diff options
| author | kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2012-01-26 21:59:33 +0000 |
|---|---|---|
| committer | kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2012-01-26 21:59:33 +0000 |
| commit | a9b2e962d2853b74d314cb9f614cab446a7134c0 (patch) | |
| tree | ebf5e54d2a8321162da208f2b7dba1285dc926f9 | |
| parent | fd49902f62d361acb1102024c98c304fac265fa1 (diff) | |
| download | moa-id-spss-a9b2e962d2853b74d314cb9f614cab446a7134c0.tar.gz moa-id-spss-a9b2e962d2853b74d314cb9f614cab446a7134c0.tar.bz2 moa-id-spss-a9b2e962d2853b74d314cb9f614cab446a7134c0.zip | |
* optionalen useUTC Parameter in Konfig eingefügt (damit IssueInstant in SAML Assertion auf UTC einstellbar)
* optionalen sourceID Parameter bei MOA-ID Aufruf eingefügt (wird 1:1 in SAML Assertion übernommen)
* Update Doku (useUTC, sourceID, Vollmachten-Profile)
* Ablaufänderung bei Vollmachten-Modus (Signatur Zertifikat wird aus Signatur entnommen und nicht mittels eigenem Infobox-Request)
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1233 d688527b-c9ab-4aba-bd8d-4036d912da1d
41 files changed, 421 insertions, 175 deletions
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java index 92e845967..d70073db8 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java @@ -26,6 +26,7 @@ package at.gv.egovernment.moa.util; import java.io.StringWriter; import java.text.ParseException; +import java.text.SimpleDateFormat; import java.util.Calendar; import java.util.Date; import java.util.GregorianCalendar; @@ -48,38 +49,56 @@ public class DateTimeUtils { * @param cal the <code>Calendar</code> value * @return the <code>dateTime</code> value */ - public static String buildDateTime(Calendar cal) { - StringWriter out = new StringWriter(); - out.write("" + cal.get(Calendar.YEAR)); - out.write("-"); - out.write(to2DigitString(cal.get(Calendar.MONTH) + 1)); - out.write("-"); - out.write(to2DigitString(cal.get(Calendar.DAY_OF_MONTH))); - out.write("T"); - out.write(to2DigitString(cal.get(Calendar.HOUR_OF_DAY))); - out.write(":"); - out.write(to2DigitString(cal.get(Calendar.MINUTE))); - out.write(":"); - out.write(to2DigitString(cal.get(Calendar.SECOND))); - int tzOffsetMilliseconds = - cal.get(Calendar.ZONE_OFFSET) + cal.get(Calendar.DST_OFFSET); - if (tzOffsetMilliseconds != 0) { - int tzOffsetMinutes = tzOffsetMilliseconds / (1000 * 60); - int tzOffsetHours = tzOffsetMinutes / 60; - tzOffsetMinutes -= tzOffsetHours * 60; - if (tzOffsetMilliseconds > 0) { - out.write("+"); - out.write(to2DigitString(tzOffsetHours)); - out.write(":"); - out.write(to2DigitString(tzOffsetMinutes)); - } else { - out.write("-"); - out.write(to2DigitString(-tzOffsetHours)); - out.write(":"); - out.write(to2DigitString(-tzOffsetMinutes)); - } - } - return out.toString(); + public static String buildDateTime(Calendar cal, boolean useUTC) { + + if (useUTC) + return buildDateTimeUTC(cal); + else { + StringWriter out = new StringWriter(); + out.write("" + cal.get(Calendar.YEAR)); + out.write("-"); + out.write(to2DigitString(cal.get(Calendar.MONTH) + 1)); + out.write("-"); + out.write(to2DigitString(cal.get(Calendar.DAY_OF_MONTH))); + out.write("T"); + out.write(to2DigitString(cal.get(Calendar.HOUR_OF_DAY))); + out.write(":"); + out.write(to2DigitString(cal.get(Calendar.MINUTE))); + out.write(":"); + out.write(to2DigitString(cal.get(Calendar.SECOND))); + int tzOffsetMilliseconds = + cal.get(Calendar.ZONE_OFFSET) + cal.get(Calendar.DST_OFFSET); + if (tzOffsetMilliseconds != 0) { + int tzOffsetMinutes = tzOffsetMilliseconds / (1000 * 60); + int tzOffsetHours = tzOffsetMinutes / 60; + tzOffsetMinutes -= tzOffsetHours * 60; + if (tzOffsetMilliseconds > 0) { + out.write("+"); + out.write(to2DigitString(tzOffsetHours)); + out.write(":"); + out.write(to2DigitString(tzOffsetMinutes)); + } else { + out.write("-"); + out.write(to2DigitString(-tzOffsetHours)); + out.write(":"); + out.write(to2DigitString(-tzOffsetMinutes)); + } + } + return out.toString(); + } + } + + /** + * Builds a <code>dateTime</code> value in UTC from a <code>Calendar</code> value. + * @param cal the <code>Calendar</code> value + * @return the <code>dateTime</code> value + */ + public static String buildDateTimeUTC(Calendar cal) { + + SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); + f.setTimeZone(TimeZone.getTimeZone("UTC")); + + return f.format(cal.getTime()); } /** diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd index cc562187a..d16953eab 100644 --- a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd +++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd @@ -89,10 +89,16 @@ <xsd:element name="MOA-IDConfiguration">
