselection.country.cz=Czech Republic +gui.countryselection.country.cz.logo.alt=Czech Republic-eID +gui.countryselection.country.ee=Estonia +gui.countryselection.country.ee.logo.alt=Estonia-eID +gui.countryselection.country.de=Germany +gui.countryselection.country.de.logo.alt=German-eID +gui.countryselection.country.is=Iceland +gui.countryselection.country.is.logo.alt=Iceland-eID +gui.countryselection.country.it=Italy +gui.countryselection.country.it.logo.alt=Italy-eID +<<<<<<< HEAD +gui.countryselection.country.li=Lichtenstein +gui.countryselection.country.li.logo.alt=Lichtensteinische-eID +======= +>>>>>>> 1ad67c91820de1c7f2b2541f8e39752baac197d2 +gui.countryselection.country.lt=Lithuania +gui.countryselection.country.lt.logo.alt=Lithuania-eID +gui.countryselection.country.lv=Latvia +gui.countryselection.country.lv.logo.alt=Latvia-eID +gui.countryselection.country.nl=Netherlands +gui.countryselection.country.nl.logo.alt=Netherlands-eID +gui.countryselection.country.pl=Poland +gui.countryselection.country.pl.logo.alt=Poland-eID +gui.countryselection.country.pt=Portugal +gui.countryselection.country.pt.logo.alt=Portugal-eID +gui.countryselection.country.si=Slovenia +gui.countryselection.country.si.logo.alt=Slovenia-eID +gui.countryselection.country.es=SSpain +gui.countryselection.country.es.logo.alt=Spain-eID + +gui.countryselection.country.bg=Bulgaria +gui.countryselection.country.bg.logo.alt=Bulgaria-eID +gui.countryselection.country.dk=Denmark +gui.countryselection.country.dk.logo.alt=Denmark-eID +gui.countryselection.country.fi=Finland +gui.countryselection.country.fi.logo.alt=Finland-eID +gui.countryselection.country.fr=France +gui.countryselection.country.fr.logo.alt=France-eID +gui.countryselection.country.gr=Greece +gui.countryselection.country.gr.logo.alt=Greece-eID +gui.countryselection.country.hu=Hungary +gui.countryselection.country.hu.logo.alt=Hungary-eID +gui.countryselection.country.ir=Ireland +gui.countryselection.country.ir.logo.alt=Ireland-eID +gui.countryselection.country.lu=Luxembourg +gui.countryselection.country.lu.logo.alt=Luxembourg-eID +gui.countryselection.country.mt=Malta +gui.countryselection.country.mt.logo.alt=Malta-eID +gui.countryselection.country.ro=Romania +gui.countryselection.country.ro.logo.alt=Romania-eID +gui.countryselection.country.sk=Slovakia +gui.countryselection.country.sk.logo.alt=Slovakia-eID +gui.countryselection.country.se=Sweden +gui.countryselection.country.se.logo.alt=Sweden-eID +gui.countryselection.country.uk=United Kingdom +gui.countryselection.country.uk.logo.alt=United Kingdom-eID + +gui.countryselection.country.testcountry=TestCountry +gui.countryselection.country.testcountry.logo.alt=Testcountry-eID + +gui.countryselection.mode.prod=Production +gui.countryselection.mode.qs=QS +gui.countryselection.mode.test=Test +gui.countryselection.mode.dev=Development + +##Other Login Methods page +gui.otherlogin.title=eIDAS-Login Other Login Methods +gui.otherlogin.header.selection=Select an alternative login method +gui.otherlogin.hs=Mobile Signature ("Handy-Signatur") +gui.otherlogin.eidas=Alternative eIDAS ID +gui.otherlogin.none=No alternative login methods +gui.otherlogin.cancel=Cancel + +##Austrian Residency page +gui.residency.title=Austrian Residency +gui.residency.header.selection=Search for your Austrian Residency +gui.residency.header.help=You can search for the address that you have been registered at in the past. Please enter a \ + postcode, municipality or village first to start the search. +gui.residency.header.inputinvalid=Be sure to enter a value for Municipality or Village +gui.residency.cancel=Cancel +gui.residency.search=Search +gui.residency.clear=Clear +gui.residency.proceed=Proceed +gui.residency.updated=Updated your input +gui.residency.found=Found {0} results, click on one result to refine your search +gui.residency.unique=Unique result found, please proceed +gui.residency.error=Error on Backend Call +gui.residency.input.postleitzahl=Postcode +gui.residency.input.municipality=Municipality +gui.residency.input.village=Village +gui.residency.input.street=Street +gui.residency.input.number=Number \ No newline at end of file diff --git a/ms_specific_connector/src/main/resources/properties/messages_de.properties b/ms_specific_connector/src/main/resources/properties/messages_de.properties new file mode 100644 index 00000000..187b7b37 --- /dev/null +++ b/ms_specific_connector/src/main/resources/properties/messages_de.properties @@ -0,0 +1,132 @@ +####### GUI elements #### +gui.general.language.selection.title=Sprachauswahl +gui.general.language.selection.de=Deutsch +gui.general.language.selection.en=English + +##Errorpage template +gui.errorpage.msg.title=Es ist ein Fehler aufgetreten +gui.errorpage.msg.information=Der Anmeldevorgang wurde aufgrund eines Fehlers beendet: +gui.errorpage.msg.errorcode=Fehlercode : +gui.errorpage.msg.errormsg=Fehlermeldung: +gui.errorpage.msg.stacktrace=Stacktrace: + +##Country-Selection page +gui.countryselection.title=eIDAS-Login Länderauswahl +gui.countryselection.logo.bmi.alt=Logo BMI +gui.countryselection.link.bmi=Startseite BMI +gui.countryselection.header1=Bundesministerium für Inneres +gui.countryselection.header2=Zentraler eIDAS Knoten der Republik Österreich +gui.countryselection.header3=Betrieben durch das Bundesministerium für Inneres +gui.countryselection.header.selection=Wählen Sie Ihr Land +gui.countryselection.cancel=Abbrechen +gui.countryselection.notsupportedinfo=Wenn Sie Ihr Land in dieser Aufzählung nicht entdecken, dann wird Ihre elektronische Identität (eID) leider noch nicht unterstützt. + +gui.countryselection.infos.general.header=Information zur Anmeldung über Europäische eIDs +gui.countryselection.infos.general.link.1=eIDAS-Verordnung der Europäischen Union +gui.countryselection.infos.general.link.2=Ergänzungsregister für natürliche Personen (ERnP) +gui.countryselection.infos.general.part.1=Sie