aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Reimair <florian.reimair@iaik.tugraz.at>2016-01-15 09:16:34 +0100
committerFlorian Reimair <florian.reimair@iaik.tugraz.at>2016-01-15 09:16:34 +0100
commit8fe8c50523236d4235bc5bcd059c3c99fff9aa71 (patch)
tree058efe1b3eac7f09737cf1630a1869dadae0be02
parentb8b01a93311156704c9c003e3128c544a5e2ba48 (diff)
parent2d8bef6716671c96575f4ab3e0ca97f094705c15 (diff)
downloadmoa-id-spss-8fe8c50523236d4235bc5bcd059c3c99fff9aa71.tar.gz
moa-id-spss-8fe8c50523236d4235bc5bcd059c3c99fff9aa71.tar.bz2
moa-id-spss-8fe8c50523236d4235bc5bcd059c3c99fff9aa71.zip
Merge remote-tracking branch 'origin/eSense_eIDAS_development' into eSense_eIDAS_development
-rw-r--r--0001-fix-problems-with-OracleDB-and-configuration-storage.patch1158
-rw-r--r--0002-change-default-filename-in-configuration-download-di.patch25
-rw-r--r--0003-update-handbook-and-release-information.patch752
-rw-r--r--common/src/main/resources/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd35
-rw-r--r--common/src/main/resources/resources/schemas/ts_119612v010201_sie_xsd.xsd81
-rw-r--r--common/src/main/resources/resources/schemas/ts_119612v010201_xsd.xsd337
-rw-r--r--id/server/data/deploy/conf/moa-id/moa-id.properties2
-rw-r--r--id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml4
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/eIDAS_metadata/eIDAS_test_node.crt26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java172
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java (renamed from id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java)0
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java (renamed from id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java)0
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java54
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java)33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java20
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java15
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java290
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java120
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java132
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java50
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java4
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java27
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java49
-rw-r--r--repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.jarbin0 -> 232486 bytes
-rw-r--r--repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.pom8
33 files changed, 3315 insertions, 126 deletions
diff --git a/0001-fix-problems-with-OracleDB-and-configuration-storage.patch b/0001-fix-problems-with-OracleDB-and-configuration-storage.patch
new file mode 100644
index 000000000..c03696599
--- /dev/null
+++ b/0001-fix-problems-with-OracleDB-and-configuration-storage.patch
@@ -0,0 +1,1158 @@
+From fa3f73a46151d06c4f80eb0c43d3eda6c23c3709 Mon Sep 17 00:00:00 2001
+From: Thomas Lenz <tlenz@iaik.tugraz.at>
+Date: Tue, 15 Sep 2015 12:55:30 +0200
+Subject: [PATCH 1/3] fix problems with OracleDB and configuration storage
+ implementation
+
+---
+ .../config/ConfigurationProvider.java | 7 +
+ .../validation/oa/OAPVP2ConfigValidation.java | 6 +-
+ .../moa-id-configtool.properties | 1 +
+ .../data/deploy/conf/moa-id/moa-id.properties | 1 +
+ .../PropertyBasedAuthConfigurationProvider.java | 12 +-
+ .../id/storage/AuthenticationSessionStoreage.java | 569 ++++++++++++---------
+ .../main/resources/moaid.configuration.beans.xml | 2 +-
+ .../config/persistence/MOAIDConfiguration.java | 12 +
+ .../config/persistence/MOAIDConfigurationImpl.java | 110 ++--
+ .../moa/id/commons/db/MOASessionDBUtils.java | 10 +-
+ .../moa/id/commons/db/NewConfigurationDBRead.java | 7 +-
+ .../db/dao/config/DatabaseConfigPropertyImpl.java | 35 +-
+ .../src/main/resources/moaid.migration.beans.xml | 2 +-
+ 13 files changed, 494 insertions(+), 280 deletions(-)
+
+diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+index 849e819..e2a55db 100644
+--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
++++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+@@ -188,6 +188,13 @@ public class ConfigurationProvider {
+
+
+ /**
++ * @return the props
++ */
++ public Properties getConfigurationProperties() {
++ return props;
++ }
++
++ /**
+ * @return the deprecatedDBWrite
+ */
+ public FileBasedUserConfiguration getUserManagement() {
+diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+index 18452ed..35b6927 100644
+--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
++++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+@@ -76,7 +76,11 @@ public class OAPVP2ConfigValidation {
+
+ else {
+ try {
+- Map<String, String> oa = ConfigurationProvider.getInstance().getDbRead().getOnlineApplicationKeyValueWithId(oaID);
++ //OracleDB does not allow the selection of a lob in SQL where expression
++ String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class");
++ boolean backupVersion = MiscUtil.isNotEmpty(dbDriver) && dbDriver.startsWith("oracle.jdbc.");
++
++ Map<String, String> oa = ConfigurationProvider.getInstance().getDbRead().getOnlineApplicationKeyValueWithId(oaID, backupVersion);
+ if (oa != null &&
+ MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE))) {
+ certSerialized = Base64Utils.decode(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE), false);
+diff --git a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
+index 9a3b367..825a9f1 100644
+--- a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
++++ b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
+@@ -35,6 +35,7 @@ dbcp.maxWaitMillis=-1
+ dbcp.testOnBorrow=true
+ dbcp.testOnReturn=false
+ dbcp.testWhileIdle=false
++dbcp.validationQuery=SELECT 1
+
+ ##Mail
+ general.mail.host=smtp.localhost...
+diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
+index 66f9afa..49e69c5 100644
+--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
++++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
+@@ -107,6 +107,7 @@ configuration.dbcp.maxWaitMillis=-1
+ configuration.dbcp.testOnBorrow=true
+ configuration.dbcp.testOnReturn=false
+ configuration.dbcp.testWhileIdle=false
++configuration.dbcp.validationQuery=SELECT 1
+
+ #
+ #Hibnerate configuration for MOA-ID 2.0 advanced statistic logging
+diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+index 190c5f0..6458314 100644
+--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
++++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+@@ -980,9 +980,17 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
+ * @return the requested online application or {@code null}
+ */
+ public Map<String, String> getActiveOnlineApplication(String id) {
+- Logger.trace("Get active OnlineApplication with ID " + id + " from database.");
++ Logger.trace("Get active OnlineApplication with ID " + id + " from database.");
++ Map<String, String> oaConfig = null;
+ try {
+- Map<String, String> oaConfig = configuration.getOnlineApplication(id);
++ //OracleDB does not allow the selection of a lob in SQL where expression
++ String dbDriver = properties.getProperty("configuration.hibernate.connection.driver_class");
++ if (MiscUtil.isNotEmpty(dbDriver) && dbDriver.startsWith("oracle.jdbc."))
++ oaConfig = configuration.getOnlineApplicationBackupVersion(id);
++
++ else
++ oaConfig = configuration.getOnlineApplication(id);
++
+ if (oaConfig != null) {
+ String isActiveString = oaConfig.get(MOAIDConfigurationConstants.SERVICE_ISACTIVE);
+ if (isActiveString != null && Boolean.valueOf(isActiveString))
+diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+index 4b4b5dd..829383c 100644
+--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
++++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+@@ -206,26 +206,34 @@ public class AuthenticationSessionStoreage {
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+-
+- synchronized (session) {
+-
+- session.beginTransaction();
+- Query query = session.getNamedQuery("getSessionWithID");
+- query.setParameter("sessionid", moaSessionID);
+- result = query.list();
+-
+-
+- Logger.trace("Found entries: " + result.size());
++ Transaction tx = null;
++ try {
++ synchronized (session) {
++
++ tx = session.beginTransaction();
++ Query query = session.getNamedQuery("getSessionWithID");
++ query.setParameter("sessionid", moaSessionID);
++ result = query.list();
++
+
+- //Assertion requires an unique artifact
+- if (result.size() != 1) {
+- Logger.trace("No entries found.");
+- throw new MOADatabaseException("No session found with this sessionID");
++ Logger.trace("Found entries: " + result.size());
++
++ //Assertion requires an unique artifact
++ if (result.size() != 1) {
++ Logger.trace("No entries found.");
++ throw new MOADatabaseException("No session found with this sessionID");
++ }
++
++ AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
++ tx.commit();
++ cleanDelete(dbsession);
+ }
+
+- AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
+- session.getTransaction().commit();
+- cleanDelete(dbsession);
++ } catch (Exception e) {
++ if (tx != null && !tx.wasCommitted())
++ tx.rollback();
++ throw e;
++
+ }
+
+ }
+@@ -290,28 +298,36 @@ public class AuthenticationSessionStoreage {
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+-
+- synchronized (session) {
+- session.beginTransaction();
+- Query query = session.getNamedQuery("getSessionWithSSOID");
+- query.setParameter("sessionid", SSOSessionID);
+- result = query.list();
++ Transaction tx = null;
++ try {
++ synchronized (session) {
++
++ tx = session.beginTransaction();
++ Query query = session.getNamedQuery("getSessionWithSSOID");
++ query.setParameter("sessionid", SSOSessionID);
++ result = query.list();
+
+- //send transaction
+- session.getTransaction().commit();
+- }
++ //send transaction
++ tx.commit();
++
++ }
+
+- Logger.trace("Found entries: " + result.size());
++ Logger.trace("Found entries: " + result.size());
+
+- //Assertion requires an unique artifact
+- if (result.size() != 1) {
+- Logger.trace("No entries found.");
+- return null;
++ //Assertion requires an unique artifact
++ if (result.size() != 1) {
++ Logger.trace("No entries found.");
++ return null;
+
+- } else {
+- return result.get(0).getSessionid();
++ } else {
++ return result.get(0).getSessionid();
+
+- }
++ }
++ } catch (Exception e) {
++ if (tx != null && !tx.wasCommitted())
++ tx.rollback();
++ throw e;
++ }
+ }
+
+ public static boolean isSSOSession(String sessionID) throws MOADatabaseException {
+@@ -331,27 +347,33 @@ public class AuthenticationSessionStoreage {
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+-
+- synchronized (session) {
+- session.beginTransaction();
+- Query query = session.getNamedQuery("getSessionWithSSOID");
+- query.setParameter("sessionid", SSOId);
+- result = query.list();
++ Transaction tx = null;
++ try {
++ synchronized (session) {
++ tx = session.beginTransaction();
++ Query query = session.getNamedQuery("getSessionWithSSOID");
++ query.setParameter("sessionid", SSOId);
++ result = query.list();
++
++ //send transaction
++ tx.commit();
++ }
++
++ Logger.trace("Found entries: " + result.size());
+
+- //send transaction
+- session.getTransaction().commit();
++ //Assertion requires an unique artifact
++ if (result.size() != 1) {
++ Logger.trace("No entries found.");
++ return null;
++
++ } else {
++ return result.get(0);
++ }
++ } catch (Exception e) {
++ if (tx != null && !tx.wasCommitted())
++ tx.rollback();
++ throw e;
+ }
+-
+- Logger.trace("Found entries: " + result.size());
+-
+- //Assertion requires an unique artifact
+- if (result.size() != 1) {
+- Logger.trace("No entries found.");
+- return null;
+-
+- } else {
+- return result.get(0);
+- }
+ }
+
+ public static void addSSOInformation(String moaSessionID, String SSOSessionID,
+@@ -453,13 +475,15 @@ public class AuthenticationSessionStoreage {
+
+ } catch(HibernateException e) {
+ Logger.warn("Error during database saveOrUpdate. Rollback.", e);
+- tx.rollback();
+- throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null);
+- }
++ if (tx != null && !tx.wasCommitted())
++ tx.rollback();
++ throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null);
++ }
+ }
+
+ public static List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) {
+ MiscUtil.assertNotNull(moaSession, "MOASession");
++ Session session = null;
+
+ try {
+ List<OASessionStore> oas = new ArrayList<OASessionStore>();
+@@ -467,7 +491,7 @@ public class AuthenticationSessionStoreage {
+ AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false);
+ oas.addAll(dbsession.getActiveOAsessions());
+
+- Session session = MOASessionDBUtils.getCurrentSession();
++ session = MOASessionDBUtils.getCurrentSession();
+ session.getTransaction().commit();
+
+ return oas;
+@@ -475,6 +499,14 @@ public class AuthenticationSessionStoreage {
+ } catch (MOADatabaseException e) {
+ Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e);
+
++ } catch (Exception e) {
++ if (session != null && session.getTransaction() != null
++ && !session.getTransaction().wasCommitted()) {
++ session.getTransaction().rollback();
++ throw e;
++
++ }
++
+ }
+
+ return null;
+@@ -482,13 +514,13 @@ public class AuthenticationSessionStoreage {
+
+ public static List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) {
+ MiscUtil.assertNotNull(moaSession, "MOASession");
+-
++ Session session = null;
+ try {
+ List<InterfederationSessionStore> idps = new ArrayList<InterfederationSessionStore>();
+ AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false);
+ idps.addAll(dbsession.getInderfederation());
+
+- Session session = MOASessionDBUtils.getCurrentSession();
++ session = MOASessionDBUtils.getCurrentSession();
+ session.getTransaction().commit();
+
+ return idps;
+@@ -496,6 +528,14 @@ public class AuthenticationSessionStoreage {
+ } catch (MOADatabaseException e) {
+ Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e);
+
++ } catch (Exception e) {
++ if (session != null && session.getTransaction() != null
++ && !session.getTransaction().wasCommitted()) {
++ session.getTransaction().rollback();
++ throw e;
++
++ }
++
+ }
+
+ return null;
+@@ -507,35 +547,42 @@ public class AuthenticationSessionStoreage {
+ Logger.trace("Get moaSession for userNameID " + userNameID + " and OA "
+ + oaID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+-
+- List<AuthenticatedSessionStore> result;
++ Transaction tx = null;
+
+- synchronized (session) {
+- session.beginTransaction();
+- Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID");
+- query.setParameter("oaID", oaID);
+- query.setParameter("nameID", userNameID);
+- result = query.list();
++ List<AuthenticatedSessionStore> result = null;;
++ try {
++ synchronized (session) {
++ tx = session.beginTransaction();
++ Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID");
++ query.setParameter("oaID", oaID);
++ query.setParameter("nameID", userNameID);
++ result = query.list();
++
++ //send transaction
++ tx.commit();
++ }
+
+- //send transaction
+- session.getTransaction().commit();
+- }
+-
+- Logger.trace("Found entries: " + result.size());
+-
+- //Assertion requires an unique artifact
+- if (result.size() != 1) {
+- Logger.trace("No unique entry found.");
+- return null;
+-
+- }
+- try {
+- return decryptSession(result.get(0));
++ Logger.trace("Found entries: " + result.size());
++
++ //Assertion requires an unique artifact
++ if (result.size() != 1) {
++ Logger.trace("No unique entry found.");
++ return null;
++
++ }
++
++ return decryptSession(result.get(0));
+
+ } catch (BuildException e) {
+- Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e);
++ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e);
+ return null;
++
++ } catch (Exception e) {
++ if (tx != null && !tx.wasCommitted())
++ tx.rollback();
++ throw e;
+ }
++
+ }
+
+ public static OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) {
+@@ -547,29 +594,36 @@ public class AuthenticationSessionStoreage {