<xsd:complexType>
<xsd:sequence>
- <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+ <xsd:element name="AuthComponent" minOccurs="0">
<xsd:annotation>
<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
</xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="AuthComponentType">
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
</xsd:element>
<xsd:element name="ProxyComponent" minOccurs="0">
<xsd:annotation>
@@ -467,6 +473,7 @@ <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
<xsd:attribute name="provideFullMandatorData" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="useUTC" type="xsd:boolean" use="optional" default="false"/>
<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
</xsd:complexType>
</xsd:element>
diff --git a/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java b/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java index 8fdd389a2..3364e9888 100644 --- a/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java +++ b/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java @@ -121,7 +121,7 @@ public class DateTimeUtilsTest extends TestCase { Calendar cal = new GregorianCalendar(TimeZone.getTimeZone(timeZone)); cal.set(year,month, day, hour, min, sec); cal.set(Calendar.MILLISECOND, 0); - String dateTimeBuilt = DateTimeUtils.buildDateTime(cal); + String dateTimeBuilt = DateTimeUtils.buildDateTime(cal, false); assertEquals(dateTimeShould, dateTimeBuilt); } diff --git a/id/readme_1.5.1.txt b/id/readme_1.5.1.txt index 8cf5e7361..e742212df 100644 --- a/id/readme_1.5.1.txt +++ b/id/readme_1.5.1.txt @@ -17,6 +17,8 @@ gleichen Verzeichnis): - Änderung der Konfiguration
- für Online-Vollmachten
- Fixer Target-Parameter für Online-Applikation konfigurierbar
+ - Optionaler Parameter zur Angabe der IssueInstant im UTC Format in der SAML-Assertion
+- Weiterer optionaler Parameter sourceID beim MOA-ID Aufruf
- IAIK Libraries aktualisiert:
iaik-moa: Version 1.31
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml index 697cadec4..6525642f1 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml @@ -65,7 +65,8 @@ <!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren --> <!-- (siehe OnlineApplication/AuthComponent/Mandates)--> <!--<Mandates>--> - <!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann--> + <!-- Liste der Vollmachten-Profile, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann--> + <!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.--> <!-- <Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>--> <!-- </Mandates>--> </AuthComponent> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml index 41103cf3c..27bf6681c 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml @@ -76,7 +76,8 @@ <!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren --> <!-- (siehe OnlineApplication/AuthComponent/Mandates)--> <!--<Mandates>--> - <!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann--> + <!-- Liste der Vollmachten-Profile, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann--> + <!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.--> <!-- <Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>--> <!-- </Mandates>--> </AuthComponent> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml index 05c6387e1..eefc7cf6a 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml @@ -67,7 +67,8 @@ <!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren --> <!-- (siehe OnlineApplication/AuthComponent/Mandates)--> <!-- <Mandates> --> - <!-- Liste der Vollmachten-Identifikatoren, die festlegt mit welchen Vollmachtstyp man sich bei der Online-Applikation anmelden kann--> + <!