befinden sich am zentralen eIDAS-Knoten der Republik Österreich. Dieser wird vom Österreichischen +gui.countryselection.infos.general.part.2=betrieben und ermöglicht eine Anmeldungen zu österreichischen Online-Anwendungen unter Verwendung einer elektronischen Identität (eID) anderer EU-Mitgliedstaaten. Sie wurden hierher weitergeleitet, da Sie in einer Online-Anwendung eine Anmeldung via EU-Login initiiert haben. +gui.countryselection.infos.general.part.3=Der zentrale eIDAS-Knoten der Republik Österreich ermöglicht Ihnen eine Anmeldung zu österreichischen Online-Anwendungen mit der eID Ihres Herkunftsstaates. Damit werden die Vorgaben der +gui.countryselection.infos.general.part.4=erfüllt, die eine staatenübergreifende Akzeptanz nationaler eIDs vorsieht. Die wechselseitige Anerkennung nationaler eIDs erfolgt in der EU schrittweise. Aktuell unterstützt der zentrale eIDAS-Knoten der Republik Österreich Anmeldungen mit den eID-Systemen der oben angeführten Mitgliedstaaten. Diese Liste wird laufend erweitert. +gui.countryselection.infos.general.part.5=Nachdem Sie auf dieser Seite einen Mitgliedsstaat ausgewählt haben, werden Sie an die gewohnte Anmeldeumgebung des jeweiligen Mitgliedsstaats weitergeleitet. Dort können Sie sich mit Ihrer eID wie gewohnt anmelden. Haben Sie den Anmeldeprozess erfolgreich abgeschlossen, werden Sie automatisch an die Online-Anwendung, von der aus Sie auf diese Auswahlseite gelangt sind, weitergeleitet und dort mit den Identitätsdaten Ihrer eID angemeldet. Gleichzeitig werden Sie bei Ihrer ersten Anmeldung auf diesem Weg mit Ihren eID-Daten in das österreichische +gui.countryselection.infos.general.part.6=eingetragen. Damit wird sichergestellt, dass Sie auch im Rahmen zukünftiger Anmeldeprozesse zu österreichischen Online-Anwendungen erfolgreich und eindeutig identifiziert werden können. + + +gui.countryselection.country.be=Belgien +gui.countryselection.country.be.logo.alt=Belgische-eID +gui.countryselection.country.hr=Kroatien +gui.countryselection.country.hr.logo.alt=Kroatische-eID +gui.countryselection.country.cy=Zypern +gui.countryselection.country.cy.logo.alt=Zypriotische-eID +gui.countryselection.country.cz=Tschechische Republik +gui.countryselection.country.cz.logo.alt=Tschechische Republik-eID +gui.countryselection.country.ee=Estland +gui.countryselection.country.ee.logo.alt=Estländische-eID +gui.countryselection.country.de=Deutschland +gui.countryselection.country.de.logo.alt=Deutsche-eID +gui.countryselection.country.is=Island +gui.countryselection.country.is.logo.alt=Isländische-eID +gui.countryselection.country.it=Italien +gui.countryselection.country.it.logo.alt=Italienische-eID +<<<<<<< HEAD +gui.countryselection.country.li=Lichtenstein +gui.countryselection.country.li.logo.alt=Lichtensteinische-eID +======= +>>>>>>> 1ad67c91820de1c7f2b2541f8e39752baac197d2 +gui.countryselection.country.lt=Litauen +gui.countryselection.country.lt.logo.alt=Litauische-eID +gui.countryselection.country.lv=Lettland +gui.countryselection.country.lv.logo.alt=Lettländische-eID +gui.countryselection.country.nl=Niederlande +gui.countryselection.country.nl.logo.alt=Niederländische-eID +gui.countryselection.country.pl=Polen +gui.countryselection.country.pl.logo.alt=Polnische-eID +gui.countryselection.country.pt=Portugal +gui.countryselection.country.pt.logo.alt=Portugisische-eID +gui.countryselection.country.si=Slovenien +gui.countryselection.country.si.logo.alt=Slovenische-eID +gui.countryselection.country.es=Spanien +gui.countryselection.country.es.logo.alt=Spanische-eID + +gui.countryselection.country.bg=Bulgarien +gui.countryselection.country.bg.logo.alt=Bulgarische-eID +gui.countryselection.country.dk=Dänemark +gui.countryselection.country.dk.logo.alt=Dänische-eID +gui.countryselection.country.fi=Finnland +gui.countryselection.country.fi.logo.alt=Finische-eID +gui.countryselection.country.fr=Frankreich +gui.countryselection.country.fr.logo.alt=Französiche-eID +gui.countryselection.country.gr=Grichenland +gui.countryselection.country.gr.logo.alt=Grichische-eID +gui.countryselection.country.hu=Ungarn +gui.countryselection.country.hu.logo.alt=Ungarische-eID +gui.countryselection.country.ir=Irland +gui.countryselection.country.ir.logo.alt=Irische-eID +gui.countryselection.country.lu=Luxenburg +gui.countryselection.country.lu.logo.alt=Luxenburgische-eID +gui.countryselection.country.mt=Malta +gui.countryselection.country.mt.logo.alt=Malta-eID +gui.countryselection.country.ro=Romänien +gui.countryselection.country.ro.logo.alt=Romänische-eID +gui.countryselection.country.sk=Slovakei +gui.countryselection.country.sk.logo.alt=Slovakische-eID +gui.countryselection.country.se=Schweden +gui.countryselection.country.se.logo.alt=Schwedische-eID +gui.countryselection.country.uk=Großbritanien +gui.countryselection.country.uk.logo.alt=Britische-eID + +gui.countryselection.country.testcountry=Testland +gui.countryselection.country.testcountry.logo.alt=Testland-eID + +gui.countryselection.mode.prod=Produktion +gui.countryselection.mode.qs=Qualitätsicherung +gui.countryselection.mode.test=Test +gui.countryselection.mode.dev=Development + +##Other Login Methods page +gui.otherlogin.title=eIDAS-Login Alternative Anmeldemethoden +gui.otherlogin.header.selection=Wählen Sie eine alternative Anmeldemethode +gui.otherlogin.hs=Handy-Signatur +gui.otherlogin.eidas=Alternativer eIDAS Login +gui.otherlogin.none=Keine +gui.otherlogin.cancel=Abbrechen + +##Austrian Residency page +gui.residency.title=Österreichischer Wohnsitz +gui.residency.header.selection=Suche nach Österreichischem Wohnsitz +gui.residency.header.help=Hier können Sie nach einem Wohnsitze in Österreich suchen. Bitte geben Sie zuerst eine \ + Postleitzahl, Gemeinde oder Ortschaft ein um die Suche zu starten. +gui.residency.header.inputinvalid=Bitte geben Sie einen Wert für Gemeinde oder Ortschaft ein +gui.residency.cancel=Abbrechen +gui.residency.search=Suche +gui.residency.clear=Löschen +gui.residency.proceed=Fortfahren +gui.residency.updated=Eingabe aktualisiert +gui.residency.found={0} Ergebnisse gefunden, klicken Sie auf ein Ergebnis um die Suche zu verfeinern +gui.residency.unique=Eindeutiges Ergebnis gefunden, bitte fortfahren +gui.residency.error=Fehler bei Addresssuche +gui.residency.input.postleitzahl=PLZ +gui.residency.input.municipality=Gemeinde +gui.residency.input.village=Ortschaft +gui.residency.input.street=Straße +gui.residency.input.number=Nummer \ No newline at end of file diff --git a/ms_specific_connector/src/main/resources/properties/status_messages_en.properties b/ms_specific_connector/src/main/resources/properties/status_messages_en.properties new file mode 100644 index 00000000..f07a8705 --- /dev/null +++ b/ms_specific_connector/src/main/resources/properties/status_messages_en.properties @@ -0,0 +1,75 @@ +eidas.00=eIDAS Attribute {0} not found. Can not finish authentication process +eidas.01=NO eIDAS response-message found. Can not finish authentication process +eidas.02=eIDAS response-message contains an error. ErrorCode: {0}, ErrorMsg: {1} +eidas.03=No CitizenCountry available. Can not start eIDAS authentication process +eidas.04=Request contains no sessionToken. Authentication process stops +eidas.05=Received eIDAS response-message is not valid. Reason: {0} +eidas.06=LoA from eIDAS response-message {0} does not match to requested LoA +eidas.07=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1}. + + +config.01=No configuration-file parameter found. Maybe Java SystemD parameter is missing +config.03=Can not load configuration from path {0} (See logs for more details) +config.18=Configuration file {0} is not available on filesystem +config.24=Configuration file {1} does not start with {0} prefix. + + +ernb.00=Receive no identity-link from SZR +ernb.01=Receive no bPK from SZR +ernb.02=SZR response contains an error. ErrorMsg: {0} +ernb.03=Post-processing of eIDAS attributes failed. Reason: {0} + +auth.00=Service provider: {0} is unknown +auth.21=The authentication process was stopped by user +auth.26=No transaction identifier +auth.28=Found no active transaction with Id: {0}. Maybe, the transaction was removed after timeout +auth.37=Requested bPK-Target: {0} does not match allowed targets for service provider: {1} +auth.38=Passive authentication was requested but user as no active session +auth.39=Error: '{0}' in post-processing of authentication data. Can not finish authentication process + +process.01=Can not execute authentication process +process.02=Find no applicable authentication process for transaction with Id: {0} +process.03=Can not resume the authentication process. Reason: {0} +process.04=Can not execute authentication process. Problem with an internal state + +builder.00=Can not generate data structure "{0}": {1} +builder.11=Error: '{0}' in post-processing of authentication data. Can not finish authentication process + +parser.01=Error during eID-data processing. Reason: {0} + +gui.00=Can not build GUI component. Reason: {0} + +pvp2.01=General error during SAML2 response encoding +pvp2.02=SAML2 attribute contains an wrong encoded value +pvp2.05=LoA from SAML2 Authn. request: {0} is not supported +pvp2.07=SAML2 Authn. request contains is not signed +pvp2.09=SAML2 request contains an unsupported operation. (OperationId: {0}) +pvp2.10=SAML2 Attribute: {0} is not available +pvp2.11=SAML2 Binding: {0} is not supported +pvp2.12=SAML2 NameID Format {0} is not supported +pvp2.13=Internal server error during SAML2 processing +pvp2.14=SAML2 authentication not available +pvp2.15=No SAML2 metadata available or metadata processing failed +pvp2.16=Encryption of SAML2 assertion failed +pvp2.17=LoA from SAML2 Authn. request: {1} does not match to authenticated LoA: {0} by using matching-mode: {2} +pvp2.20=SAML2 Authn. request contains an unknown or empty EntityID. +pvp2.21=Signature validation of SAML2 Authn. request failed. Reason: {0} +pvp2.22=Validation of SAML2 Authn. request failed. Reason: {0} +pvp2.23=Validation of SAML2 Authn. request failed. Reason: AssertionConsumerServiceURL {0} is not valid. +pvp2.24=General error during SAML2 Auth. request pre-processing. Reason: {0} +pvp2.26=SAML2 metadata validation failed. Reason: {0} +pvp2.27=General error during SAML2 metadata generation +pvp2.28=Validation of SAML2 Authn. request failed. Reason: AssertionConsumerServiceIndex {0} is not valid. + + +internal.00=The authentication process stops by reason of an internal problem +internal.01=The LogOut process stops by reason of an internal problem +internal.02=Internal error. Can not access data cache. +internal.03=Internal error. Can not initialize a cryptographic method. +internal.04=Internal error. Can not access data cache (Reason: {0}). +internal.05=Internal error. Can not access SQLite database for identity-data storage (Reason: {0}) +internal.06=Internal error. Can not query SQLite database for identity-data storage (Reason: {0}) + +config.08=Configuration value: {0} is missing. +config.27=Configuration parameter processing failed. Reason: {0} +config.30=External configuration not found. File: {0} diff --git a/ms_specific_connector/src/main/resources/specific_eIDAS_connector.beans.xml b/ms_specific_connector/src/main/resources/specific_eIDAS_connector.beans.xml new file mode 100644 index 00000000..9861a7c6 --- /dev/null +++ b/ms_specific_connector/src/main/resources/specific_eIDAS_connector.beans.xml @@ -0,0 +1,75 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/ms_specific_connector/src/main/resources/templates/countrySelection.html b/ms_specific_connector/src/main/resources/templates/countrySelection.html new file mode 100644 index 00000000..14457210 --- /dev/null +++ b/ms_specific_connector/src/main/resources/templates/countrySelection.html @@ -0,0 +1,269 @@ + + + + + + + + eIDAS-Login Länderauswahl + + +
+
+ + +
+
+
+
+