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+-
+- synchronized (session) {
+- session.beginTransaction();
+- Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
+- query.setParameter("sessionID", moaSession.getSessionID());
+- query.setParameter("oaID", oaID);
+- query.setParameter("protocol", protocolType);
+- result = query.list();
++ Transaction tx = null;
++ try {
++ synchronized (session) {
++ tx = session.beginTransaction();
++ Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
++ query.setParameter("sessionID", moaSession.getSessionID());
++ query.setParameter("oaID", oaID);
++ query.setParameter("protocol", protocolType);
++ result = query.list();
++
++ //send transaction
++ tx.commit();
++ }
+
+- //send transaction
+- session.getTransaction().commit();
+- }
+-
+- Logger.trace("Found entries: " + result.size());
+-
+- //Assertion requires an unique artifact
+- if (result.size() == 0) {
+- Logger.trace("No entries found.");
+- return null;
+-
+- }
+-
+- return result.get(0).getActiveOAsessions().get(0);
++ Logger.trace("Found entries: " + result.size());
++
++ //Assertion requires an unique artifact
++ if (result.size() == 0) {
++ Logger.trace("No entries found.");
++ return null;
++
++ }
++
++ return result.get(0).getActiveOAsessions().get(0);
++
++ } catch (Exception e) {
++ if (tx != null && !tx.wasCommitted())
++ tx.rollback();
++ throw e;
++ }
+ }
+
+ public static String getPendingRequestID(String sessionID) {
+@@ -584,6 +638,7 @@ public class AuthenticationSessionStoreage {
+ }
+
+ public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) {
++ Transaction tx = null;
+ try {
+ MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");
+ Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database.");
+@@ -592,13 +647,13 @@ public class AuthenticationSessionStoreage {
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+- session.beginTransaction();
++ tx = session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithPendingRequestID");
+ query.setParameter("sessionid", pedingRequestID);
+ result = query.list();
+
+ //send transaction
+- session.getTransaction().commit();
++ tx.commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+@@ -613,8 +668,13 @@ public class AuthenticationSessionStoreage {
+
+ } catch (Throwable e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID);
++
++ if (tx != null && !tx.wasCommitted())
++ tx.rollback();
++
+ return null;
+- }
++
++ }
+ }
+
+ public static boolean deleteSessionWithPendingRequestID(String id) {
+@@ -623,34 +683,39 @@ public class AuthenticationSessionStoreage {
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+-
+- synchronized (session) {
+- session.beginTransaction();
+- Query query = session.getNamedQuery("getSessionWithPendingRequestID");
+- query.setParameter("sessionid", id);
+- result = query.list();
++ Transaction tx = null;
++ try {
++ synchronized (session) {
++ tx = session.beginTransaction();
++ Query query = session.getNamedQuery("getSessionWithPendingRequestID");
++ query.setParameter("sessionid", id);
++ result = query.list();
++
++ //send transaction
++ tx.commit();
++ }
+
+- //send transaction
+- session.getTransaction().commit();
+- }
+-
+- Logger.trace("Found entries: " + result.size());
+-
+- //Assertion requires an unique artifact
+- if (result.size() != 1) {
+- Logger.trace("No entries found.");
+- return false;
+-
+- } else {
+- cleanDelete(result.get(0));
+- return true;
+- }
+-
+-
++ Logger.trace("Found entries: " + result.size());
++
++ //Assertion requires an unique artifact
++ if (result.size() != 1) {
++ Logger.trace("No entries found.");
++ return false;
++
++ } else {
++ cleanDelete(result.get(0));
++ return true;
++ }
++ } catch (Exception e) {
++ if (tx != null && !tx.wasCommitted())
++ tx.rollback();
++ throw e;
++ }
+ }
+
+ public static AuthenticationSession getSessionWithUserNameID(String nameID) {
+
++ Transaction tx = null;
+ try {
+ MiscUtil.assertNotNull(nameID, "nameID");
+ Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database.");
+@@ -659,13 +724,13 @@ public class AuthenticationSessionStoreage {
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+- session.beginTransaction();
++ tx = session.beginTransaction();
+ Query query = session.getNamedQuery("getMOAISessionWithUserNameID");
+ query.setParameter("usernameid", StringEscapeUtils.escapeHtml(nameID));
+ result = query.list();
+
+ //send transaction
+- session.getTransaction().commit();
++ tx.commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+@@ -679,7 +744,9 @@ public class AuthenticationSessionStoreage {
+ return decryptSession(result.get(0));
+
+ } catch (Throwable e) {
+- Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID);
++ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID);
++ if (tx != null && !tx.wasCommitted())
++ tx.rollback();
+ return null;
+ }
+
+@@ -691,27 +758,33 @@ public class AuthenticationSessionStoreage {
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+-
+- synchronized (session) {
+- session.beginTransaction();
+- Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionID");
+- query.setParameter("sessionID", sessionID);
+- result = query.list();
++ Transaction tx = null;
++ try {
++ synchronized (session) {
++ tx = session.beginTransaction();
++ Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionID");
++ query.setParameter("sessionID", sessionID);
++ result = query.list();
++
++ //send transaction
++ tx.commit();
++ }
+
+- //send transaction
+- session.getTransaction().commit();
+- }
+-
+- Logger.trace("Found entries: " + result.size());
+-
+- //Assertion requires an unique artifact
+- if (result.size() == 0) {
+- Logger.trace("No entries found.");
+- return null;
+-
+- }
+-
+- return result.get(0).getInderfederation().get(0);
++ Logger.trace("Found entries: " + result.size());
++
++ //Assertion requires an unique artifact
++ if (result.size() == 0) {
++ Logger.trace("No entries found.");
++ return null;
++
++ }
++
++ return result.get(0).getInderfederation().get(0);
++ } catch (Exception e) {
++ if (tx != null && !tx.wasCommitted())
++ tx.rollback();
++ throw e;
++ }
+ }
+
+ public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID) {
+@@ -721,28 +794,34 @@ public class AuthenticationSessionStoreage {
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+-
+- synchronized (session) {
+- session.beginTransaction();
+- Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID");
+- query.setParameter("sessionID", sessionID);
+- query.setParameter("idpID", idpID);
+- result = query.list();
++ Transaction tx = null;
++ try {
++ synchronized (session) {
++ tx = session.beginTransaction();
++ Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID");
++ query.setParameter("sessionID", sessionID);
++ query.setParameter("idpID", idpID);
++ result = query.list();
++
++ //send transaction
++ tx.commit();
++ }
+
+- //send transaction
+- session.getTransaction().commit();
+- }
+-
+- Logger.trace("Found entries: " + result.size());
+-
+- //Assertion requires an unique artifact
+- if (result.size() == 0) {
+- Logger.trace("No entries found.");
+- return null;
+-
+- }
+-
+- return result.get(0).getInderfederation().get(0);
++ Logger.trace("Found entries: " + result.size());
++
++ //Assertion requires an unique artifact
++ if (result.size() == 0) {
++ Logger.trace("No entries found.");
++ return null;
++
++ }
++
++ return result.get(0).getInderfederation().get(0);
++ } catch (Exception e) {
++ if (tx != null && !tx.wasCommitted())
++ tx.rollback();
++ throw e;
++ }
+ }
+
+ public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {
+@@ -847,27 +926,33 @@ public class AuthenticationSessionStoreage {
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+-
+- synchronized (session) {
+- session.beginTransaction();
+- Query query = session.getNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID");
+- query.setParameter("sessionID", moaSession.getSessionID());
+- result = query.list();
++ Transaction tx = null;
++ try {
++ synchronized (session) {
++ tx = session.beginTransaction();
++ Query query = session.getNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID");
++ query.setParameter("sessionID", moaSession.getSessionID());
++ result = query.list();
++
++ //send transaction
++ tx.commit();
++ }
+
+- //send transaction
+- session.getTransaction().commit();
+- }
+-
+- Logger.trace("Found entries: " + result.size());
+-
+- //Assertion requires an unique artifact
+- if (result.size() == 0) {
+- Logger.trace("No entries found.");
+- return null;
+-
+- }
+-
+- return result.get(0).getInderfederation().get(0);
++ Logger.trace("Found entries: " + result.size());
++
++ //Assertion requires an unique artifact
++ if (result.size() == 0) {
++ Logger.trace("No entries found.");
++ return null;
++
++ }
++
++ return result.get(0).getInderfederation().get(0);
++ } catch (Exception e) {
++ if (tx != null && !tx.wasCommitted())
++ tx.rollback();
++ throw e;
++ }
+ }
+
+ /**
+@@ -930,28 +1015,34 @@ public class AuthenticationSessionStoreage {
+
+ List<AuthenticatedSessionStore> results;
+ Session session = MOASessionDBUtils.getCurrentSession();
+-
+- synchronized (session) {
+- session.beginTransaction();
+- Query query = session.getNamedQuery("getMOAISessionsWithTimeOut");
+- query.setTimestamp("timeoutcreate", expioredatecreate);
+- query.setTimestamp("timeoutupdate", expioredateupdate);
+- results = query.list();
+- session.getTransaction().commit();
+- }
+-
+- if (results.size() != 0) {
+- for(AuthenticatedSessionStore result : results) {
+- try {
+- cleanDelete(result);
+- Logger.info("Authenticated session with sessionID=" + result.getSessionid()
+- + " after session timeout.");
+-
+- } catch (HibernateException e){
+- Logger.warn("Authenticated session with sessionID=" + result.getSessionid()
+- + " not removed after timeout! (Error during Database communication)", e);
+- }
+- }
++ Transaction tx = null;
++ try {
++ synchronized (session) {
++ tx = session.beginTransaction();
++ Query query = session.getNamedQuery("getMOAISessionsWithTimeOut");
++ query.setTimestamp("timeoutcreate", expioredatecreate);
++ query.setTimestamp("timeoutupdate", expioredateupdate);
++ results = query.list();
++ tx.commit();
++ }
++
++ if (results.size() != 0) {
++ for(AuthenticatedSessionStore result : results) {
++ try {
++ cleanDelete(result);
++ Logger.info("Authenticated session with sessionID=" + result.getSessionid()
++ + " after session timeout.");
++
++ } catch (HibernateException e){
++ Logger.warn("Authenticated session with sessionID=" + result.getSessionid()
++ + " not removed after timeout! (Error during Database communication)", e);
++ }
++ }
++ }
++ } catch (Exception e) {
++ if (tx != null && !tx.wasCommitted())
++ tx.rollback();
++ throw e;
+ }
+ }
+
+@@ -1004,26 +1095,32 @@ public class AuthenticationSessionStoreage {
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List result;
+-
+- synchronized (session) {
+- session.beginTransaction();
+- Query query = session.getNamedQuery("getSessionWithID");
+- query.setParameter("sessionid", sessionID);
+- result = query.list();
++ Transaction tx = null;
++ try {
++ synchronized (session) {
++ tx = session.beginTransaction();
++ Query query = session.getNamedQuery("getSessionWithID");
++ query.setParameter("sessionid", sessionID);
++ result = query.list();
++
++ //send transaction
++ if (commit)
++ tx.commit();
++ }
+
+- //send transaction
+- if (commit)
+- session.getTransaction().commit();
+- }
+-
+- Logger.trace("Found entries: " + result.size());
+-
+- //Assertion requires an unique artifact
+- if (result.size() != 1) {
+- Logger.trace("No entries found.");
+- throw new MOADatabaseException("No session found with this sessionID");
+- }
+-
+- return (AuthenticatedSessionStore) result.get(0);
++ Logger.trace("Found entries: " + result.size());
++
++ //Assertion requires an unique artifact
++ if (result.size() != 1) {
++ Logger.trace("No entries found.");
++ throw new MOADatabaseException("No session found with this sessionID");
++ }
++
++ return (AuthenticatedSessionStore) result.get(0);
++ } catch (Exception e) {
++ if (tx != null && !tx.wasCommitted() && commit)
++ tx.rollback();
++ throw e;
++ }
+ }
+ }
+diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
+index 206fde8..7e319e2 100644
+--- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
++++ b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
+@@ -29,7 +29,7 @@
+ <property name="testOnBorrow" value="${configuration.dbcp.testOnBorrow}" />
+ <property name="testOnReturn" value="${configuration.dbcp.testOnReturn}" />
+ <property name="testWhileIdle" value="${configuration.dbcp.testWhileIdle}" />
+- <property name="validationQuery" value="SELECT 1" />
++ <property name="validationQuery" value="${configuration.dbcp.validationQuery}" />
+ </bean>
+
+ <bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
+diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfiguration.java
+index 223f29a..4bd459f 100644
+--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfiguration.java
++++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfiguration.java
+@@ -61,4 +61,16 @@ public interface MOAIDConfiguration extends Configuration {
+ * @throws ConfigurationException in case of an configuration access error
+ */
+ public Map<String, String> getOnlineApplication(String publicURLPrefix) throws ConfigurationException;
++
++
++ /**
++ * Load an OnlineApplication configuration and remove the OA key prefix
++ * This is a backup version if direct UniqueID selection does not work
++ *
++ * @param publicURLPrefix: Unique identifier of online application
++ * @return Properties of the online application or null if no OA is found
++ * @throws ConfigurationException in case of an configuration access error
++ */
++ public Map<String, String> getOnlineApplicationBackupVersion(String publicURLPrefix) throws ConfigurationException;
++
+ }
+\ No newline at end of file
+diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java
+index 297c63d..b9b5ad6 100644
+--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java
++++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java
+@@ -1,5 +1,7 @@
+ package at.gv.egovernment.moa.id.commons.config.persistence;
+
++import java.sql.SQLSyntaxErrorException;
++import java.util.ArrayList;
+ import java.util.HashMap;
+ import java.util.Iterator;
+ import java.util.List;
+@@ -131,13 +133,88 @@ public class MOAIDConfigurationImpl extends DatabaseConfigPropertyImpl implement
+ String keyId = MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES
+ + ".%."
+ + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER;
+-
++
++ List<ConfigProperty> oaSearchResult = null;
+ TypedQuery<ConfigProperty> oaSearchQuery = em.createQuery("select dbconfig from ConfigProperty dbconfig where dbconfig.key like :key and dbconfig.value = SUBSTRING(:uniqueID, 1, LENGTH(dbconfig.value))", ConfigProperty.class);
+ oaSearchQuery.setParameter("key", keyId);
+ oaSearchQuery.setParameter("uniqueID", publicURLPrefix);
+- List<ConfigProperty> oaSearchResult = oaSearchQuery.getResultList();
++ oaSearchResult = oaSearchQuery.getResultList();
++
++ return postProcessLoadOnlineApplication(em, oaSearchResult);
++
++ }
++
++ /* (non-Javadoc)
++ * @see at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration#getOnlineApplicationBackupVersion(java.lang.String)
++ */
++ @Override
++ public Map<String, String> getOnlineApplicationBackupVersion(
++ String publicURLPrefix) throws ConfigurationException {
++ Logger.debug("Use backup implementation to query configuration database");
++
++ EntityManager em = this.getPersistenceContext();
++ if (null == em) {
++ Logger.error("No EntityManager set!");
++ throw new ConfigurationException("No EntityManager set!");
++
++ }
++
++ //search key prefix for online application with this publicURLPrefix
++ String keyId = MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES
++ + ".%."
++ + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER;
+
+- if (oaSearchResult.size() == 0) {
++ List<ConfigProperty> oaSearchResult = new ArrayList<ConfigProperty>();
++
++ TypedQuery<ConfigProperty> oaSearchQuery = em.createQuery("select dbconfig from ConfigProperty dbconfig where dbconfig.key like :key", ConfigProperty.class);
++ oaSearchQuery.setParameter("key", keyId);
++ List<ConfigProperty> intermResult = oaSearchQuery.getResultList();
++ if (intermResult != null) {
++ for (ConfigProperty el : intermResult) {
++ if (publicURLPrefix.startsWith(el.getValue()))
++ oaSearchResult.add(el);
++
++ }
++ }
++
++ return postProcessLoadOnlineApplication(em, oaSearchResult);
++
++ }
++
++ /**
++ * Small helper method. NOTE: may return empty configuration properties, but never {@code null}.
++ *
++ * @param propPrefix: the prefix of the desired property.
++ * @param input: List of database objects with key/value information.
++ * @param removePrefix: Indicates if the prefix should be removed from the result key
++ * @return the {@link Map} of configuration properties
++ */
++ private Map<String, String> getKeyValueFromDatabaseDAO(Iterator<ConfigProperty> input, final String prefix, boolean removePrefix) {
++ Map<String, String> configProp = new HashMap<String, String>();
++ while (input.hasNext()) {
++ ConfigProperty el = input.next();
++ if (removePrefix) {
++ if (el.getKey().startsWith(prefix)) {
++ String propertyName = KeyValueUtils.removePrefixFromKey(el.getKey(), prefix);
++ configProp.put(propertyName, el.getValue());
++
++ }
++ } else
++ configProp.put(el.getKey(), el.getValue());
++
++ }
++ return configProp;
++ }
++
++ /**
++ * Online-Application load operation post-processing
++ *
++ * @param em EntityManager for Database access
++ * @param oaSearchResult Search result of first OA selection operation
++ * @return Map of post-processed OA configuration key/value pairs
++ */
++ private Map<String, String> postProcessLoadOnlineApplication(EntityManager em, List<ConfigProperty> oaSearchResult) {
++ if (oaSearchResult == null || oaSearchResult.size() == 0) {
+ Logger.debug("No entries found.");
+ return null; }
+
+@@ -170,31 +247,6 @@ public class MOAIDConfigurationImpl extends DatabaseConfigPropertyImpl implement
+ result.put(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES, oaType);
+
+ return result;
++
+ }
+-
+- /**
+- * Small helper method. NOTE: may return empty configuration properties, but never {@code null}.
+- *
+- * @param propPrefix: the prefix of the desired property.
+- * @param input: List of database objects with key/value information.
+- * @param removePrefix: Indicates if the prefix should be removed from the result key
+- * @return the {@link Map} of configuration properties
+- */
+- private Map<String, String> getKeyValueFromDatabaseDAO(Iterator<ConfigProperty> input, final String prefix, boolean removePrefix) {
+- Map<String, String> configProp = new HashMap<String, String>();
+- while (input.hasNext()) {
+- ConfigProperty el = input.next();
+- if (removePrefix) {
+- if (el.getKey().startsWith(prefix)) {
+- String propertyName = KeyValueUtils.removePrefixFromKey(el.getKey(), prefix);
+- configProp.put(propertyName, el.getValue());
+-
+- }
+- } else
+- configProp.put(el.getKey(), el.getValue());
+-
+- }
+- return configProp;
+- }
+-
+ }
+diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
+index 7621552..49e0634 100644
+--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
++++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
+@@ -163,8 +163,9 @@ public final class MOASessionDBUtils {
+
+ } catch(HibernateException e) {
+ Logger.warn("Error during MOASession database saveOrUpdate. Rollback.", e);
+- tx.rollback();
+- throw new MOADatabaseException(e);
++ if (tx != null)
++ tx.rollback();
++ throw new MOADatabaseException(e);
+ }
+ }
+
+@@ -183,8 +184,9 @@ public final class MOASessionDBUtils {
+
+ } catch(HibernateException e) {
+ Logger.warn("Error during MOASession database delete. Rollback.", e);
+- tx.rollback();
+- return false;
++ if (tx != null)
++ tx.rollback();
++ return false;
+ }
+ }
+
+diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
+index 0f157f1..c049eeb 100644
+--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
++++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
+@@ -41,9 +41,12 @@ public class NewConfigurationDBRead {
+
+ }
+
+- public Map<String, String> getOnlineApplicationKeyValueWithId(String id) {
++ public Map<String, String> getOnlineApplicationKeyValueWithId(String id, boolean backupVersion) {
+ try {
+- return conf.getOnlineApplication(id);
++ if (backupVersion)
++ return conf.getOnlineApplicationBackupVersion(id);
++ else
++ return conf.getOnlineApplication(id);
+
+ } catch (ConfigurationException e) {
+ Logger.warn("OnlineApplication with Id: " + id + " not found.", e);
+diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/DatabaseConfigPropertyImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/DatabaseConfigPropertyImpl.java
+index f59e39a..aad830d 100644
+--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/DatabaseConfigPropertyImpl.java
++++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/DatabaseConfigPropertyImpl.java
+@@ -1,6 +1,10 @@
+ package at.gv.egovernment.moa.id.commons.db.dao.config;
+
++import java.util.ArrayList;
++import java.util.Iterator;
+ import java.util.List;
++import java.util.Map.Entry;
++import java.util.regex.Pattern;
+
+ import javax.persistence.EntityManager;
+ import javax.persistence.PersistenceContext;
+@@ -137,10 +141,33 @@ public class DatabaseConfigPropertyImpl extends AbstractConfigurationImpl {
+ throw new ConfigurationException("No EntityManager set!");
+ }
+
+- TypedQuery<String> query = em.createQuery("select key from ConfigProperty dbconfig where dbconfig.value like :value", String.class);
+- query.setParameter("value", searchString.replace("*", "%"));
+- List<String> result = query.getResultList();
+- return result.toArray(new String[result.size()]);
++ TypedQuery<ConfigProperty> query = em.createQuery("select * from ConfigProperty dbconfig", ConfigProperty.class);
++ List<ConfigProperty> all = query.getResultList();
++
++ searchString = searchString.replace(".", "\\.");
++ String regex = searchString.replace("*", ".*");
++ regex = regex.replace("%", "\\w*");
++ log.debug("Searching with regex: {}", regex);
++ Pattern pattern = Pattern.compile(regex);
++
++ List<String> keyList = new ArrayList<String>();
++ Iterator<ConfigProperty> keyIt;
++ if (all != null) {
++ keyIt = all.iterator();
++ while(keyIt.hasNext()) {
++ ConfigProperty entry = keyIt.next();
++ String value = entry.getValue();
++ String key = entry.getKey();
++
++ if(pattern.matcher(value).matches()) {
++ keyList.add(key);
++ }
++ }
++ }
++
++ String[] result = new String[keyList.size()];
++ return keyList.toArray(result);
++
+ }
+
+ /* (non-Javadoc)
+diff --git a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml
+index 3bd1222..c758e23 100644
+--- a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml
++++ b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml
+@@ -31,7 +31,7 @@
+ <property name="testOnBorrow" value="${dbcp.testOnBorrow}" />
+ <property name="testOnReturn" value="${dbcp.testOnReturn}" />
+ <property name="testWhileIdle" value="${dbcp.testWhileIdle}" />
+- <property name="validationQuery" value="SELECT 1" />
++ <property name="validationQuery" value="${dbcp.validationQuery}" />
+ </bean>
+
+
+--
+1.9.5.msysgit.0
+
diff --git a/0002-change-default-filename-in-configuration-download-di.patch b/0002-change-default-filename-in-configuration-download-di.patch
new file mode 100644
index 000000000..d95f57e38
--- /dev/null
+++ b/0002-change-default-filename-in-configuration-download-di.patch
@@ -0,0 +1,25 @@
+From 2362892f59b8daccb8c0a2155048c5adc7a1a7ea Mon Sep 17 00:00:00 2001
+From: Thomas Lenz <tlenz@iaik.tugraz.at>
+Date: Tue, 15 Sep 2015 12:56:17 +0200
+Subject: [PATCH 2/3] change default filename in configuration download dialog
+
+---
+ id/ConfigWebTool/src/main/resources/struts.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/id/ConfigWebTool/src/main/resources/struts.xml b/id/ConfigWebTool/src/main/resources/struts.xml
+index 701cc99..f978e93 100644
+--- a/id/ConfigWebTool/src/main/resources/struts.xml
++++ b/id/ConfigWebTool/src/main/resources/struts.xml
+@@ -284,7 +284,7 @@
+ <result name="success" type="stream">
+ <param name="contentType">application/octet-stream</param>
+ <param name="inputName">fileInputStream</param>
+- <param name="contentDisposition">attachment;filename="MOAID-2.0_config.xml"</param>
++ <param name="contentDisposition">attachment;filename="MOAID-3.0_config.properties"</param>
+ <param name="bufferSize">1024</param>
+ </result>
+ <result name="reauthentication" type="redirectAction">
+--
+1.9.5.msysgit.0
+
diff --git a/0003-update-handbook-and-release-information.patch b/0003-update-handbook-and-release-information.patch
new file mode 100644
index 000000000..6c8a4ee2a
--- /dev/null
+++ b/0003-update-handbook-and-release-information.patch
@@ -0,0 +1,752 @@
+From 8149f22dc110b82ef2910db0037d037062628dd5 Mon Sep 17 00:00:00 2001
+From: Thomas Lenz <tlenz@iaik.tugraz.at>
+Date: Tue, 15 Sep 2015 13:02:59 +0200
+Subject: [PATCH 3/3] - update handbook and release information - change
+ version to 3.0.2
+
+---
+ id/history.txt | 7 +
+ id/readme_3.0.2.txt | 644 ++++++++++++++++++++++++++++++
+ id/server/doc/handbook/config/config.html | 16 +-
+ pom.xml | 12 +-
+ 4 files changed, 672 insertions(+), 7 deletions(-)
+ create mode 100644 id/readme_3.0.2.txt
+
+diff --git a/id/history.txt b/id/history.txt
+index f1b9adf..6ad08d9 100644
+--- a/id/history.txt
++++ b/id/history.txt
+@@ -1,5 +1,12 @@
+ Dieses Dokument zeigt die Veränderungen und Erweiterungen von MOA-ID auf.
+
++Version MOA-ID Release 3.0.2: Änderungen seit Version MOA-ID 3.0.1
++- Änderungen
++ - Bug-Fix für Zugriff auf Oracle Datenbanken
++ -
++
++
++ ------------------------------------------------------------------------------
+ Version MOA-ID Release 3.0.1: Änderungen seit Version MOA-ID 3.0.0
+ - Änderungen
+ - Bug-Fix für Testkarten mit Testkarten-OID
+diff --git a/id/readme_3.0.2.txt b/id/readme_3.0.2.txt
+new file mode 100644
+index 0000000..cd752a6
+--- /dev/null
++++ b/id/readme_3.0.2.txt
+@@ -0,0 +1,644 @@
++===============================================================================
++MOA ID Version Release 3.0.2 - Wichtige Informationen zur Installation
++===============================================================================
++
++-------------------------------------------------------------------------------
++A. Neuerungen/Änderungen
++-------------------------------------------------------------------------------
++
++Mit MOA ID Version 3.0.2 wurden folgende Neuerungen und Änderungen eingeführt,
++die jetzt erstmals in der Veröffentlichung enthalten sind (siehe auch
++history.txt im gleichen Verzeichnis). Da es sich bei der Version 3.0.2 nur um
++Version mit minimaler Fehlerbereinigung handelt sind zusätzlich auch alle
++Änderungen aus der Version 3.0.0 und 3.0.1 zur Information gelisted:
++
++- Änderungen
++ - Bug-Fix für Zugriff auf Oracle Datenbanken
++
++Anpassungen aus MOA-ID 3.0.0 und 3.0.1
++- Änderungen
++ - Redesign des Datenmodels für die Configuration
++ - Redesign des Authentifizierungsprozessmanagment
++ - Anpassung VIDP Code für STORK
++ - Update von TrustStore und CertSTore
++ - Kleinere Bug-Fixes
++ - Update von Libraries
++ - Bug-Fix für Testkarten mit Testkarten-OID
++
++-------------------------------------------------------------------------------
++B. Durchführung eines Updates
++-------------------------------------------------------------------------------
++
++Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
++eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher
++MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend
++angebebenen Updateschritte.
++
++Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 3.0.x
++reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export
++Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden.
++Diese Datei dient dann als Basis für den Import in MOA-ID 3.0.x.
++
++...............................................................................
++B.0 Durchführung eines Updates von Version 3.0.1 auf Version 3.0.2
++...............................................................................
++1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.0.0.zip) in
++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
++ bezeichnet.
++
++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
++ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
++ als auch das komplette Verzeichnis moa-id-auth.
++
++4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++ CATALINA_HOME_ID/webapps.
++
++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++ CATALINA_HOME_ID/webapps.
++
++6. Hinzufügen der zusätzlichen Konfigurationsparameter in der
++ MOA-ID-Configuration Konfigurationsdatei
++ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
++ a.) dbcp.validationQuery=..... (SQL Query zum Validieren der
++ Datenbankverbindung
++ z.B: "SELECT 1" für mySQL
++ "select 1 from dual" für OracleDB)
++
++7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
++ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
++ a.) configuration.dbcp.validationQuery=..... (SQL Query zum
++ Validieren der Datenbankverbindung
++ z.B: "SELECT 1" für mySQL
++ "select 1 from dual" für OracleDB)
++
++8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++ Logging von MOA ID beim Einlesen der Konfiguration.
++
++
++...............................................................................
++B.1 Durchführung eines Updates von Version 3.0.0 auf Version 3.0.2
++...............................................................................
++1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.0.0.zip) in
++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
++ bezeichnet.
++
++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
++ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
++ als auch das komplette Verzeichnis moa-id-auth.
++
++4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++ CATALINA_HOME_ID/webapps.
++
++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++ CATALINA_HOME_ID/webapps.
++
++6. Update der TrustStores für WebService Zugriffe.
++ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\certs\ca-certs
++ in das Verzeichnis CATALINA_HOME\conf\moa-id\certs\ca-certs.
++ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\certs\certstore\toBeAdded
++ in das Verzeichnis CATALINA_HOME\conf\moa-id\certs\certstore\toBeAdded.
++
++7. Hinzufügen der zusätzlichen Konfigurationsparameter in der
++ MOA-ID-Configuration Konfigurationsdatei
++ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
++ a.) dbcp.validationQuery=..... (SQL Query zum Validieren der
++ Datenbankverbindung
++ z.B: "SELECT 1" für mySQL
++ "select 1 from dual" für OracleDB)
++
++8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
++ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
++ a.) configuration.dbcp.validationQuery=..... (SQL Query zum
++ Validieren der Datenbankverbindung
++ z.B: "SELECT 1" für mySQL
++ "select 1 from dual" für OracleDB)
++
++9. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++ Logging von MOA ID beim Einlesen der Konfiguration.
++
++...............................................................................
++B.2 Durchführung eines Updates von Version 2.2.1 auf Version 3.0.2
++...............................................................................