-- Liste der Vollmachten-Profile, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann--> + <!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.--> <!--<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>--> <!--</Mandates> --> </AuthComponent> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml index 1d8b50537..f9e296c62 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml @@ -77,7 +77,8 @@ <!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren --> <!-- (siehe OnlineApplication/AuthComponent/Mandates)--> <!--<Mandates>--> - <!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann--> + <!-- Liste der Vollmachten-Profile, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann--> + <!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.--> <!-- <Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>--> <!-- </Mandates>--> </AuthComponent> diff --git a/id/server/doc/MOA-ID-Configuration-1.5.1.xsd b/id/server/doc/MOA-ID-Configuration-1.5.1.xsd index cc562187a..d16953eab 100644 --- a/id/server/doc/MOA-ID-Configuration-1.5.1.xsd +++ b/id/server/doc/MOA-ID-Configuration-1.5.1.xsd @@ -89,10 +89,16 @@ <xsd:element name="MOA-IDConfiguration">
<xsd:complexType>
<xsd:sequence>
- <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+ <xsd:element name="AuthComponent" minOccurs="0">
<xsd:annotation>
<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
</xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="AuthComponentType">
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
</xsd:element>
<xsd:element name="ProxyComponent" minOccurs="0">
<xsd:annotation>
@@ -467,6 +473,7 @@ <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
<xsd:attribute name="provideFullMandatorData" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="useUTC" type="xsd:boolean" use="optional" default="false"/>
<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
</xsd:complexType>
</xsd:element>
diff --git a/id/server/doc/MOA_ID_1.5_Anhang.pdf b/id/server/doc/MOA_ID_1.5_Anhang.pdf Binary files differindex 454ff933a..f2e5057c7 100644 --- a/id/server/doc/MOA_ID_1.5_Anhang.pdf +++ b/id/server/doc/MOA_ID_1.5_Anhang.pdf diff --git a/id/server/doc/moa_id/faqs.htm b/id/server/doc/moa_id/faqs.htm index 0b9ef0415..814d0c9f7 100644 --- a/id/server/doc/moa_id/faqs.htm +++ b/id/server/doc/moa_id/faqs.htm @@ -207,8 +207,7 @@ MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Tr </td> <td valign="top" width="460"> <hr /> -<div style="font-size:8pt; color:#909090">© 2003 <!-- Development Center, BRZ GmbH --></div> -</td></tr></table> +<div style="font-size:8pt; color:#909090">© 2012</div></td></tr></table> <br /> diff --git a/id/server/doc/moa_id/id-admin.htm b/id/server/doc/moa_id/id-admin.htm index 7192f02e2..7d014299e 100644 --- a/id/server/doc/moa_id/id-admin.htm +++ b/id/server/doc/moa_id/id-admin.htm @@ -311,7 +311,7 @@ Die Versionsangaben beziehen sich auf die Versionen, mit denen die MOA ID Webapp <td width="170" valign="top"><br /></td> <td valign="top"> <hr /> -<div style="font-size:8pt; color:#909090">© 2004</div> +<div style="font-size:8pt; color:#909090">© 2012</div> </td></tr></table> <br /> diff --git a/id/server/doc/moa_id/id-admin_1.htm b/id/server/doc/moa_id/id-admin_1.htm index 9b18fcdbe..08a1acc73 100644 --- a/id/server/doc/moa_id/id-admin_1.htm +++ b/id/server/doc/moa_id/id-admin_1.htm @@ -539,7 +539,7 @@ Wenn nun versucht wird, eine Transaktion mit einer ungültigen SessionID fort <td width="170" valign="top"><br /></td> <td valign="top"> <hr /> -<div style="font-size:8pt; color:#909090">© 2010</div> +<div style="font-size:8pt; color:#909090">© 2012</div> </td></tr></table> <br /> diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm index ea4874edd..8a217bfcc 100644 --- a/id/server/doc/moa_id/id-admin_2.htm +++ b/id/server/doc/moa_id/id-admin_2.htm @@ -613,8 +613,9 @@ Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu akt Anmeldedaten aufzunehmen. Alle Attribute sind optional und haben den Default-Wert <tt>false</tt>. <br> - Das Attribut <tt id="provideStammzahlOA2">provideFullMandatorData</tt> bestimmt