Zentraler eIDAS Knoten der Republik Österreich

+

Betrieben durch das Bundesministerium für Inneres

+
+ +

Wählen Sie Ihr Land / Select your country

+ +
+
+ Germany-eID + + + + +
+ +
+ Belgium-eID + +
+ +
+ Bulgaria-eID + +
+ +
+ Croatia-eID + +
+ +
+ Cyprus-eID + +
+ +
+ CzechRepublic-eID + +
+ +
+ Denmark-eID + +
+ +
+ Estonia-eID + +
+ +
+ Finland-eID + +
+ +
+ France-eID + +
+ +
+ Greece-eID + +
+ +
+ Hungary-eID + +
+ +
+ Ireland-eID + +
+ +
+ Italy-eID + + +
+ +
+ Latvia-eID + +
+ +
+ Luxembourg-eID + +
+ +
+ Malta-eID + +
+ +
+ Poland-eID + +
+ +
+ Portugal-eID + +
+ +
+ Romania-eID + +
+ +
+ Slovakia-eID + +
+ +
+ Slovenia-eID + +
+ +
+ Spain-eID + + +
+ +
+ Sweden-eID + +
+ +
+ TheNetherlands-eID + +
+ +
+ UnitedKingdom-eID + +
+ +
+ + +
+ + + +
+ +

Wenn Sie Ihr Land in dieser Aufzählung nicht entdecken + ...