++
++1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.0.0.zip) in
++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
++ bezeichnet.
++
++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
++ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
++ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth
++ und das komplette Verzeichnis moa-id-configuration.
++
++4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis
++ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
++
++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++ CATALINA_HOME_ID/webapps.
++
++6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++ CATALINA_HOME_ID/webapps.
++
++7. Update des Cert-Stores.
++ Kopieren Sie den Inhalt des Verzeichnisses
++ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
++ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
++ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
++ bejahen sie das.
++
++8. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
++ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
++ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
++
++ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
++
++ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
++ 2) Kopieren Sie das Verzeichnis
++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
++ CATALINA_HOME\conf\moa-spss.
++
++ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
++ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
++
++ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
++ entsprechenden Profilen im Verzeichnis
++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
++ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
++ der einzelnen Profile aus der Distribution
++ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
++ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
++ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
++ überschreiben), also z.B: Kopieren des Inhalts von
++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
++ CATALINA_HOME\conf\moa-spss\trustProfiles\
++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
++
++9. Update der Default html-Templates für die Bürgerkartenauswahl.
++
++ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
++ in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates.
++ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
++ in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates.
++
++10. Update der STORK Konfiguration
++ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
++ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
++ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->
++ 2.4 Konfiguration des SamlEngines an.
++
++11. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
++ CATALINA_HOME\conf\moa-id\moa-id.properties
++
++12. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Configration Konfigurationsdatei
++ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
++
++13. Hinzufügen der zusätzlichen Konfigurationsdatei in der MOA-ID-Configuration
++ CATALINA_HOME\conf\moa-id-configuration\userdatabase.properties
++
++14. Update der Tomcat Start-Skripts:
++ - Die Konfigurationsdateien für MOA-ID-Auth und MOA-ID-Configuration müssen
++ nur als URI (file:/...) übergeben werden.
++
++15. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++ Logging von MOA ID beim Einlesen der Konfiguration.
++
++
++...............................................................................
++B.1 Durchführung eines Updates von Version 2.2.0 auf Version 2.2.1
++...............................................................................
++1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.2.1.zip) in
++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
++ bezeichnet.
++
++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
++ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
++ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth
++ und das komplette Verzeichnis moa-id-configuration.
++
++4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++ CATALINA_HOME_ID/webapps.
++
++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++ CATALINA_HOME_ID/webapps.
++
++6. Update des Cert-Stores.
++ Kopieren Sie den Inhalt des Verzeichnisses
++ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
++ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
++ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
++ bejahen sie das.
++
++7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
++ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
++ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
++
++ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
++
++ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
++ 2) Kopieren Sie das Verzeichnis
++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
++ CATALINA_HOME\conf\moa-spss.
++
++ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
++ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
++
++ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
++ entsprechenden Profilen im Verzeichnis
++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
++ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
++ der einzelnen Profile aus der Distribution
++ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
++ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
++ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
++ überschreiben), also z.B: Kopieren des Inhalts von
++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
++ CATALINA_HOME\conf\moa-spss\trustProfiles\
++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
++
++8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++ Logging von MOA ID beim Einlesen der Konfiguration.
++
++...............................................................................
++B.1 Durchführung eines Updates von Version 2.1.2 auf Version 2.2.0
++...............................................................................
++ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.2.0.zip) in
++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
++ bezeichnet.
++
++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
++ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
++ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth
++ und das komplette Verzeichnis moa-id-configuration.
++
++4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis
++ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
++
++6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++ CATALINA_HOME_ID/webapps.
++
++7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++ CATALINA_HOME_ID/webapps.
++
++8. Kopieren der folgenden Dateien:
++ Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der
++ Datei bevor Sie diese durch die neue Version ersetzen.
++ a.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_VIDP.xml ->
++ CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
++ b.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_outgoing.xml ->
++ CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
++
++9. Dem STORK KeyStores unter MOA_ID_AUTH_INST/conf/moa-id/keys/storkDemoKeys.jks
++ (Passwort=local-demo) wurden neue vertrauenswürdige Zertifikate hinzugefügt.
++ Gleichen Sie bei Bedarf die Zertifikate dieses KeyStores mit Ihrem aktuell
++ verwendeten KeyStore ab.
++
++10. Update des Cert-Stores.
++ Kopieren Sie den Inhalt des Verzeichnisses
++ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
++ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
++ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
++ bejahen sie das.
++
++11. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
++ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
++ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
++
++ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
++
++ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
++ 2) Kopieren Sie das Verzeichnis
++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
++ CATALINA_HOME\conf\moa-spss.
++
++ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
++ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
++
++ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
++ entsprechenden Profilen im Verzeichnis
++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
++ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
++ der einzelnen Profile aus der Distribution
++ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
++ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
++ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
++ überschreiben), also z.B: Kopieren des Inhalts von
++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
++ CATALINA_HOME\conf\moa-spss\trustProfiles\
++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
++
++
++12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++ Logging von MOA ID beim Einlesen der Konfiguration.
++
++...............................................................................
++B.2 Durchführung eines Updates von Version 2.1.1 auf Version 2.1.2
++...............................................................................
++ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.2.zip) in
++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
++ bezeichnet.
++
++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
++ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
++ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth
++ und das komplette Verzeichnis moa-id-configuration.
++
++4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis
++ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
++
++5. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das
++ Verzeichnis CATALINA_HOME_ID\endorsed
++
++6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++ CATALINA_HOME_ID/webapps.
++
++7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++ CATALINA_HOME_ID/webapps.
++
++8. Kopieren der folgenden Dateien
++ a.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_VIDP.xml ->
++ CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
++ Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der
++ Datei slo_template.html bevor Sie diese durch die neue Version ersetzen.
++
++9. Dem STORK KeyStores unter MOA_ID_AUTH_INST/conf/moa-id/keys/storkDemoKeys.jks
++ (Passwort=local-demo) wurden neue vertrauenswürdige Zertifikate hinzugefügt.
++ Gleichen Sie bei Bedarf die Zertifikate dieses KeyStores mit Ihrem aktuell
++ verwendeten KeyStore ab.
++
++10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++ Logging von MOA ID beim Einlesen der Konfiguration.
++
++
++...............................................................................
++B.3 Durchführung eines Updates von Version 2.1.0 auf Version 2.1.1
++...............................................................................
++ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in
++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
++ bezeichnet.
++
++3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
++ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
++
++4. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
++ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr
++ unterstuetzt).
++
++5. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
++ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
++ auch das komplette Verzeichnis moa-id-auth.
++
++6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++ CATALINA_HOME_ID/webapps.
++
++7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++ CATALINA_HOME_ID/webapps.
++
++8. Hinzufügen der zusätzlichen Konfigurationsparameter in der
++ MOA-ID-Configuration Konfigurationsdatei
++ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
++ a.) general.moaconfig.key=..... (Passwort zum Ver- und
++ Entschlüsseln von Konfigurationsparametern in der Datenbank)
++
++9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
++ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
++ a.) configuration.moaconfig.key=..... (Passwort zum Ver- und
++ Entschlüsseln von Konfigurationsparametern in der Datenbank)
++
++10. Kopieren der folgenden Dateien
++ a.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html ->
++ CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html
++ Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der
++ Datei slo_template.html bevor Sie diese durch die neue Version ersetzen.
++
++11. Update des Cert-Stores.
++ Kopieren Sie den Inhalt des Verzeichnisses
++ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
++ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
++ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
++ bejahen sie das.
++
++12. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
++ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
++ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
++
++ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
++
++ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
++ 2) Kopieren Sie das Verzeichnis
++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
++ CATALINA_HOME\conf\moa-spss.
++
++ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
++ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
++
++ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
++ entsprechenden Profilen im Verzeichnis
++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
++ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
++ der einzelnen Profile aus der Distribution
++ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
++ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
++ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
++ überschreiben), also z.B: Kopieren des Inhalts von
++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
++ CATALINA_HOME\conf\moa-spss\trustProfiles\
++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
++
++13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++ Logging von MOA ID beim Einlesen der Konfiguration.
++
++
++...............................................................................
++B.4 Durchführung eines Updates von Version 2.0.1 auf Version 2.1.0
++...............................................................................
++ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in
++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
++ bezeichnet.
++
++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
++ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
++ auch das komplette Verzeichnis moa-id-auth.
++
++4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++ CATALINA_HOME_ID/webapps.
++
++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++ CATALINA_HOME_ID/webapps.
++
++6. Update der STORK Konfiguration
++ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
++ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
++ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->
++ 2.4 Konfiguration des SamlEngines an.
++
++7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Configuration Konfigurationsdatei
++ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
++ a.) general.ssl.certstore=certs/certstore
++ b.) general.ssl.truststore=certs/truststore
++
++8. Kopieren des folgenden zusätzlichen Ordners MOA_ID_AUTH_INST/conf/moa-id-configuration/certs
++ nach CATALINA_HOME\conf\moa-id-configuration\
++
++9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
++ CATALINA_HOME\conf\moa-id\moa-id.properties und Anpassung an das zu verwendeten Schlüsselpaar.
++ a.) protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion
++ protocols.pvp2.idp.ks.assertion.encryption.keypassword=password
++
++10. Kopieren der folgenden zusätzlichen Ordner aus MOA_ID_AUTH_INST/conf/moa-id/
++ nach CATALINA_HOME\conf\moa-id\
++ a.) MOA_ID_AUTH_INST/conf/moa-id/SLTemplates -> CATALINA_HOME\conf\moa-id\
++ b.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html ->
++ CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html
++
++11. Neuinitialisieren des Datenbank Schema für die MOA-Session. Hierfür stehen
++ zwei Varianten zur Verfügung.
++ a.) Ändern Sie in der Konfigurationsdatei für das Modul MOA-ID-Auth
++ CATALINA_HOME\conf\moa-id\moa-id.properties die Zeile
++ moasession.hibernate.hbm2ddl.auto=update
++ zu
++ moasession.hibernate.hbm2ddl.auto=create
++ Danach werden die Tabellen beim nächsten Startvorgang neu generiert.
++
++ b.) Löschen Sie alle Tabellen aus dem Datenbank Schema für die MOA-Sessixson
++ Informationen per Hand. Alle Tabellen werden beim nächsten Start autmatisch neu generiert.
++
++12 . Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++ Logging von MOA ID beim Einlesen der Konfiguration.
++
++
++...............................................................................
++B.5 Durchführung eines Updates von Version 2.0-RC1 auf Version 2.0.1
++...............................................................................
++
++1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.0.1.zip) in
++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
++ bezeichnet.
++ Für MOA ID Proxy:
++ Entpacken Sie die Distribution von MOA-ID-Proxy (moa-id-proxy-2.0.1.zip) in
++ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST
++ bezeichnet.
++
++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
++ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
++ auch das komplette Verzeichnis moa-id-auth.
++
++4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++ CATALINA_HOME_ID/webapps.
++
++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++ CATALINA_HOME_ID/webapps.
++
++6. Update des Cert-Stores.
++ Kopieren Sie den Inhalt des Verzeichnisses
++ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
++ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
++ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
++ bejahen sie das.
++
++7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
++ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
++ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
++
++ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
++
++ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
++ 2) Kopieren Sie das Verzeichnis
++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
++ CATALINA_HOME\conf\moa-spss.
++
++ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
++ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
++
++ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
++ entsprechenden Profilen im Verzeichnis
++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
++ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
++ der einzelnen Profile aus der Distribution
++ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
++ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
++ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
++ überschreiben), also z.B: Kopieren des Inhalts von
++ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
++ CATALINA_HOME\conf\moa-spss\trustProfiles\
++ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
++
++8. Update der Default html-Templates für die Bürgerkartenauswahl.
++
++ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
++ in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates.
++ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
++ in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates.
++
++9. Update der STORK Konfiguration
++ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
++ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
++ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->
++ 2.4 Konfiguration des SamlEngines an.
++
++10. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
++ CATALINA_HOME\conf\moa-id\moa-id.properties
++
++ a.) configuration.validation.certificate.QC.ignore=false
++ b.) protocols.pvp2.assertion.encryption.active=false
++
++11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++ Logging von MOA ID beim Einlesen der Konfiguration.
++
++
++...............................................................................
++B.6 Durchführung eines Updates von Version <= 1.5.1
++...............................................................................
++
++Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
++Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter
++Zuhilfenahme Ihrer bisherigen Konfiguration an.