ob bei einer Vollmachten-Anmeldung die vollständigen Vollmacht in der SAML Assertion mitgegeben wird oder nur die Basisdaten wie Name, Geburtsdatum und bPK des Vertreters (bzw. Organwalter/PV) sowie Name, Geburtsdatum und bPK (bzw. Name und Stammzahl bei juristischen Personen) des Vertretenen in der Assertion übermittelt. Bei <tt id="provideStammzahlOA3">provideFullMandatorData=false</tt> werden nur die Basisdaten übermittelt (Defaulteinstellung). Bei <tt id="provideStammzahlOA4">provideFullMandatorData=true</tt> wird zusätzlich die gesamte Vollmacht übergeben. </p> -<p><b>Anmerkung</b>: Das Attribut <tt>provideStammzahl</tt> steht in keinem + Das Attribut <tt id="provideStammzahlOA2">provideFullMandatorData</tt> bestimmt ob bei einer Vollmachten-Anmeldung die vollständigen Vollmacht in der SAML Assertion mitgegeben wird oder nur die Basisdaten wie Name, Geburtsdatum und bPK des Vertreters (bzw. Organwalter/PV) sowie Name, Geburtsdatum und bPK (bzw. Name und Stammzahl bei juristischen Personen) des Vertretenen in der Assertion übermittelt. Bei <tt id="provideStammzahlOA3">provideFullMandatorData=false</tt> werden nur die Basisdaten übermittelt (Defaulteinstellung). Bei <tt id="provideStammzahlOA4">provideFullMandatorData=true</tt> wird zusätzlich die gesamte Vollmacht übergeben.<br> + Das Attribut <tt id="provideStammzahlOA5">useUTC</tt> bestimmt ob IssueInstant in der SAML Assertion als UTC (2012-01-26T18:38:35Z, <tt id="provideStammzahlOA8">useUTC=true</tt>) oder dem Default-Format (z.B.: 2012-01-26T19:38:35+01:00, <tt id="provideStammzahlOA9">useUTC=false</tt>) angegeben wird. </p> + <p><b>Anmerkung</b>: Das Attribut <tt>provideStammzahl</tt> steht in keinem Zusammenhang zum gleichnamigen Attribut <a href="#provideStammzahlVI">VerifyInfoboxes/@provideStammzahl</a>, das angibt ob die Stammzahl an eine <i>Prüfapplikation</i> weitergegeben @@ -921,7 +922,8 @@ Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu akt <br /> Mit Hilfe dieses Elements werden die Online-Vollmachten für die Online-Applikation aktiviert. Als Kindelement muss <tt>Profiles</tt> angegeben werden. Dieses Element beinhaltet eine (Komma-separierte) - Liste von Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann.<br/> + Liste von Vollmachten-Profilen, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann. + Unter <a href="https://vollmachten.stammzahlenregister.gv.at/mis/" target="_blank">https://vollmachten.stammzahlenregister.gv.at/mis/</a> finden Sie eine Liste der unterstützen Vollmachten-Profile.<br/> Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfiguriert werden - siehe <a href="#AuthComponent_OnlineMandates">hier</a> </p> @@ -1453,7 +1455,7 @@ Im Falle einer fehlerhaften neuen Konfiguration wird die ursprüngliche Konf <td width="170" valign="top"><br /></td> <td valign="top"> <hr /> -<div style="font-size:8pt; color:#909090">© 2010</div> +<div style="font-size:8pt; color:#909090">© 2012</div> </td></tr></table> <br /> diff --git a/id/server/doc/moa_id/id-admin_3.htm b/id/server/doc/moa_id/id-admin_3.htm index 8b1c74e7c..5b95feca8 100644 --- a/id/server/doc/moa_id/id-admin_3.htm +++ b/id/server/doc/moa_id/id-admin_3.htm @@ -194,7 +194,7 @@ Um das Logging in die Datenbank Log4j bekannt zu machen, muss die Log4j-Konfigur <td width="170" valign="top"><br /></td> <td valign="top"> <hr /> -<div style="font-size:8pt; color:#909090">© 2004</div> +<div style="font-size:8pt; color:#909090">© 2012</div> </td></tr></table> <br /> diff --git a/id/server/doc/moa_id/id-anwendung.htm b/id/server/doc/moa_id/id-anwendung.htm index d5057f854..c4cab64e1 100644 --- a/id/server/doc/moa_id/id-anwendung.htm +++ b/id/server/doc/moa_id/id-anwendung.htm @@ -94,7 +94,7 @@ Dies kann unter Mithilfe der Webapplikation MOA-ID-PROXY geschehen, die für <td width="170" valign="top"><br /></td> <td valign="top"> <hr /> -<div style="font-size:8pt; color:#909090">© 2003 <!