+ +

Information zur Anmeldung über Europäische eIDs

+

+ first part + Bundesministerium + für Inneres + second part +

+ +

+ third part + eIDAS-Verordnung der Europäischen Union + fourth part +

+ +

+ fived part + + sixed part +

+ +
+
+ +
+
+ + diff --git a/ms_specific_connector/src/main/resources/templates/eidas_node_forward.html b/ms_specific_connector/src/main/resources/templates/eidas_node_forward.html new file mode 100644 index 00000000..3cd30d36 --- /dev/null +++ b/ms_specific_connector/src/main/resources/templates/eidas_node_forward.html @@ -0,0 +1,36 @@ + + + + + + + + +
Your login is being processed. Thank you for + waiting.
+ +
+
+ +
+ +
+ + + \ No newline at end of file diff --git a/ms_specific_connector/src/main/resources/templates/error_message.html b/ms_specific_connector/src/main/resources/templates/error_message.html new file mode 100644 index 00000000..c5f1ebb3 --- /dev/null +++ b/ms_specific_connector/src/main/resources/templates/error_message.html @@ -0,0 +1,37 @@ + + + + + + + An error arise ... + + + +
+
+

Authentication error arise

+ +
+

Error Header

+ +
+

Error Information

+
+

Code :

+

Msg :

+
+ +
+ +
+

fullError

+
+ +
+
+ + \ No newline at end of file diff --git a/ms_specific_connector/src/main/resources/templates/language_selection.html b/ms_specific_connector/src/main/resources/templates/language_selection.html new file mode 100644 index 00000000..a268eb17 --- /dev/null +++ b/ms_specific_connector/src/main/resources/templates/language_selection.html @@ -0,0 +1,15 @@ + + + + + +
+ Spache1 +     + Spache2 +
+ + + + \ No newline at end of file diff --git a/ms_specific_connector/src/main/resources/templates/other_login_method.html b/ms_specific_connector/src/main/resources/templates/other_login_method.html new file mode 100644 index 00000000..e5f03712 --- /dev/null +++ b/ms_specific_connector/src/main/resources/templates/other_login_method.html @@ -0,0 +1,90 @@ + + + + + + + eIDAS-Login Other Login Methods + + + +
+
+ + +
+
+
+
+

Zentraler eIDAS Knoten der Republik Österreich

+

Betrieben durch das Bundesministerium für Inneres

+
+ +

Select an alternative login method

+ +
+
+ + + +
+
+ + + +
+
+ + + +
+
+ + +
+ + + +
+ +
+
+ +
+
+ + diff --git a/ms_specific_connector/src/main/resources/templates/pvp2_post_binding.html b/ms_specific_connector/src/main/resources/templates/pvp2_post_binding.html new file mode 100644 index 00000000..06b9b494 --- /dev/null +++ b/ms_specific_connector/src/main/resources/templates/pvp2_post_binding.html @@ -0,0 +1,36 @@ +## ## Velocity Template for SAML 2 HTTP-POST binding ## ## Velocity +##context may contain the following properties ## action - String - the +##action URL for the form ## RelayState - String - the relay state for the +##message ## SAMLRequest - String - the Base64 encoded SAML Request ## +##SAMLResponse - String - the Base64 encoded SAML Response + + + + + + + + +
Your login is being processed. Thank you for + waiting.
+ +
+
+ #if($RelayState) #end + #if($SAMLRequest) #end + #if($SAMLResponse) #end +
+ +
+ + + \ No newline at end of file diff --git a/ms_specific_connector/src/main/resources/templates/residency.html b/ms_specific_connector/src/main/resources/templates/residency.html new file mode 100644 index 00000000..6e266449 --- /dev/null +++ b/ms_specific_connector/src/main/resources/templates/residency.html @@ -0,0 +1,251 @@ + + + + + + + + Österreichischer Wohnsitz + + + + + +
+
+ + +
+
+
+
+

Zentraler eIDAS Knoten der Republik Österreich

+

Betrieben durch das Bundesministerium für Inneres

+
+ +

Search your Austrian Residency

+ +
+
+

Please enter a postcode, municipality or village first

+
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + + +
+ +
+
+ +
+ + + +
+ +
+ +
+ +
+
+