++
+diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
+index 6f6d13d..4eb5ea2 100644
+--- a/id/server/doc/handbook/config/config.html
++++ b/id/server/doc/handbook/config/config.html
+@@ -259,6 +259,13 @@ UNIX: -Duser.properties=file:C:/Programme/apache/tomcat-8.x.x/conf/moa-id-config
+ <td>moaconfigpassword</td>
+ <td>Passwort f&uuml;r den Zugriff auf das Datenbank Schema</td>
+ </tr>
++ <tr>
++ <td><p>dbcp.validationQuery</p></td>
++ <td>SELECT 1</td>
++ <td><p>SQL Query zum Validieren der Datenbank Verbindung</p>
++ <p><strong>mySQL:</strong> SELECT 1</p>
++ <p><strong>Oracle:</strong> select 1 from dual</p></td>
++ </tr>
+ </table>
+ <p>&nbsp;</p>
+ <p>Die Beispielkonfiguration beinhaltet noch zus&auml;tzliche Konfigurationsparameter f&uuml;r den Datenbankzugriff welche direkt aus der Beispielkonfiguration &uuml;bernommen werden k&ouml;nnen. Eine detaillierte Beschreibung der einzelnen Einstellungsparameter kann der <a href="http://docs.jboss.org/hibernate/core/4.2/manual/en-US/html/">Hibernate Dokumention</a> entnommen werden.</p>
+@@ -612,10 +619,17 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
+ <td>Benutzername f&uuml;r den Zugriff auf das Datenbank Schema</td>
+ </tr>
+ <tr>
+- <td><p>configuration.hibernate.connection.password</p></td>
++ <td>configuration.hibernate.connection.password</td>
+ <td>moaconfigpassword</td>
+ <td>Passwort f&uuml;r den Zugriff auf das Datenbank Schema</td>
+ </tr>
++ <tr>
++ <td><p>configuration.dbcp.validationQuery</p></td>
++ <td>SELECT 1</td>
++ <td><p>SQL Query zum Validieren der Datenbank Verbindung</p>
++ <p><strong>mySQL:</strong> SELECT 1</p>
++ <p><strong>Oracle:</strong> select 1 from dual</p></td>
++ </tr>
+ </table>
+ <p>&nbsp;</p>
+ <h6><a name="basisconfig_moa_id_auth_param_database_session" id="uebersicht_bekanntmachung13"></a>2.2.2.4.2 Session Informationen</h6>
+diff --git a/pom.xml b/pom.xml
+index cdffb90..3e7e4ea 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -22,12 +22,12 @@
+ -->
+
+ <!-- Project Version -->
+- <moa-commons-version>3.0.1-Snapshot</moa-commons-version>
+- <moa-id-version>3.0.2-Snapshot</moa-id-version>
++ <moa-commons-version>3.0.2</moa-commons-version>
++ <moa-id-version>3.0.2</moa-id-version>
+ <moa-id-proxy-version>2.0.1-Snapshot</moa-id-proxy-version>
+- <moa-spss-version>2.0.5-Snapshot</moa-spss-version>
+- <configtool-version>2.0.1-Snapshot</configtool-version>
+- <demo-oa-version>2.0.5-Snapshot</demo-oa-version>
++ <moa-spss-version>2.0.5</moa-spss-version>
++ <configtool-version>2.0.2</configtool-version>
++ <demo-oa-version>2.0.5</demo-oa-version>
+
+ <!-- Library Versions -->
+ <org.springframework.version>4.1.6.RELEASE</org.springframework.version>
+@@ -236,7 +236,7 @@
+ </goals>
+ </execution>
+ </executions>
+- </ plugin>-->
++ </plugin> -->
+
+ </plugins>
+
+--
+1.9.5.msysgit.0
+
diff --git a/common/src/main/resources/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd b/common/src/main/resources/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd
new file mode 100644
index 000000000..4af373cf0
--- /dev/null
+++ b/common/src/main/resources/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- ****** NOTICE ******
+This document is part of ETSI TS 119 612. In the event that any
+part of this document in conflict with the text of TS 119 612
+then that text shall prevail as the authoritative source
+-->
+<xsd:schema targetNamespace="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:tslx="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:tsl="http://uri.etsi.org/02231/v2#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xsd:import namespace="http://uri.etsi.org/02231/v2#" schemaLocation="http://uri.etsi.org/19612/v1.2.1/tsl.xsd"/>
+ <xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="http://uri.etsi.org/01903/v1.3.2/XAdES.xsd"/>
+ <xsd:element name="MimeType" type="xsd:string"/>
+ <xsd:element name="X509CertificateLocation" type="tsl:NonEmptyURIType"/>
+ <xsd:element name="PublicKeyLocation" type="tsl:NonEmptyURIType"/>
+ <xsd:element name="ExtendedKeyUsage" type="tslx:ExtendedKeyUsageType"/>
+ <xsd:complexType name="ExtendedKeyUsageType">
+ <xsd:sequence maxOccurs="unbounded">
+ <xsd:element name="KeyPurposeId" type="xades:ObjectIdentifierType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="TakenOverBy" type="tslx:TakenOverByType"/>
+ <xsd:complexType name="TakenOverByType">
+ <xsd:sequence>
+ <xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType"/>
+ <xsd:element name="TSPName" type="tsl:InternationalNamesType"/>
+ <xsd:element ref="tsl:SchemeOperatorName"/>
+ <xsd:element ref="tsl:SchemeTerritory"/>
+ <xsd:element name="OtherQualifier" type="tsl:AnyType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="CertSubjectDNAttribute" type="tslx:CertSubjectDNAttributeType"/>
+ <xsd:complexType name="CertSubjectDNAttributeType">
+ <xsd:sequence maxOccurs="unbounded">
+ <xsd:element name="AttributeOID" type="xades:ObjectIdentifierType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+</xsd:schema>
diff --git a/common/src/main/resources/resources/schemas/ts_119612v010201_sie_xsd.xsd b/common/src/main/resources/resources/schemas/ts_119612v010201_sie_xsd.xsd
new file mode 100644
index 000000000..42a96b78c
--- /dev/null
+++ b/common/src/main/resources/resources/schemas/ts_119612v010201_sie_xsd.xsd
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- ****** NOTICE ******
+This document is part of ETSI TS 119 612. In the event that any
+part of this document in conflict with the text of TS 119 612
+then that text shall prevail as the authoritative source
+-->
+<xsd:schema targetNamespace="http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#" xmlns:tsl="http://uri.etsi.org/02231/v2#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="http://uri.etsi.org/01903/v1.3.2/XAdES.xsd"/>
+ <xsd:element name="Qualifications" type="tns:QualificationsType"/>
+ <xsd:complexType name="QualificationsType">
+ <xsd:sequence maxOccurs="unbounded">
+ <xsd:element name="QualificationElement" type="tns:QualificationElementType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="QualificationElementType">
+ <xsd:sequence>
+ <xsd:element name="Qualifiers" type="tns:QualifiersType"/>
+ <xsd:element name="CriteriaList" type="tns:CriteriaListType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="CriteriaListType">
+ <xsd:annotation>
+ <xsd:documentation>Please first try to use the CriteriaList before doing the OtherCriteria extension point.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="KeyUsage" type="tns:KeyUsageType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="PolicySet" type="tns:PoliciesListType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="CriteriaList" type="tns:CriteriaListType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="Description" type="xsd:string" minOccurs="0"/>
+ <xsd:element name="otherCriteriaList" type="xades:AnyType" minOccurs="0"/>
+ </xsd:sequence>
+ <xsd:attribute name="assert">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="all"/>
+ <xsd:enumeration value="atLeastOne"/>
+ <xsd:enumeration value="none"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ </xsd:complexType>
+ <xsd:complexType name="QualifiersType">
+ <xsd:sequence maxOccurs="unbounded">
+ <xsd:element name="Qualifier" type="tns:QualifierType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="QualifierType">
+ <xsd:attribute name="uri" type="anyURI"/>
+ </xsd:complexType>
+ <xsd:complexType name="PoliciesListType">
+ <xsd:sequence maxOccurs="unbounded">
+ <xsd:element name="PolicyIdentifier" type="xades:ObjectIdentifierType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="KeyUsageType">
+ <xsd:sequence maxOccurs="9">
+ <xsd:element name="KeyUsageBit" type="tns:KeyUsageBitType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="KeyUsageBitType">
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:boolean">
+ <xsd:attribute name="name">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="digitalSignature"/>
+ <xsd:enumeration value="nonRepudiation"/>
+ <xsd:enumeration value="keyEncipherment"/>
+ <xsd:enumeration value="dataEncipherment"/>
+ <xsd:enumeration value="keyAgreement"/>
+ <xsd:enumeration value="keyCertSign"/>
+ <xsd:enumeration value="crlSign"/>
+ <xsd:enumeration value="encipherOnly"/>
+ <xsd:enumeration value="decipherOnly"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+</xsd:schema>
diff --git a/common/src/main/resources/resources/schemas/ts_119612v010201_xsd.xsd b/common/src/main/resources/resources/schemas/ts_119612v010201_xsd.xsd
new file mode 100644
index 000000000..fb1852ec0
--- /dev/null
+++ b/common/src/main/resources/resources/schemas/ts_119612v010201_xsd.xsd
@@ -0,0 +1,337 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- ****** NOTICE ******
+This document is part of ETSI TS 119 612. In the event that any
+part of this document in conflict with the text of TS 119 612
+then that text shall prevail as the authoritative source
+
+This is a review done in October 2013 as a result of mismatches between the XML Schema and the specification of some data types within TS 119 612,
+-->
+<xsd:schema targetNamespace="http://uri.etsi.org/02231/v2#" xmlns:tsl="http://uri.etsi.org/02231/v2#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <!-- Imports -->
+ <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+ <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+ <!-- Begin auxiliary types -->
+ <!--InternationalNamesType-->
+ <xsd:complexType name="InternationalNamesType">
+ <xsd:sequence>
+ <xsd:element name="Name" type="tsl:MultiLangNormStringType" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="MultiLangNormStringType">
+ <xsd:simpleContent>
+ <xsd:extension base="tsl:NonEmptyNormalizedString">
+ <xsd:attribute ref="xml:lang" use="required"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:complexType name="MultiLangStringType">
+ <xsd:simpleContent>
+ <xsd:extension base="tsl:NonEmptyString">
+ <xsd:attribute ref="xml:lang" use="required"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:simpleType name="NonEmptyString">
+ <xsd:restriction base="xsd:string">
+ <xsd:minLength value="1"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="NonEmptyNormalizedString">
+ <xsd:restriction base="xsd:normalizedString">
+ <xsd:minLength value="1"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <!-- AddressType -->
+ <xsd:complexType name="AddressType">
+ <xsd:sequence>
+ <xsd:element ref="tsl:PostalAddresses"/>
+ <xsd:element ref="tsl:ElectronicAddress"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--PostalAddressList Type-->
+ <xsd:element name="PostalAddresses" type="tsl:PostalAddressListType"/>
+ <xsd:complexType name="PostalAddressListType">
+ <xsd:sequence>
+ <xsd:element ref="tsl:PostalAddress" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--PostalAddress Type-->
+ <xsd:element name="PostalAddress" type="tsl:PostalAddressType"/>
+ <xsd:complexType name="PostalAddressType">
+ <xsd:sequence>
+ <xsd:element name="StreetAddress" type="tsl:NonEmptyString"/>
+ <xsd:element name="Locality" type="tsl:NonEmptyString"/>
+ <xsd:element name="StateOrProvince" type="tsl:NonEmptyString" minOccurs="0"/>
+ <xsd:element name="PostalCode" type="tsl:NonEmptyString" minOccurs="0"/>
+ <xsd:element name="CountryName" type="tsl:NonEmptyString"/>
+ </xsd:sequence>
+ <xsd:attribute ref="xml:lang" use="required"/>
+ </xsd:complexType>
+ <!--ElectronicAddressType-->
+ <!-- 2013-10. XML Schema CHANGE-->
+ <!-- ElectronicAddress changed to include MultilLan URIs for e-mails and web sites URIs as specified in TS 119 612-->
+ <xsd:element name="ElectronicAddress" type="tsl:ElectronicAddressType"/>
+ <xsd:complexType name="ElectronicAddressType">
+ <xsd:sequence>
+ <xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!-- Types for extensions in TSL -->
+ <xsd:complexType name="AnyType" mixed="true">
+ <xsd:sequence minOccurs="0" maxOccurs="unbounded">
+ <xsd:any processContents="lax"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="Extension" type="tsl:ExtensionType"/>
+ <xsd:complexType name="ExtensionType">
+ <xsd:complexContent>
+ <xsd:extension base="tsl:AnyType">
+ <xsd:attribute name="Critical" type="xsd:boolean" use="required"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ExtensionsListType">
+ <xsd:sequence>
+ <xsd:element ref="tsl:Extension" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--NonEmptyURIType-->
+ <xsd:simpleType name="NonEmptyURIType">
+ <xsd:restriction base="xsd:anyURI">
+ <xsd:minLength value="1"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <!--NonEmptyURIType with language indication-->
+ <xsd:complexType name="NonEmptyMultiLangURIType">
+ <xsd:simpleContent>
+ <xsd:extension base="tsl:NonEmptyURIType">
+ <xsd:attribute ref="xml:lang" use="required"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <!--List of NonEmptyURIType with language indication-->
+ <xsd:complexType name="NonEmptyMultiLangURIListType">
+ <xsd:sequence>
+ <xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--List of NonEmptyURIType-->
+ <xsd:complexType name="NonEmptyURIListType">
+ <xsd:sequence>
+ <xsd:element name="URI" type="tsl:NonEmptyURIType" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!-- End auxiliary types -->
+ <!-- ROOT Element -->
+ <xsd:element name="TrustServiceStatusList" type="tsl:TrustStatusListType"/>
+ <!-- Trust Status List Type Definition -->
+ <!-- 2013-10. XML Schema CHANGE-->
+ <!-- Attribute TSLTag declared as xsd:anyURI -->
+ <xsd:complexType name="TrustStatusListType">
+ <xsd:sequence>
+ <xsd:element ref="tsl:SchemeInformation"/>
+ <xsd:element ref="tsl:TrustServiceProviderList" minOccurs="0"/>
+ <xsd:element ref="ds:Signature" minOccurs="0"/>
+ </xsd:sequence>
+ <xsd:attribute name="TSLTag" type="xsd:anyURI" use="required"/>
+ <xsd:attribute name="Id" type="xsd:ID" use="optional"/>
+ </xsd:complexType>
+ <!-- 2013-10. XML Schema CHANGE-->
+ <!-- Supressed the type TSLTagType that served to restrict the value of TSLTag by XML Schema-->
+ <!-- In this way, the XML Schema is independent of the TSLTag value and this may change from version to version-->
+ <!-- TrustServiceProviderListType-->
+ <xsd:element name="TrustServiceProviderList" type="tsl:TrustServiceProviderListType"/>
+ <xsd:complexType name="TrustServiceProviderListType">
+ <xsd:sequence>
+ <xsd:element ref="tsl:TrustServiceProvider" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!-- TSL Scheme Information -->
+ <xsd:element name="SchemeInformation" type="tsl:TSLSchemeInformationType"/>
+ <xsd:complexType name="TSLSchemeInformationType">
+ <xsd:sequence>
+ <xsd:element name="TSLVersionIdentifier" type="xsd:integer"/>
+ <xsd:element name="TSLSequenceNumber" type="xsd:positiveInteger"/>
+ <xsd:element ref="tsl:TSLType"/>
+ <xsd:element ref="tsl:SchemeOperatorName"/>