-- Development Center, BRZ GmbH --></div> +<div style="font-size:8pt; color:#909090">© 2012</div> </td></tr></table> <br /> diff --git a/id/server/doc/moa_id/id-anwendung_1.htm b/id/server/doc/moa_id/id-anwendung_1.htm index 28f7a5979..ad45ff7e1 100644 --- a/id/server/doc/moa_id/id-anwendung_1.htm +++ b/id/server/doc/moa_id/id-anwendung_1.htm @@ -73,7 +73,7 @@ Projekt <span style="font-size:48pt; ">moa</span>  Der Aufruf erfolgt durch einen Verweis der Form: </div> <pre><a href="https://<moa-id-server-und-pfad>/ StartAuthentication?Target=<geschäftsbereich> -&OA=<oa-url>&Template=<template-url>&useMandate=false"></pre> +&OA=<oa-url>&Template=<template-url>&useMandate=false&sourceID=<sourceID>"></pre> <table border="1"><tbody valign="baseline"> <tr> <td id="klein"><moa-id-server-und-pfad></td><td id="klein">Server und Pfad, wo MOA-ID-AUTH installiert ist</td> @@ -92,6 +92,10 @@ StartAuthentication?Target=<geschäftsbereich> <td id="klein">useMandate=<true/false></td> <td id="klein">optional; Gibt an ob eine Anmeldung im Online-Vollmachten-Modus durchgeführt werden soll (=true) oder nicht (=false);</td> </tr> +<tr> + <td id="klein2">sourceID=<sourceID></td> + <td id="klein2">optional; Gibt eine sourceID an, die (wenn sie gesetzt ist) in der SAML-Assertion aufscheint</td> +</tr> </tbody> </table> <br/><br/> @@ -204,7 +208,7 @@ Im folgenden Beispiel wird in den Java Truststore "truststore.jks" mit <td width="170" valign="top"><br /></td> <td valign="top"> <hr /> -<div style="font-size:8pt; color:#909090">© 2004</div> +<div style="font-size:8pt; color:#909090">© 2012</div> </td></tr></table> <br /> diff --git a/id/server/doc/moa_id/id-anwendung_2.htm b/id/server/doc/moa_id/id-anwendung_2.htm index df8b10aad..4e2e89d74 100644 --- a/id/server/doc/moa_id/id-anwendung_2.htm +++ b/id/server/doc/moa_id/id-anwendung_2.htm @@ -237,8 +237,7 @@ Falls nötig, kann eine maßgeschneiderte Implementierung von <tt>ConnectionB <td width="170" valign="top"><br /></td> <td valign="top"> <hr /> -<div style="font-size:8pt; color:#909090">© 2003 <!-- Development Center, BRZ GmbH --></div> -</td></tr></table> +<div style="font-size:8pt; color:#909090">© 2012</div></td></tr></table> <br /> diff --git a/id/server/doc/moa_id/links.htm b/id/server/doc/moa_id/links.htm index ef6c09083..2956c6263 100644 --- a/id/server/doc/moa_id/links.htm +++ b/id/server/doc/moa_id/links.htm @@ -134,8 +134,7 @@ MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Tr <td width="170" valign="top"><br /></td> <td valign="top"> <hr /> -<div style="font-size:8pt; color:#909090">© 2010 - <!-- Development Center, BRZ GmbH --></div> +<div style="font-size:8pt; color:#909090">© 2012</div> </td></tr></table> <br /> diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm index 94f4a35ea..09fb1c5b6 100644 --- a/id/server/doc/moa_id/moa.htm +++ b/id/server/doc/moa_id/moa.htm @@ -247,7 +247,7 @@ an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weiterge <td width="170" valign="top"><br /></td> <td valign="top"> <hr /> -<div style="font-size:8pt; color:#909090">© 2010</div> +<div style="font-size:8pt; color:#909090">© 2012</div> </td></tr></table> <br /> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 68e6b950a..a68dca65a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,11 +24,15 @@ package at.gv.egovernment.moa.id.auth; +import iaik.ixsil.exceptions.UtilsException; +import iaik.ixsil.util.Utils; import iaik.pki.PKIException; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.Principal; @@ -49,7 +53,6 @@ import org.apache.xpath.XPathAPI; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; -import org.w3c.dom.NodeList; import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.AuthenticationException; @@ -114,7 +117,6 @@ import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** @@ -305,7 +307,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param useMandate Indicates if mandate is used or not * @param templateURL URL providing an HTML template for the HTML form generated * @param templateMandteURL URL providing an HTML template for the HTML form generated (for signing in mandates mode) - * @param scheme determines the protocol used + * @param scheme determines the protocol used + * @param sourceID * @return HTML form * @throws AuthenticationException * @see