+
+ + + + + + + + + + + + + + +
+ +
+
+ +
+
+ + diff --git a/ms_specific_connector/src/main/resources/tomcat.properties b/ms_specific_connector/src/main/resources/tomcat.properties new file mode 100644 index 00000000..38ab5a64 --- /dev/null +++ b/ms_specific_connector/src/main/resources/tomcat.properties @@ -0,0 +1,15 @@ +tomcat.ajp.enabled=true +#tomcat.ajp.port=41009 +#tomcat.ajp.additionalAttributes.secretrequired=true +#tomcat.ajp.additionalAttributes.secret= + +server.tomcat.accesslog.buffered=false +server.tomcat.accesslog.prefix=tomcat-access_log +server.tomcat.accesslog.directory=logs/ +server.tomcat.accesslog.enabled=true +server.tomcat.accesslog.file-date-format=.yyyy-MM-dd +server.tomcat.accesslog.pattern=common +server.tomcat.accesslog.rename-on-rotate=false +server.tomcat.accesslog.request-attributes-enabled=true +server.tomcat.accesslog.rotate=true +server.tomcat.accesslog.suffix=.log \ No newline at end of file diff --git a/ms_specific_connector/src/main/webapp/WEB-INF/web.xml b/ms_specific_connector/src/main/webapp/WEB-INF/web.xml new file mode 100644 index 00000000..d5425ad4 --- /dev/null +++ b/ms_specific_connector/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,22 @@ + + + + AT eIDAS connector + MS specific eIDAS connector to national eID infrastructure + + + index.html + + + + 5 + + + + 500 + /errorpage.jsp + + + diff --git a/ms_specific_connector/src/main/webapp/autocommit.js b/ms_specific_connector/src/main/webapp/autocommit.js new file mode 100644 index 00000000..d21a5651 --- /dev/null +++ b/ms_specific_connector/src/main/webapp/autocommit.js @@ -0,0 +1,5 @@ +function autoCommmit() { + document.forms[0].submit(); +} + +document.addEventListener('DOMContentLoaded', autoCommmit); \ No newline at end of file diff --git a/ms_specific_connector/src/main/webapp/css/css_country.css b/ms_specific_connector/src/main/webapp/css/css_country.css new file mode 100644 index 00000000..297f0366 --- /dev/null +++ b/ms_specific_connector/src/main/webapp/css/css_country.css @@ -0,0 +1,62 @@ +@charset "utf-8"; + body { + background-image: url(img/globus_eu.png); + background-repeat: no-repeat; + background-attachment: fixed; + background-position: top; + background-color: #F9F9F9; + font-family: Arial, Helvetica, sans-serif; + } + #page { + padding-top: 2%; + padding-left: 10%; + } + + #country { + display: flex; + flex-direction: row; + flex-wrap: wrap; + align-items: center; + } + + .block { + display: flex; + flex-direction: row; + flex-wrap: wrap; + cursor: pointer; + text-decoration: none; + padding-right:2%; + width: 250px; + } + + .countryimage { + width:50px; + height:50px; + padding-right: 2%; + padding-bottom: 4%; + } + + input[type=button], input[type=submit], input[type=reset] { + display:flex; + background-color:transparent; + border:none; + color: black; + text-decoration: none; + cursor: pointer; + } + #testEnvironment { + border: none; + color: black; + padding: 10px 20px; + text-decoration: none; + margin: 4px 2px; + height: 3%; + display: inline-block; + vertical-align: middle; + width: 40%; + } + #button{ + background-color: transparent; + border:none; + } + \ No newline at end of file diff --git a/ms_specific_connector/src/main/webapp/css/css_error.css b/ms_specific_connector/src/main/webapp/css/css_error.css new file mode 100644 index 00000000..d772df43 --- /dev/null +++ b/ms_specific_connector/src/main/webapp/css/css_error.css @@ -0,0 +1,26 @@ +@charset "utf-8"; + body { + padding-left: 5%; + background-color: #F9F9F9; + } + #page { + padding-top: 2%; + padding-right: 10%; + padding-left: 5%; + } + + .OA_header { + font-size: 2.1em; + padding-top:1%; + margin-bottom: 1%; + margin-top: 1%; + + } + + #alert_area { + float:left; + width: 100%; + } + + + diff --git a/ms_specific_connector/src/main/webapp/img/ajax-loader.gif b/ms_specific_connector/src/main/webapp/img/ajax-loader.gif new file mode 100644 index 00000000..f2a1bc0c Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/ajax-loader.gif differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Belgium-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Belgium-EU_.png new file mode 100644 index 00000000..6ca01ceb Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Belgium-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Belgium-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Belgium-EU_gray.png new file mode 100644 index 00000000..347ba4c7 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Belgium-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Bulgaria-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Bulgaria-EU_.png new file mode 100644 index 00000000..9f317227 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Bulgaria-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Bulgaria-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Bulgaria-EU_gray.png new file mode 100644 index 00000000..2f3dac9d Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Bulgaria-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Croatia-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Croatia-EU_.png new file mode 100644 index 00000000..cdace013 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Croatia-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Croatia-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Croatia-EU_gray.png new file mode 100644 index 00000000..26ca185a Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Croatia-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Cyprus-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Cyprus-EU_.png new file mode 100644 index 00000000..0af033d9 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Cyprus-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Cyprus-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Cyprus-EU_gray.png new file mode 100644 index 00000000..ee7ee3dc Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Cyprus-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/CzechRepublic-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/CzechRepublic-EU_.png new file mode 100644 index 00000000..150b80b4 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/CzechRepublic-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/CzechRepublic-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/CzechRepublic-EU_gray.png new file mode 100644 index 00000000..e517a757 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/CzechRepublic-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Denmark-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Denmark-EU_.png new file mode 100644 index 00000000..9ab8f949 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Denmark-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Denmark-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Denmark-EU_gray.png new file mode 100644 index 00000000..82a8eebc Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Denmark-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Estonia-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Estonia-EU_.png new file mode 100644 index 00000000..a7d403bf Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Estonia-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Estonia-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Estonia-EU_gray.png new file mode 100644 index 00000000..1633b424 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Estonia-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Finland-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Finland-EU_.png new file mode 100644 index 00000000..3f4e2e01 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Finland-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Finland-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Finland-EU_gray.png new file mode 100644 index 00000000..bdd5831c Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Finland-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/France-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/France-EU_.png new file mode 100644 index 00000000..eaee2254 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/France-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/France-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/France-EU_gray.png new file mode 100644 index 00000000..242e278d Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/France-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Germany-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Germany-EU_gray.png new file mode 100644 index 00000000..e68fe8a5 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Germany-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Greece-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Greece-EU_.png new file mode 100644 index 00000000..929cc294 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Greece-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Greece-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Greece-EU_gray.png new file mode 100644 index 00000000..4b1d1230 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Greece-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Hungary-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Hungary-EU_.png new file mode 100644 index 00000000..b60be10e Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Hungary-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Hungary-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Hungary-EU_gray.png new file mode 100644 index 00000000..fbb2c959 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Hungary-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Iceland.png b/ms_specific_connector/src/main/webapp/img/countries/Iceland.png new file mode 100644 index 00000000..18b13341 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Iceland.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Iceland_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Iceland_gray.png new file mode 100644 index 00000000..6b1ebb97 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Iceland_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Ireland-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Ireland-EU_.png new file mode 100644 index 00000000..16a3f970 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Ireland-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Ireland-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Ireland-EU_gray.png new file mode 100644 index 00000000..23ad027e Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Ireland-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Italy-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Italy-EU_.png new file mode 100644 index 00000000..5f2cb3ec Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Italy-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Italy-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Italy-EU_gray.png new file mode 100644 index 00000000..8c34ac5b Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Italy-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Latvia-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Latvia-EU_.png new file mode 100644 index 00000000..da290d21 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Latvia-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Latvia-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Latvia-EU_gray.png new file mode 100644 index 00000000..d3734a43 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Latvia-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Lichtenstein.png b/ms_specific_connector/src/main/webapp/img/countries/Lichtenstein.png new file mode 100644 index 00000000..09755c7f Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Lichtenstein.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Lichtenstein_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Lichtenstein_gray.png new file mode 100644 index 00000000..09755c7f Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Lichtenstein_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Lithuania-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Lithuania-EU_.png new file mode 100644 index 00000000..14e633f0 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Lithuania-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Lithuania-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Lithuania-EU_gray.png new file mode 100644 index 00000000..62d2e0c8 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Lithuania-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Luxembourg-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Luxembourg-EU_.png new file mode 100644 index 00000000..a89db9c2 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Luxembourg-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Luxembourg-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Luxembourg-EU_gray.png new file mode 100644 index 00000000..8804c4f3 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Luxembourg-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Malta-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Malta-EU_.png new file mode 100644 index 00000000..cabe7926 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Malta-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Malta-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Malta-EU_gray.png new file mode 100644 index 00000000..55c03aa0 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Malta-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Poland-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Poland-EU_.png new file mode 100644 index 00000000..e734ac63 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Poland-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Poland-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Poland-EU_gray.png new file mode 100644 index 00000000..f9faac55 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Poland-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Portugal-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Portugal-EU_.png new file mode 100644 index 00000000..017e7a19 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Portugal-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Portugal-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Portugal-EU_gray.png new file mode 100644 index 00000000..ada526b8 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Portugal-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Romania-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Romania-EU_.png new file mode 100644 index 00000000..0a84f406 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Romania-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Romania-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Romania-EU_gray.png new file mode 100644 index 00000000..4bf3e2e6 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Romania-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Slovakia-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Slovakia-EU_.png new file mode 100644 index 00000000..38748a1a Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Slovakia-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Slovakia-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Slovakia-EU_gray.png new file mode 100644 index 00000000..e2e41760 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Slovakia-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Slovenia-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Slovenia-EU_.png new file mode 100644 index 00000000..d1946b0b Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Slovenia-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Slovenia-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Slovenia-EU_gray.png new file mode 100644 index 00000000..b96eed00 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Slovenia-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Spain-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Spain-EU_.png new file mode 100644 index 00000000..f3b66e25 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Spain-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Spain-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Spain-EU_gray.png new file mode 100644 index 00000000..f951c8bf Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Spain-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Sweden-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/Sweden-EU_.png new file mode 100644 index 00000000..5e936083 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Sweden-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/Sweden-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/Sweden-EU_gray.png new file mode 100644 index 00000000..e3fe0c6a Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/Sweden-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/TestLoginLogo.png b/ms_specific_connector/src/main/webapp/img/countries/TestLoginLogo.png new file mode 100644 index 00000000..ba4cca6c Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/TestLoginLogo.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/TheNetherlands-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/TheNetherlands-EU_.png new file mode 100644 index 00000000..791614a7 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/TheNetherlands-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/TheNetherlands-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/TheNetherlands-EU_gray.png new file mode 100644 index 00000000..a25133a6 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/TheNetherlands-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/UnitedKingdom-EU_.png b/ms_specific_connector/src/main/webapp/img/countries/UnitedKingdom-EU_.png new file mode 100644 index 00000000..f1217cc0 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/UnitedKingdom-EU_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/UnitedKingdom-EU_gray.png b/ms_specific_connector/src/main/webapp/img/countries/UnitedKingdom-EU_gray.png new file mode 100644 index 00000000..501bd200 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/UnitedKingdom-EU_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/countries_eu_gray.png b/ms_specific_connector/src/main/webapp/img/countries/countries_eu_gray.png new file mode 100644 index 00000000..e68fe8a5 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/countries_eu_gray.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/demo.png b/ms_specific_connector/src/main/webapp/img/countries/demo.png new file mode 100644 index 00000000..7e9d6be9 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/demo.png differ diff --git a/ms_specific_connector/src/main/webapp/img/countries/germany-eu_.png b/ms_specific_connector/src/main/webapp/img/countries/germany-eu_.png new file mode 100644 index 00000000..788776b9 Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/countries/germany-eu_.png differ diff --git a/ms_specific_connector/src/main/webapp/img/globus_eu.png b/ms_specific_connector/src/main/webapp/img/globus_eu.png new file mode 100644 index 00000000..7ac30cec Binary files /dev/null and b/ms_specific_connector/src/main/webapp/img/globus_eu.png differ diff --git a/ms_specific_connector/src/main/webapp/index.html b/ms_specific_connector/src/main/webapp/index.html new file mode 100644 index 00000000..55370ebe --- /dev/null +++ b/ms_specific_connector/src/main/webapp/index.html @@ -0,0 +1,24 @@ + + + + + + Austrian specific eIDAS-Connector + + + +
+
+