+ <xsd:element name="SchemeOperatorAddress" type="tsl:AddressType"/>
+ <xsd:element ref="tsl:SchemeName"/>
+ <xsd:element ref="tsl:SchemeInformationURI"/>
+ <xsd:element name="StatusDeterminationApproach" type="tsl:NonEmptyURIType"/>
+ <xsd:element ref="tsl:SchemeTypeCommunityRules" minOccurs="0"/>
+ <xsd:element ref="tsl:SchemeTerritory" minOccurs="0"/>
+ <xsd:element ref="tsl:PolicyOrLegalNotice" minOccurs="0"/>
+ <xsd:element name="HistoricalInformationPeriod" type="xsd:nonNegativeInteger"/>
+ <xsd:element ref="tsl:PointersToOtherTSL" minOccurs="0"/>
+ <xsd:element name="ListIssueDateTime" type="xsd:dateTime"/>
+ <xsd:element ref="tsl:NextUpdate"/>
+ <xsd:element ref="tsl:DistributionPoints" minOccurs="0"/>
+ <xsd:element name="SchemeExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="TSLType" type="tsl:NonEmptyURIType"/>
+ <xsd:element name="SchemeOperatorName" type="tsl:InternationalNamesType"/>
+ <xsd:element name="SchemeName" type="tsl:InternationalNamesType"/>
+ <xsd:element name="SchemeInformationURI" type="tsl:NonEmptyMultiLangURIListType"/>
+ <!-- 2013-10. XML Schema CHANGE-->
+ <!-- SchemeTypeCommunityRules changed to include MultilLang URIs for e-mails and web sites URIs as specified in TS 119 612-->
+ <xsd:element name="SchemeTypeCommunityRules" type="tsl:NonEmptyMultiLangURIListType"/>
+ <!-- SchemeTerritory -->
+ <!-- 2014-04. XML Schema CHANGE-->
+ <!-- element SchemeTerritory is now of type xsd:string. Suppressed the restriction of having only 2 characters,
+ as this element may contain other values than the country codes-->
+ <xsd:element name="SchemeTerritory" type="xsd:string"/>
+ <!-- Policy or Legal Notice -->
+ <xsd:element name="PolicyOrLegalNotice" type="tsl:PolicyOrLegalnoticeType"/>
+ <xsd:complexType name="PolicyOrLegalnoticeType">
+ <xsd:choice>
+ <xsd:element name="TSLPolicy" type="tsl:NonEmptyMultiLangURIType" maxOccurs="unbounded"/>
+ <xsd:element name="TSLLegalNotice" type="tsl:MultiLangStringType" maxOccurs="unbounded"/>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:element name="NextUpdate" type="tsl:NextUpdateType"/>
+ <xsd:complexType name="NextUpdateType">
+ <xsd:sequence>
+ <xsd:element name="dateTime" type="xsd:dateTime" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--OtherTSLPointersType-->
+ <xsd:element name="PointersToOtherTSL" type="tsl:OtherTSLPointersType"/>
+ <xsd:complexType name="OtherTSLPointersType">
+ <xsd:sequence>
+ <xsd:element ref="tsl:OtherTSLPointer" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="OtherTSLPointer" type="tsl:OtherTSLPointerType"/>
+ <xsd:complexType name="OtherTSLPointerType">
+ <xsd:sequence>
+ <xsd:element ref="tsl:ServiceDigitalIdentities" minOccurs="0"/>
+ <xsd:element name="TSLLocation" type="tsl:NonEmptyURIType"/>
+ <xsd:element ref="tsl:AdditionalInformation" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="ServiceDigitalIdentities" type="tsl:ServiceDigitalIdentityListType"/>
+ <xsd:complexType name="ServiceDigitalIdentityListType">
+ <xsd:sequence>
+ <xsd:element ref="tsl:ServiceDigitalIdentity" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="AdditionalInformation" type="tsl:AdditionalInformationType"/>
+ <xsd:complexType name="AdditionalInformationType">
+ <xsd:choice maxOccurs="unbounded">
+ <xsd:element name="TextualInformation" type="tsl:MultiLangStringType"/>
+ <xsd:element name="OtherInformation" type="tsl:AnyType"/>
+ </xsd:choice>
+ </xsd:complexType>
+ <!--DistributionPoints element-->
+ <!-- 2013-10. XML Schema CHANGE-->
+ <!-- DistributionPointschanged from ElectronicAddress to nonEmptyURIListType as ElectronicAddress does
+ now contain a list of multilang URIs, which is not required for distribution points-->
+ <xsd:element name="DistributionPoints" type="tsl:NonEmptyURIListType"/>
+ <!-- TSPType -->
+ <xsd:element name="TrustServiceProvider" type="tsl:TSPType"/>
+ <xsd:complexType name="TSPType">
+ <xsd:sequence>
+ <xsd:element ref="tsl:TSPInformation"/>
+ <xsd:element ref="tsl:TSPServices"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!-- TSPInformationType -->
+ <xsd:element name="TSPInformation" type="tsl:TSPInformationType"/>
+ <xsd:complexType name="TSPInformationType">
+ <xsd:sequence>
+ <xsd:element name="TSPName" type="tsl:InternationalNamesType"/>
+ <xsd:element name="TSPTradeName" type="tsl:InternationalNamesType" minOccurs="0"/>
+ <xsd:element name="TSPAddress" type="tsl:AddressType"/>
+ <xsd:element name="TSPInformationURI" type="tsl:NonEmptyMultiLangURIListType"/>
+ <xsd:element name="TSPInformationExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!-- TSP Services-->
+ <xsd:element name="TSPServices" type="tsl:TSPServicesListType"/>
+ <xsd:complexType name="TSPServicesListType">
+ <xsd:sequence>
+ <xsd:element ref="tsl:TSPService" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="TSPService" type="tsl:TSPServiceType"/>
+ <xsd:complexType name="TSPServiceType">
+ <xsd:sequence>
+ <xsd:element ref="tsl:ServiceInformation"/>
+ <xsd:element ref="tsl:ServiceHistory" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!-- TSPServiceInformationType -->
+ <xsd:element name="ServiceInformation" type="tsl:TSPServiceInformationType"/>
+ <xsd:complexType name="TSPServiceInformationType">
+ <xsd:sequence>
+ <xsd:element ref="tsl:ServiceTypeIdentifier"/>
+ <xsd:element name="ServiceName" type="tsl:InternationalNamesType"/>
+ <xsd:element ref="tsl:ServiceDigitalIdentity"/>
+ <xsd:element ref="tsl:ServiceStatus"/>
+ <xsd:element name="StatusStartingTime" type="xsd:dateTime"/>
+ <xsd:element name="SchemeServiceDefinitionURI" type="tsl:NonEmptyMultiLangURIListType" minOccurs="0"/>
+ <xsd:element ref="tsl:ServiceSupplyPoints" minOccurs="0"/>
+ <xsd:element name="TSPServiceDefinitionURI" type="tsl:NonEmptyMultiLangURIListType" minOccurs="0"/>
+ <xsd:element name="ServiceInformationExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!-- Service status -->
+ <xsd:element name="ServiceStatus" type="tsl:NonEmptyURIType"/>
+ <!-- Type for Service Supply Points -->
+ <xsd:element name="ServiceSupplyPoints" type="tsl:ServiceSupplyPointsType"/>
+ <xsd:complexType name="ServiceSupplyPointsType">
+ <xsd:sequence maxOccurs="unbounded">
+ <xsd:element name="ServiceSupplyPoint" type="tsl:NonEmptyURIType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!-- TSPServiceIdentifier -->
+ <xsd:element name="ServiceTypeIdentifier" type="tsl:NonEmptyURIType"/>
+ <!-- DigitalIdentityType -->
+ <xsd:element name="ServiceDigitalIdentity" type="tsl:DigitalIdentityListType"/>
+ <xsd:complexType name="DigitalIdentityListType">
+ <xsd:sequence>
+ <xsd:element name="DigitalId" type="tsl:DigitalIdentityType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="DigitalIdentityType">
+ <xsd:choice>
+ <xsd:element name="X509Certificate" type="xsd:base64Binary"/>
+ <xsd:element name="X509SubjectName" type="xsd:string"/>
+ <xsd:element ref="ds:KeyValue"/>
+ <xsd:element name="X509SKI" type="xsd:base64Binary"/>
+ <xsd:element name="Other" type="tsl:AnyType" minOccurs="0"/>
+ </xsd:choice>
+ </xsd:complexType>
+ <!-- ServiceHistory element-->
+ <xsd:element name="ServiceHistory" type="tsl:ServiceHistoryType"/>
+ <xsd:complexType name="ServiceHistoryType">
+ <xsd:sequence>
+ <xsd:element ref="tsl:ServiceHistoryInstance" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="ServiceHistoryInstance" type="tsl:ServiceHistoryInstanceType"/>
+ <xsd:complexType name="ServiceHistoryInstanceType">
+ <xsd:sequence>
+ <xsd:element ref="tsl:ServiceTypeIdentifier"/>
+ <xsd:element name="ServiceName" type="tsl:InternationalNamesType"/>
+ <xsd:element ref="tsl:ServiceDigitalIdentity"/>
+ <xsd:element ref="tsl:ServiceStatus"/>
+ <xsd:element name="StatusStartingTime" type="xsd:dateTime"/>
+ <xsd:element name="ServiceInformationExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!-- Elements and types for Extensions -->
+ <!-- Extensions children of tsl:VaExtension-->
+ <!-- Element ExpiredCertsRevocationInfo -->
+ <xsd:element name="ExpiredCertsRevocationInfo" type="xsd:dateTime"/>
+ <!-- Element additionalServiceInformation -->
+ <xsd:element name="AdditionalServiceInformation" type="tsl:AdditionalServiceInformationType"/>
+ <xsd:complexType name="AdditionalServiceInformationType">
+ <xsd:sequence>
+ <xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType"/>
+ <xsd:element name="InformationValue" type="xsd:string" minOccurs="0"/>
+ <xsd:element name="OtherInformation" type="tsl:AnyType" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+</xsd:schema>
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index aefc0801a..09568ce68 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -52,7 +52,7 @@ stork.documentservice.url=
moa.id.protocols.eIDAS.samlengine.config.file=eIDAS/SamlEngine_basics.xml
moa.id.protocols.eIDAS.samlengine.sign.config.file=eIDAS/SignModule.xml
moa.id.protocols.eIDAS.samlengine.enc.config.file=eIDAS/EncryptModule.xml
-
+moa.id.protocols.eIDAS.metadata.validation.truststore=eIDAS_metadata
##Protocol configuration##
#PVP2
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
index 9d130971d..ce5a21d57 100644
--- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -47,6 +47,10 @@
<cfg:Id>C-PEPS</cfg:Id>
<cfg:TrustAnchorsLocation>trustProfiles/C-PEPS</cfg:TrustAnchorsLocation>
</cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>eIDAS_metadata</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/eIDAS_metadata</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
</cfg:PathValidation>
<cfg:RevocationChecking>
<cfg:EnableChecking>true</cfg:EnableChecking>
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/eIDAS_metadata/eIDAS_test_node.crt b/id/server/data/deploy/conf/moa-spss/trustProfiles/eIDAS_metadata/eIDAS_test_node.crt
new file mode 100644
index 000000000..14e5e5cb5
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/eIDAS_metadata/eIDAS_test_node.crt
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIFMTCCAxkCBFYbwMgwDQYJKoZIhvcNAQENBQAwXTELMAkGA1UEBhMCQkUxCzAJBgNVBAgMAkVV
+MREwDwYDVQQHDAhCcnVzc2VsczELMAkGA1UECgwCRUMxDjAMBgNVBAsMBURJR0lUMREwDwYDVQQD
+DAhtZXRhZGF0YTAeFw0xNTEwMTIxNDE2NDBaFw0xNjEwMTExNDE2NDBaMF0xCzAJBgNVBAYTAkJF
+MQswCQYDVQQIDAJFVTERMA8GA1UEBwwIQnJ1c3NlbHMxCzAJBgNVBAoMAkVDMQ4wDAYDVQQLDAVE
+SUdJVDERMA8GA1UEAwwIbWV0YWRhdGEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCN
+5mYsOKzSJ9ksT9dHtFOztF1M8GIMeBLm6chIvtKHwXVLzO53RKhcOwt0j847VL6m5PcAAp57SutC
+DeukA8p6UCUA905p+m7+dt7iEsUV3yje4M8dDFS/LwEF9GhFm3v471ZRYPDW769v14QkmnA9vxWB
+WAj4WcMRMats9choHJdnRa1xUnVjx8yMojoVaPwt1tkG/rRnPev2o0g+VI63XkYd1pLKAU5Pt+n7
+LevLPJsvgkKLQhEB7bvMG1tZ1P4fJ0n3FOHmfLHJ/yEWA+hHXorX5T3G8Fq6GsI5O/c1zkZ7QMSw
+WwzXDbq5qrfyzesdlTPfdsPnFIRddCgx8NuVwI+brlYDSdLGEm+byfM9W4WmfDN6SK1oGMSibuz7
+K49Xh0MFVKNyxT9hCz309UiV71RGnveZxdMGu4vdzP74Ll3G48IIgQ4ymFPMONYBesuorxDunSqs
+R2F1+Th7k7UXL1xblFRaEyqdHlvhVrJqDP6sM9k3lM75aN4L4QMOyKRAqar+Q7f7NoUcx8cvHfqD
+GLJUPcqn2msMa3mAXO5ihA2ERN41wmnmeJzsd/UiFkaqIvXUTZVwxUfQWn3D9uCg2lRAvOTHydkP
+Cfwj4BtL0P9L3eSZ9NM8IGlTmlyApp2bPlzO92BsE8RE7feOmSLZESDKosqkQzZo2CMr/7V9XQID
+AQABMA0GCSqGSIb3DQEBDQUAA4ICAQALfSi+sa90MbJkAeTIA/la1ibtRkPX6jIjHBvkeq8IYEZi
+XxjJvI4CuQY6WSPMoDY0w9iJvKIygCxRlVi77CtFzu/otOLrXb8ozInopykRMIH4TyVmKYf//CoE
+fkQ3vThaf1JLpKpLuhtqHwV03f7jwODaJBqvqdaBX3VHHMPDOeAWQTAd2abMoHgYRlUgB9TKcbJ1
+akWUyX7hnwZSCiKWbL4nrwsFJc0skFVkfjEQxlZUeRXj/bKgnb0BYUsPsFfxXKJIsIc8CmXGvxKz
+B5TSpYIR79WliT9Fo8T1dJ9a/wr+bOXeM/aSUxLechCl+uDuP8yI2iRz9LT++/16HOrRSUuefHpo
+7wJLJnALMABW21eMwS2XBInUBrBN9CVGAJUDF6GQWMbfxA8x0uh4oKoa/4stP5maaf/FBe52pNNv
+Tacb7P3xJc0mS7jatuAHH0UfXy3+3D3z+SJY4Vy2a1cj5U1nUuxxwIRwsoRtWph0BER4RlOz4lXS
+N8ZK9ahgmCsndm+eDvIJm706s7bd8m/X8Xc/lMK+eKhrK6uIIMmkwbdzbgsOS7Plj9IMGm0S4Kdb
+rnAKhkhAXUi4zbd55aTx1kDodpid/dYPiqxSauyYmCXKbyFCAfY76Zw9SuFBRJClx4h5Mxb/EEpq
+1WHM9IyZshufnuZ587WzqtGmJJubTA==
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
new file mode 100644
index 000000000..e321c9d05
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
@@ -0,0 +1,172 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.builder;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SignatureVerificationUtils {
+ /** shortcut for XMLNS namespace URI */
+ private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
+ /** shortcut for MOA namespace URI */
+ private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+ /** The DSIG-Prefix */
+ private static final String DSIG = Constants.DSIG_PREFIX + ":";
+
+ /** The document containing the <code>VerifyXMLsignatureRequest</code> */
+ private Document requestDoc_;
+ /** the <code>VerifyXMLsignatureRequest</code> root element */
+ private Element requestElem_;
+
+
+ public SignatureVerificationUtils() throws BuildException {
+ try {
+ DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ requestDoc_ = docBuilder.newDocument();
+ requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
+ requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
+ requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+ requestDoc_.appendChild(requestElem_);
+
+ } catch (Throwable t) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] {"VerifyXMLSignatureRequest", t.toString()},
+ t);
+ }
+ }
+
+ public VerifyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException {
+ try {
+ //build signature-verification request
+ Element domVerifyXMLSignatureRequest = build(signature, trustProfileID);
+
+ //send signature-verification to MOA-SP
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+ .verifyXMLSignature(domVerifyXMLSignatureRequest);
+
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+ domVerifyXMLSignatureResponse).parseData();
+
+ return verifyXMLSignatureResponse;
+
+ } catch (ParseException e) {
+ Logger.error("Build signature-verification request FAILED." ,e);
+ throw e;
+
+ } catch (ServiceException e) {
+ Logger.error("MOA-SP signature verification FAILED." ,e);
+ throw e;
+
+ }
+
+ }
+
+ /**
+ * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+ * from an IdentityLink with a known trustProfileID which
+ * has to exist in MOA-SP
+ * @param signature - The XML signature as byte[]
+ * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+ *
+ * @return Element - The complete request as Dom-Element
+ *
+ * @throws ParseException
+ */
+ private Element build(byte[] signature, String trustProfileID)
+ throws ParseException
+ {
+ try {
+ // build the request
+ Element verifiySignatureInfoElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+ requestElem_.appendChild(verifiySignatureInfoElem);
+ Element verifySignatureEnvironmentElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+ verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+ Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
+ verifySignatureEnvironmentElem.appendChild(base64ContentElem);
+
+ // insert the base64 encoded signature
+ String base64EncodedAssertion = Base64Utils.encode(signature);
+ //replace all '\r' characters by no char.