Austrian specific eIDAS-Connector

+ +
+

Your are on the Austrian specific eIDAS-Connector. +

+ This service acts as a national gateway to eIDAS proxy-services and can by only used in combination with Austrian online applications.

+ +
+ +
+
+ + \ No newline at end of file diff --git a/ms_specific_connector/src/main/webapp/js/jquery-3.6.0.min.js b/ms_specific_connector/src/main/webapp/js/jquery-3.6.0.min.js new file mode 100644 index 00000000..c4c6022f --- /dev/null +++ b/ms_specific_connector/src/main/webapp/js/jquery-3.6.0.min.js @@ -0,0 +1,2 @@ +/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */ +!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.6.0",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0+~]|"+M+")"+M+"*"),U=new RegExp(M+"|>"),X=new RegExp(F),V=new RegExp("^"+I+"$"),G={ID:new RegExp("^#("+I+")"),CLASS:new RegExp("^\\.("+I+")"),TAG:new RegExp("^("+I+"|[*])"),ATTR:new RegExp("^"+W),PSEUDO:new RegExp("^"+F),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+R+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/HTML$/i,Q=/^(?:input|select|textarea|button)$/i,J=/^h\d$/i,K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ie=function(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(p.childNodes),p.childNodes),t[p.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,t){L.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function se(t,e,n,r){var i,o,a,s,u,l,c,f=e&&e.ownerDocument,p=e?e.nodeType:9;if(n=n||[],"string"!=typeof t||!t||1!==p&&9!==p&&11!==p)return n;if(!r&&(T(e),e=e||C,E)){if(11!==p&&(u=Z.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return H.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&d.getElementsByClassName&&e.getElementsByClassName)return H.apply(n,e.getElementsByClassName(i)),n}if(d.qsa&&!N[t+" "]&&(!v||!v.test(t))&&(1!==p||"object"!==e.nodeName.toLowerCase())){if(c=t,f=e,1===p&&(U.test(t)||z.test(t))){(f=ee.test(t)&&ye(e.parentNode)||e)===e&&d.scope||((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=S)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{return H.apply(n,f.querySelectorAll(c)),n}catch(e){N(t,!0)}finally{s===S&&e.removeAttribute("id")}}}return g(t.replace($,"$1"),e,n,r)}function ue(){var r=[];return function e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[S]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function fe(e,t){var n=e.split("|"),r=n.length;while(r--)b.attrHandle[n[r]]=t}function pe(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&e.sourceIndex-t.sourceIndex;if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function de(t){return function(e){return"input"===e.nodeName.toLowerCase()&&e.type===t}}function he(n){return function(e){var t=e.nodeName.toLowerCase();return("input"===t||"button"===t)&&e.type===n}}function ge(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.isDisabled!==!t&&ae(e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function ve(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument||e).documentElement;return!Y.test(t||n&&n.nodeName||"HTML")},T=se.setDocument=function(e){var t,n,r=e?e.ownerDocument||e:p;return r!=C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),p!=C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.scope=ce(function(e){return a.appendChild(e).appendChild(C.createElement("div")),"undefined"!=typeof e.querySelectorAll&&!e.querySelectorAll(":scope fieldset div").length}),d.attributes=ce(function(e){return e.className="i",!e.getAttribute("className")}),d.getElementsByTagName=ce(function(e){return e.appendChild(C.createComment("")),!e.getElementsByTagName("*").length}),d.getElementsByClassName=K.test(C.getElementsByClassName),d.getById=ce(function(e){return a.appendChild(e).id=S,!C.getElementsByName||!C.getElementsByName(S).length}),d.getById?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},b.find.CLASS=d.getElementsByClassName&&function(e,t){if("undefined"!=typeof t.getElementsByClassName&&E)return t.getElementsByClassName(e)},s=[],v=[],(d.qsa=K.test(C.querySelectorAll))&&(ce(function(e){var t;a.appendChild(e).innerHTML="",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+S+"-]").length||v.push("~="),(t=C.createElement("input")).setAttribute("name",""),e.appendChild(t),e.querySelectorAll("[name='']").length||v.push("\\["+M+"*name"+M+"*="+M+"*(?:''|\"\")"),e.querySelectorAll(":checked").length||v.push(":checked"),e.querySelectorAll("a#"+S+"+*").length||v.push(".#.+[+~]"),e.querySelectorAll("\\\f"),v.push("[\\r\\n\\f]")}),ce(function(e){e.innerHTML="";var t=C.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"*[*^$|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).disabled=!0,2!==e.querySelectorAll(":disabled").length&&v.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),v.push(",.*:")})),(d.matchesSelector=K.test(c=a.matches||a.webkitMatchesSelector||a.mozMatchesSelector||a.oMatchesSelector||a.msMatchesSelector))&&ce(function(e){d.disconnectedMatch=c.call(e,"*"),c.call(e,"[s!='']:x"),s.push("!=",F)}),v=v.length&&new RegExp(v.join("|")),s=s.length&&new RegExp(s.join("|")),t=K.test(a.compareDocumentPosition),y=t||K.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},j=t?function(e,t){if(e===t)return l=!0,0;var n=!e.compareDocumentPosition-!t.compareDocumentPosition;return n||(1&(n=(e.ownerDocument||e)==(t.ownerDocument||t)?e.compareDocumentPosition(t):1)||!d.sortDetached&&t.compareDocumentPosition(e)===n?e==C||e.ownerDocument==p&&y(p,e)?-1:t==C||t.ownerDocument==p&&y(p,t)?1:u?P(u,e)-P(u,t):0:4&n?-1:1)}:function(e,t){if(e===t)return l=!0,0;var n,r=0,i=e.parentNode,o=t.parentNode,a=[e],s=[t];if(!i||!o)return e==C?-1:t==C?1:i?-1:o?1:u?P(u,e)-P(u,t):0;if(i===o)return pe(e,t);n=e;while(n=n.parentNode)a.unshift(n);n=t;while(n=n.parentNode)s.unshift(n);while(a[r]===s[r])r++;return r?pe(a[r],s[r]):a[r]==p?-1:s[r]==p?1:0}),C},se.matches=function(e,t){return se(e,null,null,t)},se.matchesSelector=function(e,t){if(T(e),d.matchesSelector&&E&&!N[t+" "]&&(!s||!s.test(t))&&(!v||!v.test(t)))try{var n=c.call(e,t);if(n||d.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(e){N(t,!0)}return 0":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(te,ne),e[3]=(e[3]||e[4]||e[5]||"").replace(te,ne),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||se.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&se.error(e[0]),e},PSEUDO:function(e){var t,n=!e[6]&&e[2];return G.CHILD.test(e[0])?null:(e[3]?e[2]=e[4]||e[5]||"":n&&X.test(n)&&(t=h(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(te,ne).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=m[e+" "];return t||(t=new RegExp("(^|"+M+")"+e+"("+M+"|$)"))&&m(e,function(e){return t.test("string"==typeof e.className&&e.className||"undefined"!=typeof e.getAttribute&&e.getAttribute("class")||"")})},ATTR:function(n,r,i){return function(e){var t=se.attr(e,n);return null==t?"!="===r:!r||(t+="","="===r?t===i:"!="===r?t!==i:"^="===r?i&&0===t.indexOf(i):"*="===r?i&&-1:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i;function j(e,n,r){return m(n)?S.grep(e,function(e,t){return!!n.call(e,t,e)!==r}):n.nodeType?S.grep(e,function(e){return e===n!==r}):"string"!=typeof n?S.grep(e,function(e){return-1)[^>]*|#([\w-]+))$/;(S.fn.init=function(e,t,n){var r,i;if(!e)return this;if(n=n||D,"string"==typeof e){if(!(r="<"===e[0]&&">"===e[e.length-1]&&3<=e.length?[null,e,null]:q.exec(e))||!r[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof S?t[0]:t,S.merge(this,S.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:E,!0)),N.test(r[1])&&S.isPlainObject(t))for(r in t)m(this[r])?this[r](t[r]):this.attr(r,t[r]);return this}return(i=E.getElementById(r[2]))&&(this[0]=i,this.length=1),this}return e.nodeType?(this[0]=e,this.length=1,this):m(e)?void 0!==n.ready?n.ready(e):e(S):S.makeArray(e,this)}).prototype=S.fn,D=S(E);var L=/^(?:parents|prev(?:Until|All))/,H={children:!0,contents:!0,next:!0,prev:!0};function O(e,t){while((e=e[t])&&1!==e.nodeType);return e}S.fn.extend({has:function(e){var t=S(e,this),n=t.length;return this.filter(function(){for(var e=0;e\x20\t\r\n\f]*)/i,he=/^$|^module$|\/(?:java|ecma)script/i;ce=E.createDocumentFragment().appendChild(E.createElement("div")),(fe=E.createElement("input")).setAttribute("type","radio"),fe.setAttribute("checked","checked"),fe.setAttribute("name","t"),ce.appendChild(fe),y.checkClone=ce.cloneNode(!0).cloneNode(!0).lastChild.checked,ce.innerHTML="",y.noCloneChecked=!!ce.cloneNode(!0).lastChild.defaultValue,ce.innerHTML="",y.option=!!ce.lastChild;var ge={thead:[1,"","
"],col:[2,"","
"],tr:[2,"","
"],td:[3,"","
"],_default:[0,"",""]};function ve(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t||"*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t||"*"):[],void 0===t||t&&A(e,t)?S.merge([e],n):n}function ye(e,t){for(var n=0,r=e.length;n",""]);var me=/<|&#?\w+;/;function xe(e,t,n,r,i){for(var o,a,s,u,l,c,f=t.createDocumentFragment(),p=[],d=0,h=e.length;d\s*$/g;function je(e,t){return A(e,"table")&&A(11!==t.nodeType?t:t.firstChild,"tr")&&S(e).children("tbody")[0]||e}function De(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function qe(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Le(e,t){var n,r,i,o,a,s;if(1===t.nodeType){if(Y.hasData(e)&&(s=Y.get(e).events))for(i in Y.remove(t,"handle events"),s)for(n=0,r=s[i].length;n").attr(n.scriptAttrs||{}).prop({charset:n.scriptCharset,src:n.url}).on("load error",i=function(e){r.remove(),i=null,e&&t("error"===e.type?404:200,e.type)}),E.head.appendChild(r[0])},abort:function(){i&&i()}}});var _t,zt=[],Ut=/(=)\?(?=&|$)|\?\?/;S.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=zt.pop()||S.expando+"_"+wt.guid++;return this[e]=!0,e}}),S.ajaxPrefilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Ut.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Ut.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCallback=m(e.jsonpCallback)?e.jsonpCallback():e.jsonpCallback,a?e[a]=e[a].replace(Ut,"$1"+r):!1!==e.jsonp&&(e.url+=(Tt.test(e.url)?"&":"?")+e.jsonp+"="+r),e.converters["script json"]=function(){return o||S.error(r+" was not called"),o[0]},e.dataTypes[0]="json",i=C[r],C[r]=function(){o=arguments},n.always(function(){void 0===i?S(C).removeProp(r):C[r]=i,e[r]&&(e.jsonpCallback=t.jsonpCallback,zt.push(r)),o&&m(i)&&i(o[0]),o=i=void 0}),"script"}),y.createHTMLDocument=((_t=E.implementation.createHTMLDocument("").body).innerHTML="
",2===_t.childNodes.length),S.parseHTML=function(e,t,n){return"string"!=typeof e?[]:("boolean"==typeof t&&(n=t,t=!1),t||(y.createHTMLDocument?((r=(t=E.implementation.createHTMLDocument("")).createElement("base")).href=E.location.href,t.head.appendChild(r)):t=E),o=!n&&[],(i=N.exec(e))?[t.createElement(i[1])]:(i=xe([e],t,o),o&&o.length&&S(o).remove(),S.merge([],i.childNodes)));var r,i,o},S.fn.load=function(e,t,n){var r,i,o,a=this,s=e.indexOf(" ");return-1").append(S.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.responseText,t,e])})}),this},S.expr.pseudos.animated=function(t){return S.grep(S.timers,function(e){return t===e.elem}).length},S.offset={setOffset:function(e,t,n){var r,i,o,a,s,u,l=S.css(e,"position"),c=S(e),f={};"static"===l&&(e.style.position="relative"),s=c.offset(),o=S.css(e,"top"),u=S.css(e,"left"),("absolute"===l||"fixed"===l)&&-1<(o+u).indexOf("auto")?(a=(r=c.position()).top,i=r.left):(a=parseFloat(o)||0,i=parseFloat(u)||0),m(t)&&(t=t.call(e,n,S.extend({},s))),null!=t.top&&(f.top=t.top-s.top+a),null!=t.left&&(f.left=t.left-s.left+i),"using"in t?t.using.call(e,f):c.css(f)}},S.fn.extend({offset:function(t){if(arguments.length)return void 0===t?this:this.each(function(e){S.offset.setOffset(this,t,e)});var e,n,r=this[0];return r?r.getClientRects().length?(e=r.getBoundingClientRect(),n=r.ownerDocument.defaultView,{top:e.top+n.pageYOffset,left:e.left+n.pageXOffset}):{top:0,left:0}:void 0},position:function(){if(this[0]){var e,t,n,r=this[0],i={top:0,left:0};if("fixed"===S.css(r,"position"))t=r.getBoundingClientRect();else{t=this.offset(),n=r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===S.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=S(e).offset()).top+=S.css(e,"borderTopWidth",!0),i.left+=S.css(e,"borderLeftWidth",!0))}return{top:t.top-i.top-S.css(r,"marginTop",!0),left:t.left-i.left-S.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===S.css(e,"position"))e=e.offsetParent;return e||re})}}),S.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(t,i){var o="pageYOffset"===i;S.fn[t]=function(e){return $(this,function(e,t,n){var r;if(x(e)?r=e:9===e.nodeType&&(r=e.defaultView),void 0===n)return r?r[i]:e[t];r?r.scrollTo(o?r.pageXOffset:n,o?n:r.pageYOffset):e[t]=n},t,e,arguments.length)}}),S.each(["top","left"],function(e,n){S.cssHooks[n]=Fe(y.pixelPosition,function(e,t){if(t)return t=We(e,n),Pe.test(t)?S(e).position()[n]+"px":t})}),S.each({Height:"height",Width:"width"},function(a,s){S.each({padding:"inner"+a,content:s,"":"outer"+a},function(r,o){S.fn[o]=function(e,t){var n=arguments.length&&(r||"boolean"!=typeof e),i=r||(!0===e||!0===t?"margin":"border");return $(this,function(e,t,n){var r;return x(e)?0===o.indexOf("outer")?e["inner"+a]:e.document.documentElement["client"+a]:9===e.nodeType?(r=e.documentElement,Math.max(e.body["scroll"+a],r["scroll"+a],e.body["offset"+a],r["offset"+a],r["client"+a])):void 0===n?S.css(e,t,i):S.style(e,t,n,i)},s,n?e:void 0,n)}})}),S.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){S.fn[t]=function(e){return this.on(t,e)}}),S.fn.extend({bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)},hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),S.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(e,n){S.fn[n]=function(e,t){return 0