+ StringBuffer replaced = new StringBuffer();
+ for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
+ char c = base64EncodedAssertion.charAt(i);
+ if (c != '\r') {
+ replaced.append(c);
+ }
+ }
+ base64EncodedAssertion = replaced.toString();
+ Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
+ base64ContentElem.appendChild(base64Content);
+
+ // specify the signature location
+ Element verifySignatureLocationElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+ verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+ Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+ verifySignatureLocationElem.appendChild(signatureLocation);
+
+ // signature manifest params
+ Element signatureManifestCheckParamsElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+ requestElem_.appendChild(signatureManifestCheckParamsElem);
+ signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+
+ Element returnHashInputDataElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+ requestElem_.appendChild(returnHashInputDataElem);
+
+ //add trustProfileID
+ Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+ trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+ requestElem_.appendChild(trustProfileIDElem);
+ } catch (Throwable t) {
+ throw new ParseException("builder.00",
+ new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
+ }
+
+ return requestElem_;
+ }
+}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
index 72a7d3ba1..72a7d3ba1 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index 7bce406e0..7bce406e0 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
index ad3268b90..1d8ea4cd4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
@@ -89,6 +89,11 @@ public interface AuthConfiguration extends ConfigurationProvider{
public boolean isAdvancedLoggingActive();
+ /**
+ * Returns the PublicURLPrefix. NOTE: returns {@code null} if no PublicURLPrefix is set.
+ *
+ * @return the PublicURLPrefix without trailing slash or {@code null}
+ */
public String getPublicURLPrefix();
public boolean isPVP2AssertionEncryptionActive();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
index ece1a805d..acbb67b34 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
@@ -27,6 +27,7 @@ import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
import org.opensaml.ws.message.MessageContext;
import org.opensaml.ws.message.encoder.MessageEncodingException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -45,6 +46,9 @@ public class MOAStringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder
"Invalid message context type, this encoder only support SAMLMessageContext");
}
+ //load default PVP security configurations
+ MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+
SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
String endpointURL = getEndpointURL(samlMsgCtx).buildURL();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 5402e3dce..65400444d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
@@ -51,6 +52,7 @@ import org.opensaml.xml.security.x509.X509Credential;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
@@ -74,6 +76,9 @@ public class PostBinding implements IDecoder, IEncoder {
X509Credential credentials = CredentialProvider
.getIDPAssertionSigningCredential();
+ //load default PVP security configurations
+ MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+
VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
"resources/templates/pvp_postbinding_template.html");
@@ -109,6 +114,9 @@ public class PostBinding implements IDecoder, IEncoder {
X509Credential credentials = CredentialProvider
.getIDPAssertionSigningCredential();
+ //load default PVP security configurations
+ MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+
Logger.debug("create SAML POSTBinding response");
VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 81863f48f..9a505a7b0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletResponse;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
@@ -51,6 +52,7 @@ import org.opensaml.xml.security.x509.X509Credential;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
@@ -73,6 +75,9 @@ public class RedirectBinding implements IDecoder, IEncoder {
X509Credential credentials = CredentialProvider
.getIDPAssertionSigningCredential();
+ //load default PVP security configurations
+ MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+
Logger.debug("create SAML RedirectBinding response");
HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
@@ -103,6 +108,9 @@ public class RedirectBinding implements IDecoder, IEncoder {
X509Credential credentials = CredentialProvider
.getIDPAssertionSigningCredential();
+ //load default PVP security configurations
+ MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+
Logger.debug("create SAML RedirectBinding response");
HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index a2583c706..fee508d33 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletResponse;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
import org.opensaml.saml2.core.RequestAbstractType;
@@ -48,6 +49,7 @@ import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.SignableXMLObject;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
@@ -130,6 +132,9 @@ public class SoapBinding implements IDecoder, IEncoder {
Credential credentials = CredentialProvider
.getIDPAssertionSigningCredential();
+ //load default PVP security configurations
+ MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+
HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
resp, true);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
index 80789cd12..b731e2a95 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
@@ -50,7 +50,10 @@ public class MOADefaultBootstrap extends DefaultBootstrap {
}
-
+ public static void initializeDefaultPVPConfiguration() {
+ initializeGlobalSecurityConfiguration();
+
+ }
/**
* Initializes the default global security configuration.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index f33cadc41..f4c099878 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -60,7 +60,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -422,8 +422,8 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
internalProvider = chainProvider;
}
- private MetadataFilterChain buildMetadataFilterChain(OAAuthParameter oaParam, String metadataURL, byte[] certificate) throws CertificateException {
- MetadataFilterChain filterChain = new MetadataFilterChain(metadataURL, certificate);
+ private PVPMetadataFilterChain buildMetadataFilterChain(OAAuthParameter oaParam, String metadataURL, byte[] certificate) throws CertificateException {
+ PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
filterChain.getFilters().add(new SchemaValidationFilter());
if (oaParam.isInderfederationIDP()) {
@@ -435,7 +435,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
return filterChain;
}
- private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, MetadataFilterChain filter) {
+ private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, PVPMetadataFilterChain filter) {
HTTPMetadataProvider httpProvider = null;
Timer timer= null;
MOAHttpClient httpClient = null;
@@ -470,7 +470,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
//httpProvider.setRefreshDelayFactor(0.1F);
if (filter == null) {
- filter = new MetadataFilterChain(metadataURL, certificate);
+ filter = new PVPMetadataFilterChain(metadataURL, certificate);
}
httpProvider.setMetadataFilter(filter);
httpProvider.initialize();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
new file mode 100644
index 000000000..4c1da747b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
+
+import java.security.cert.CertificateException;
+
+import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
+
+/**
+ * @author tlenz
+ *
+ */
+public class PVPMetadataFilterChain extends MetadataFilterChain {
+
+
+ /**
+ * @throws CertificateException
+ *
+ */
+ public PVPMetadataFilterChain(String url, byte[] certificate) throws CertificateException {
+ addDefaultFilters(url, certificate);
+ }
+
+ public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
+ addFilter(new MetadataSignatureFilter(url, certificate));
+
+ }
+
+
+
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
index 4e1d939ff..e7412a0fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
@@ -20,9 +20,8 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
+package at.gv.egovernment.moa.id.saml2;
-import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
@@ -39,25 +38,23 @@ import at.gv.egovernment.moa.logging.Logger;
public class MetadataFilterChain implements MetadataFilter {
private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
-
+
/**
- * @throws CertificateException
+ * Return all actually used Metadata filters
*
+ * @return List of Metadata filters
*/
- public MetadataFilterChain(String url, byte[] certificate) throws CertificateException {
- addDefaultFilters(url, certificate);
- }
-
- public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
- filters.add(new MetadataSignatureFilter(url, certificate));
-
+ public List<MetadataFilter> getFilters() {
+ return filters;
}
/**
- * @return the filter
+ * Add a new Metadata filter to filterchain
+ *
+ * @param filter
*/
- public List<MetadataFilter> getFilters() {
- return filters;
+ public void addFilter(MetadataFilter filter) {
+ filters.add(filter);
}
@@ -67,16 +64,10 @@ public class MetadataFilterChain implements MetadataFilter {
@Override
public void doFilter(XMLObject arg0) throws FilterException {
for (MetadataFilter filter : filters) {
- Logger.trace("Use MOAMetadatafilter " + filter.getClass().getName());
+ Logger.trace("Use MOAMetadataFilter " + filter.getClass().getName());
filter.doFilter(arg0);
}
}
-
-
-
-
-
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
index d0da0003f..099a70470 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
@@ -102,7 +102,7 @@ public class PVPtoSTORKMapper {
public String mapeIDASQAAToSTORKQAA(String qaaLevel) {
if (mapping != null) {
String input = qaaLevel.substring(eIDAS_QAA_PREFIX.length());
- String mappedQAA = mapping.getProperty(MAPPING_EIDAS_PREFIX + input);
+ String mappedQAA = mapping.getProperty(input);
if (MiscUtil.isNotEmpty(mappedQAA)) {
Logger.info("Map eIDAS-QAA " + qaaLevel + " to STORK-QAA " + mappedQAA);
return mappedQAA;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 9f347b4ee..1d4556459 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -28,8 +28,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas;
*/
public class Constants {
- //public static final String eIDAS_SAML_ENGINE_NAME = "MOA_eIDASEninge";
public static final String eIDAS_SAML_ENGINE_NAME = "default";
+ public static final String SSLSOCKETFACTORYNAME = "eIDASMetadataSSLSocketFactory";
//default keys for eIDAS SAML-engine configuration
public static final String eIDAS_SAML_ENGINE_NAME_ID_BASICCONFIG = "SamlEngineConf";
@@ -45,20 +45,30 @@ public class Constants {
public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS";
public static final String CONIG_PROPS_EIDAS_SAMLENGINE="samlengine";
public static final String CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX=CONIG_PROPS_EIDAS_PREFIX + "." + CONIG_PROPS_EIDAS_SAMLENGINE;
- public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file";
-
+ public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file";
public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN="sign";
public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT="enc";
public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "."
+ CONIG_PROPS_EIDAS_SAMLENGINE_SIGN + ".config.file";
public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "."
- + CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
+ + CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
+ public static final String CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE = CONIG_PROPS_EIDAS_PREFIX + ".metadata.validation.truststore";
- public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000; //2 minutes skew time for response validation
+ //timeouts and clock skews
+ public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000; //2 minutes skew time for response validation
+ public static final int CONFIG_PROPS_METADATA_SOCKED_TIMEOUT = 20 * 1000; //20 seconds metadata socked timeout
+ //eIDAS attribute names
public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
public static final String eIDAS_ATTR_CURRENTGIVENNAME = "CurrentGivenName";
public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "CurrentFamilyName";
+
+ //http endpoint descriptions
+ public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post";
+ public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/sp/redirect";
+ public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";
+ public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect";
+ public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/metadata";
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
index 556947572..49f0451cb 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -22,30 +22,19 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas;
-import java.io.ByteArrayInputStream;
-
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServletRequest;
-import javax.xml.xpath.XPath;
-import javax.xml.xpath.XPathConstants;
-import javax.xml.xpath.XPathExpression;
-import javax.xml.xpath.XPathFactory;
import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.util.xml.SimpleNamespaceContext;
-import org.w3c.dom.Document;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
/**
* @author tlenz
*
*/
-@WebServlet(urlPatterns = { "/eidas/post", "/eidas/redirect"}, loadOnStartup = 1)
+@WebServlet(urlPatterns = { "/eidas/sp/post", "/eidas/sp/redirect"}, loadOnStartup = 1)
public class eIDASSignalServlet extends ProcessEngineSignalServlet {
private static final long serialVersionUID = 8215688005533754459L;
@@ -53,7 +42,7 @@ public class eIDASSignalServlet extends ProcessEngineSignalServlet {
public eIDASSignalServlet() {
super();
Logger.debug("Registering servlet " + getClass().getName() +
- " with mappings '/eidas/post' and '/eidas/redirect'.");
+ " with mappings '/eidas/sp/post' and '/eidas/sp/redirect'.");
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
new file mode 100644
index 000000000..f1b14015b
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -0,0 +1,290 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Timer;
+
+import javax.net.ssl.SSLHandshakeException;
+import javax.xml.namespace.QName;
+
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
+import org.opensaml.xml.XMLObject;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.engine.AbstractSAMLEngine;
+
+public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvider {
+
+ private static MOAeIDASChainingMetadataProvider instance = null;
+ private static Object mutex = new Object();
+
+ private MetadataProvider internalProvider;
+
+
+ public static MOAeIDASChainingMetadataProvider getInstance() {
+ if (instance == null) {
+ synchronized (mutex) {
+ if (instance == null) {
+ instance = new MOAeIDASChainingMetadataProvider();
+ }
+ }
+ }
+ return instance;
+ }
+
+
+ private MOAeIDASChainingMetadataProvider() {
+ internalProvider = new ChainingMetadataProvider();
+
+ }
+
+ private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL) {
+ HTTPMetadataProvider httpProvider = null;
+ Timer timer= null;
+ MOAHttpClient httpClient = null;
+ try {
+ AuthConfiguration authConfig = AuthConfigurationProviderFactory.getInstance();
+
+ httpClient = new MOAHttpClient();
+
+ HttpClientParams httpClientParams = new HttpClientParams();
+ httpClientParams.setSoTimeout(Constants.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+ httpClient.setParams(httpClientParams);
+
+ if (metadataURL.startsWith("https:")) {
+ try {
+ MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+ Constants.SSLSOCKETFACTORYNAME,
+ authConfig.getCertstoreDirectory(),
+ authConfig.getTrustedCACertificates(),
+ null,
+ AuthConfiguration.DEFAULT_X509_CHAININGMODE,
+ authConfig.isTrustmanagerrevoationchecking());
+
+ httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+ } catch (MOAHttpProtocolSocketFactoryException e) {
+ Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+
+ }
+ }
+
+ timer = new Timer();
+ httpProvider = new HTTPMetadataProvider(timer, httpClient,
+ metadataURL);
+ httpProvider.setParserPool(AbstractSAMLEngine.getNewBasicSecuredParserPool());
+ httpProvider.setRequireValidMetadata(true);
+ httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+ httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+ //httpProvider.setRefreshDelayFactor(0.1F);
+
+ //add Metadata filters
+ MetadataFilterChain filter = new MetadataFilterChain();
+ filter.addFilter(new MOAeIDASMetadataSignatureFilter(
+ authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
+ httpProvider.setMetadataFilter(filter);
+
+ httpProvider.initialize();
+
+ return httpProvider;
+
+ } catch (Throwable e) {
+ if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+ Logger.warn("SSL-Server certificate for metadata "
+ + metadataURL + " not trusted.", e);
+
+ } if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {
+ Logger.warn("Signature verification for metadata"
+ + metadataURL + " FAILED.", e);
+
+ } if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+ Logger.warn("Schema validation for metadata "
+ + metadataURL + " FAILED.", e);
+ }
+
+ Logger.error(
+ "Failed to add Metadata file for "
+ + metadataURL + "[ "
+ + e.getMessage() + " ]", e);
+
+ if (httpProvider != null) {
+ Logger.debug("Destroy failed Metadata provider");
+ httpProvider.destroy();
+ }
+
+ if (timer != null) {
+ Logger.debug("Destroy Timer.");
+ timer.cancel();
+ }
+
+
+ }
+
+ return null;
+ }
+
+ private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
+ Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
+ ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+
+ //make a Map of all actually loaded HTTPMetadataProvider
+ List<MetadataProvider> providers = chainProvider.getProviders();
+ for (MetadataProvider provider : providers) {
+ if (provider instanceof HTTPMetadataProvider) {
+ HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+ loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
+
+ }
+ }
+
+ return loadedproviders;
+ }
+
+ public boolean refreshMetadataProvider(String metadataURL) {
+ try {
+ if (MiscUtil.isNotEmpty(metadataURL)) {
+ Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders();
+
+ // check if MetadataProvider is actually loaded
+ if (actuallyLoadedProviders.containsKey(metadataURL)) {
+ actuallyLoadedProviders.get(metadataURL).refresh();
+ Logger.info("eIDAS metadata for "
+ + metadataURL + " is refreshed.");
+ return true;
+
+ } else {
+ //load new Metadata Provider
+ ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+ HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL);
+ chainProvider.addMetadataProvider(newMetadataProvider);
+
+ emitChangeEvent();
+ Logger.info("eIDAS metadata for "
+ + metadataURL + " is added.");
+ return true;
+
+ }
+
+ } else
+ Logger.debug("Can not refresh eIDAS metadata: NO eIDAS metadata URL.");
+
+ } catch (MetadataProviderException e) {
+ Logger.warn("Refresh eIDAS metadata for "
+ + metadataURL + " FAILED.", e);
+
+ }
+
+ return false;
+
+ }
+
+
+ public boolean requireValidMetadata() {
+ return internalProvider.requireValidMetadata();
+ }
+
+ public void setRequireValidMetadata(boolean requireValidMetadata) {
+ internalProvider.setRequireValidMetadata(requireValidMetadata);
+ }
+
+ public MetadataFilter getMetadataFilter() {
+ return internalProvider.getMetadataFilter();
+ }
+
+ public void setMetadataFilter(MetadataFilter newFilter)
+ throws MetadataProviderException {
+ internalProvider.setMetadataFilter(newFilter);
+ }
+
+ public XMLObject getMetadata() throws MetadataProviderException {
+ return internalProvider.getMetadata();
+ }
+
+ public EntitiesDescriptor getEntitiesDescriptor(String entitiesID)
+ throws MetadataProviderException {
+ Logger.warn("eIDAS metadata not support 'EntitiesDescriptor' elements!");
+ return null;
+
+ }
+
+ public EntityDescriptor getEntityDescriptor(String entityID)
+ throws MetadataProviderException {
+ EntityDescriptor entityDesc = null;
+ try {
+ entityDesc = internalProvider.getEntityDescriptor(entityID);
+ if (entityDesc == null) {
+ Logger.debug("Can not find eIDAS metadata for entityID: " + entityID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entityID))
+ return internalProvider.getEntityDescriptor(entityID);
+
+ } else {
+ if (!entityDesc.isValid())
+ if (refreshMetadataProvider(entityID))
+ return internalProvider.getEntityDescriptor(entityID);
+
+ }
+
+
+ } catch (MetadataProviderException e) {
+ Logger.debug("Can not find eIDAS metadata for entityID: " + entityID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entityID))
+ return internalProvider.getEntityDescriptor(entityID);
+
+ }
+
+ return entityDesc;
+ }
+
+ public List<RoleDescriptor> getRole(String entityID, QName roleName)
+ throws MetadataProviderException {
+ return internalProvider.getRole(entityID, roleName);
+ }
+
+ public RoleDescriptor getRole(String entityID, QName roleName,
+ String supportedProtocol) throws MetadataProviderException {
+ return internalProvider.getRole(entityID, roleName, supportedProtocol);
+ }
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
+ */
+ @Override
+ public List<Observer> getObservers() {
+ return ((ChainingMetadataProvider) internalProvider).getObservers();
+ }
+
+ protected void emitChangeEvent() {
+ if ((getObservers() == null) || (getObservers().size() == 0)) {
+ return;
+ }
+
+ List<Observer> tempObserverList = new ArrayList<Observer>(getObservers());
+ for (ObservableMetadataProvider.Observer observer : tempObserverList)
+ if (observer != null)
+ observer.onEvent(this);
+ }
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
new file mode 100644
index 000000000..e3ae5c046
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.security.KeyStore;
+
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.MetadataProcessorI;
+import eu.eidas.engine.exceptions.SAMLEngineException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
+
+ private MetadataProvider metadataprovider = null;
+
+ /**
+ *
+ */
+ public MOAeIDASMetadataProviderDecorator(MetadataProvider metadataprovider) {
+ this.metadataprovider = metadataprovider;
+
+ }
+
+ /* (non-Javadoc)
+ * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getEntityDescriptor(java.lang.String)
+ */
+ @Override
+ public EntityDescriptor getEntityDescriptor(String url)
+ throws SAMLEngineException {
+ try {
+ return this.metadataprovider.getEntityDescriptor(url);
+
+ } catch (MetadataProviderException e) {
+ throw new SAMLEngineException("eIDAS Metadata processing FAILED.", e);
+
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getSPSSODescriptor(java.lang.String)
+ */
+ @Override
+ public SPSSODescriptor getSPSSODescriptor(String url)
+ throws SAMLEngineException {
+ return getFirstRoleDescriptor(getEntityDescriptor(url), SPSSODescriptor.class);
+
+ }
+
+ /* (non-Javadoc)
+ * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getIDPSSODescriptor(java.lang.String)
+ */
+ @Override
+ public IDPSSODescriptor getIDPSSODescriptor(String url)
+ throws SAMLEngineException {
+ return getFirstRoleDescriptor(getEntityDescriptor(url), IDPSSODescriptor.class);
+
+ }
+
+ /* (non-Javadoc)
+ * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, eu.eidas.auth.engine.EIDASSAMLEngine)
+ */
+ @Override
+ public void checkValidMetadataSignature(String url, EIDASSAMLEngine engine)
+ throws SAMLEngineException {
+ //Do nothing, because metadata signature is already validated during
+ //metadata provider initialization
+
+ }
+
+ /* (non-Javadoc)
+ * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, java.security.KeyStore)
+ */
+ @Override
+ public void checkValidMetadataSignature(String url, KeyStore trustStore)
+ throws SAMLEngineException {
+ //Do nothing, because metadata signature is already validated during
+ //metadata provider initialization
+
+ }
+
+ protected <T extends RoleDescriptor> T getFirstRoleDescriptor(EntityDescriptor entityDescriptor, final Class<T> clazz){
+ for(RoleDescriptor rd:entityDescriptor.getRoleDescriptors()){
+ if(clazz.isInstance(rd)){
+ return (T)rd;
+ }
+ }
+ return null;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java
new file mode 100644
index 000000000..c9f3e5bcd
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.io.IOException;
+import java.io.StringWriter;
+
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+
+import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASMetadataSignatureFilter implements MetadataFilter {
+
+ private String trustProfileID = null;
+
+ /**
+ *
+ */
+ public MOAeIDASMetadataSignatureFilter(String trustProfileID) {
+ this.trustProfileID = trustProfileID;
+
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ public void doFilter(XMLObject metadata) throws FilterException {
+ if (metadata instanceof EntityDescriptor) {
+ if (((EntityDescriptor) metadata).isSigned()) {
+ EntityDescriptor entityDes = (EntityDescriptor) metadata;
+ //check signature;
+ try {
+ Transformer transformer = TransformerFactory.newInstance()
+ .newTransformer();
+ StringWriter sw = new StringWriter();
+ StreamResult sr = new StreamResult(sw);
+ DOMSource source = new DOMSource(metadata.getDOM());
+ transformer.transform(source, sr);
+ sw.close();
+ String metadataXML = sw.toString();
+
+ SignatureVerificationUtils sigVerify =
+ new SignatureVerificationUtils();
+ VerifyXMLSignatureResponse result = sigVerify.verify(
+ metadataXML.getBytes(), trustProfileID);
+
+ //check signature-verification result
+ if (result.getSignatureCheckCode() != 0) {
+ Logger.warn("eIDAS Metadata signature-verification FAILED!"
+ + " Metadata: " + entityDes.getEntityID()
+ + " StatusCode:" + result.getSignatureCheckCode());
+ throw new FilterException("eIDAS Metadata signature-verification FAILED!"
+ + " Metadata: " + entityDes.getEntityID()
+ + " StatusCode:" + result.getSignatureCheckCode());
+
+ }
+
+ if (result.getCertificateCheckCode() != 0) {
+ Logger.warn("eIDAS Metadata certificate-verification FAILED!"
+ + " Metadata: " + entityDes.getEntityID()
+ + " StatusCode:" + result.getCertificateCheckCode());
+ throw new FilterException("eIDAS Metadata certificate-verification FAILED!"
+ + " Metadata: " + entityDes.getEntityID()
+ + " StatusCode:" + result.getCertificateCheckCode());
+
+ }
+
+
+ } catch (MOAIDException | TransformerFactoryConfigurationError | TransformerException | IOException e) {
+ Logger.error("eIDAS Metadata verification has an interal error.", e);
+ throw new FilterException("eIDAS Metadata verification has an interal error."
+ + " Message:" + e.getMessage());
+
+ }
+
+
+ } else {
+ Logger.warn("eIDAS Metadata root-element MUST be signed.");
+ throw new FilterException("eIDAS Metadata root-element MUST be signed.'");
+
+ }
+
+ } else {
+ Logger.warn("eIDAS Metadata root-element is not of type 'EntityDescriptor'");
+ throw new FilterException("eIDAS Metadata root-element is not of type 'EntityDescriptor'");
+
+ }
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java
deleted file mode 100644
index 2aec81db5..000000000
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java
+++ /dev/null
@@ -1,50 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
-
-import java.security.KeyStore;
-
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-
-import at.gv.egovernment.moa.logging.Logger;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.metadata.SimpleMetadataProcessor;
-import eu.eidas.engine.exceptions.SAMLEngineException;
-
-public class MOAeIDASSimpleMetadataProvider extends SimpleMetadataProcessor {
-
- @Override
- public EntityDescriptor getEntityDescriptor(String url) {
- EntityDescriptor entityDescriptor=getEntityDescriptorHelper(url);
-
- if(Logger.isDebugEnabled()){
- Logger.debug("got entityDescriptor: " + entityDescriptor);
- }
- return entityDescriptor;
- }
-
- @Override
- public SPSSODescriptor getSPSSODescriptor(String url) throws SAMLEngineException {
- return getFirstRoleDescriptor(getEntityDescriptor(url), SPSSODescriptor.class);
-
- }
-
- @Override
- public IDPSSODescriptor getIDPSSODescriptor(String url) throws SAMLEngineException {
- return getFirstRoleDescriptor(getEntityDescriptor(url), IDPSSODescriptor.class);
-
- }
-
- @Override
- public void checkValidMetadataSignature(String url, EIDASSAMLEngine engine) throws SAMLEngineException {
- //TODO: implement Metadata signature validation
- Logger.warn("MetadataProcessor in demo SP does not actually check the signature of metadata");
-
- }
- @Override
- public void checkValidMetadataSignature(String url, KeyStore store) throws SAMLEngineException {
- //not implemented
-
- }
-
-}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 57588287d..963fe70c1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -142,7 +142,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
authnRequest.setProviderName(moaconfig.getPublicURLPrefix());
authnRequest.setPersonalAttributeList(pAttList);
+
authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + "/eidas/metadata");
+ //TODO: only for development and reverse proxy
+ authnRequest.setIssuer("http://localhost:12343/moa-id-auth/eidas/metadata");
+
authnRequest.setDestination(destination);
authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
authnRequest.setEidasLoA(EidasLoaLevels.LOW.stringValue());
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index 6a573d0f2..d1bc02766 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -29,7 +29,10 @@ import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import eu.eidas.auth.engine.EIDASSAMLEngine;
import eu.eidas.auth.engine.metadata.MetadataConfigParams;
import eu.eidas.auth.engine.metadata.MetadataGenerator;
@@ -49,13 +52,21 @@ public class EidasMetaDataServlet extends HttpServlet {
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
- logger.info("EidasMetaDataServlet GET");
+ logger.debug("EidasMetaDataServlet GET");
- String metadata_url = "http://localhost:12344/moa-id-auth/eidas/metadata";
- String sp_return_url = "http://localhost:12344/moa-id-auth/eidas/metadata";
+ AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
+ String pubURLPrefix = config.getPublicURLPrefix();
+
+
+ String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+
+ //TODO: only for development and reverse proxy
+ metadata_url = "http://localhost:12343/moa-id-auth/eidas/metadata";
+
+ String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;
String metaData = generateMetadata(metadata_url, sp_return_url);
- logger.debug(metaData);
+ logger.trace(metaData);
response.setContentType("text/xml");
response.getWriter().print(metaData);
@@ -69,13 +80,13 @@ public class EidasMetaDataServlet extends HttpServlet {
String metadata="invalid metadata";
// FIXME workaround!?
- Security.removeProvider("IAIK");
- Security.removeProvider("IAIK_ECC");
+// Security.removeProvider("IAIK");
+// Security.removeProvider("IAIK_ECC");
EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
- IAIK.addAsProvider();
- ECCProvider.addAsProvider(true);
+// IAIK.addAsProvider();
+// ECCProvider.addAsProvider(true);
MetadataGenerator generator = new MetadataGenerator();
MetadataConfigParams mcp=new MetadataConfigParams();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 2c2435ff6..8e46f0ef1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -24,7 +24,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
-import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASSimpleMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.logging.Logger;
import eu.eidas.auth.engine.EIDASSAMLEngine;
@@ -37,28 +38,34 @@ import eu.eidas.samlengineconfig.CertificateConfigurationManager;
*/
public class SAMLEngineUtils {
- public static EIDASSAMLEngine createSAMLEngine() throws EIDASEngineException{
+ private static EIDASSAMLEngine eIDASEngine = null;
+
+ public static synchronized EIDASSAMLEngine createSAMLEngine() throws EIDASEngineException{
- try {
- //get eIDAS SAMLengine configuration from MOA-ID configuration
- CertificateConfigurationManager configManager = new MOAIDCertificateManagerConfigurationImpl();
-
- //initial eIDAS SAMLengine
- EIDASSAMLEngine engine = EIDASSAMLEngine.createSAMLEngine(Constants.eIDAS_SAML_ENGINE_NAME,
- configManager);
-
- //set Metadata managment to eIDAS SAMLengine
- //TODO: implement final Metadata processor (this is only a first solution!!!)
- engine.setMetadataProcessor(new MOAeIDASSimpleMetadataProvider());
-
- return engine;
-
- } catch (EIDASSAMLEngineException e) {
- Logger.error("eIDAS SAMLengine initialization FAILED!", e);
- throw new EIDASEngineException("eIDAS SAMLengine initialization FAILED!", e);
-
+ if (eIDASEngine == null) {
+ try {
+ //get eIDAS SAMLengine configuration from MOA-ID configuration
+ CertificateConfigurationManager configManager = new MOAIDCertificateManagerConfigurationImpl();
+
+ //initial eIDAS SAMLengine
+ EIDASSAMLEngine engine = EIDASSAMLEngine.createSAMLEngine(Constants.eIDAS_SAML_ENGINE_NAME,
+ configManager);
+
+ //set Metadata managment to eIDAS SAMLengine
+ engine.setMetadataProcessor(
+ new MOAeIDASMetadataProviderDecorator(
+ MOAeIDASChainingMetadataProvider.getInstance()));
+
+ eIDASEngine = engine;
+
+ } catch (EIDASSAMLEngineException e) {
+ Logger.error("eIDAS SAMLengine initialization FAILED!", e);
+ throw new EIDASEngineException("eIDAS SAMLengine initialization FAILED!", e);
+
+ }
}
-
+
+ return eIDASEngine;
}
}
diff --git a/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.jar b/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.jar
new file mode 100644
index 000000000..d53fcb398
--- /dev/null
+++ b/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.jar
Binary files differ
diff --git a/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.pom b/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.pom
new file mode 100644
index 000000000..21a800dd7
--- /dev/null
+++ b/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.pom
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_eccelerate</artifactId>
+ <version>2.51</version>
+ <description>POM was created by Sonatype Nexus</description>
+</project> \ No newline at end of file