GetIdentityLinkFormBuilder @@ -320,7 +323,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { String bkuURL, String useMandate, String sessionID, - String scheme) + String scheme, + String sourceID) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { String useMandateString = null; @@ -381,7 +385,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); session.setTemplateURL(templateURL); - session.setBusinessService(oaParam.getBusinessService()); + session.setBusinessService(oaParam.getBusinessService()); + if (sourceID != null) + session.setSourceID(sourceID); } // BKU URL has not been set yet, even if session already exists if (bkuURL == null) { @@ -510,17 +516,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { } // for testing new identity link certificate - // https://localhost:8443/moa-id-auth/StartAuthentication?Target=AR&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample // xmlInfoboxReadResponse = null; // try { -// File file = new File("c:/temp/xxxMuster-new-cert_infobox.xml"); +// File file = new File("c:/temp/XXXMuster.xml"); // FileInputStream fis; // // fis = new FileInputStream(file); // byte[] array = Utils.readFromInputStream(fis); // // xmlInfoboxReadResponse = new String(array); -// //System.out.println(xmlInfoboxReadResponse); +// System.out.println(xmlInfoboxReadResponse); // // } catch (FileNotFoundException e) { // // TODO Auto-generated catch block @@ -529,7 +534,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // // TODO Auto-generated catch block // e.printStackTrace(); // } -// + // parses the <InfoboxReadResponse> @@ -687,7 +692,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // builds the AUTH-block - String authBlock = buildAuthenticationBlock(session); + String authBlock = buildAuthenticationBlock(session, oaParam); // session.setAuthBlock(authBlock); // builds the <CreateXMLSignatureRequest> @@ -871,14 +876,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws BuildException If an error occurs on serializing an extended SAML attribute * to be appended to the AUTH-Block. */ - private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException { + private String buildAuthenticationBlock(AuthenticationSession session, OAAuthParameter oaParam) throws BuildException { IdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); String gebDat = identityLink.getDateOfBirth(); String identificationValue = identityLink.getIdentificationValue(); String identificationType = identityLink.getIdentificationType(); - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); + String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), oaParam.getUseUTC()); session.setIssueInstant(issueInstant); String authURL = session.getAuthURL(); String target = session.getTarget(); @@ -1418,6 +1423,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // parses <CreateXMLSignatureResponse> CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); + try { String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion()); session.setAuthBlock(serializedAssertion); @@ -1502,12 +1508,21 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + boolean useUTC = oaParam.getUseUTC(); // builds authentication data and stores it together with a SAML artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp); + AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC); if (session.getUseMandate()) { // mandate mode + //session.setAssertionAuthBlock(assertionAuthBlock) + + // set signer certificate + session.setSignerCertificate(vsresp.getX509certificate()); + return null; } else { @@ -1521,6 +1536,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.getBkuURL(), session.getAssertionSignerCertificateBase64(), session.getAssertionBusinessService(), + session.getSourceID(), session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); @@ -1677,6 +1693,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.getBkuURL(), session.getAssertionSignerCertificateBase64(), session.getAssertionBusinessService(), + session.getSourceID(), session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); @@ -1772,9 +1789,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { } VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); - X509Certificate cert = session.getForeignSignerCertificate(); + X509Certificate cert = session.getSignerCertificate(); vsresp.setX509certificate(cert); - AuthenticationData authData = buildAuthenticationData(session, vsresp); + + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + boolean useUTC = oaParam.getUseUTC(); + AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC); String samlAssertion = @@ -1786,6 +1808,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.getBkuURL(), session.getAssertionSignerCertificateBase64(), session.getAssertionBusinessService(), + session.getSourceID(), session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); @@ -1823,7 +1846,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ private AuthenticationData buildAuthenticationData( AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp) + VerifyXMLSignatureResponse verifyXMLSigResp, + boolean useUTC) throws ConfigurationException, BuildException { IdentityLink identityLink = session.getIdentityLink(); @@ -1836,7 +1860,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setMinorVersion(0); authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); - authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); + authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC)); authData.setIdentificationType(identityLink.getIdentificationType()); authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); @@ -1845,6 +1869,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode()); authData.setBkuURL(session.getBkuURL()); + authData.setUseUTC(oaParam.getUseUTC()); boolean provideStammzahl = oaParam.getProvideStammzahl(); if (provideStammzahl) { authData.setIdentificationValue(identityLink.getIdentificationValue()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 260b3fd01..f3be98ef0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -43,6 +43,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_OA = "OA"; /** servlet parameter "bkuURI" */ public static final String PARAM_BKU = "bkuURI"; + /** servlet parameter "sourceID" */ + public static final String PARAM_SOURCEID = "sourceID"; /** servlet parameter "BKUSelectionTemplate" */ public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; /** servlet parameter "BKUSelectionTemplate" */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java index 8af4e3af5..410d045f0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java @@ -57,6 +57,11 @@ public class AuthenticationAssertionBuilder { " <saml:Attribute AttributeName=''{0}'' AttributeNamespace=''{1}''>" + NL + " <saml:AttributeValue>{2}</saml:AttributeValue>" + NL + " </saml:Attribute>"+ NL; + + protected static String SAML_ATTRIBUTE_NO_NAMESPACE = + " <saml:Attribute AttributeName=''{0}''>" + NL + + " <saml:AttributeValue>{1}</saml:AttributeValue>" + NL + + " </saml:Attribute>"+ NL; /** * Empty constructor @@ -108,5 +113,26 @@ public class AuthenticationAssertionBuilder { } return sb.toString(); } + + /** + * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion + * delivered to the online application. + * The method traverses through the list of given SAML attribute objects and builds an + * XML structure (String representation) for each of the attributes. + * + * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or + * to the SAML assertion delivered to the online application. + * @return A string representation including the XML structures of + * the SAML attributes. + * + * @throws ParseException If an error occurs on serializing an SAML attribute. + */ + protected String buildSourceIDSAMLAttributes(String sourceID) throws ParseException { + StringBuffer sb = new StringBuffer(); + if (sourceID!=null) + sb.append(MessageFormat.format( SAML_ATTRIBUTE_NO_NAMESPACE, new Object[] {"SourceID", sourceID})); + + return sb.toString(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 367116c73..7032e09eb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -69,9 +69,10 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL + " </saml:Attribute>" + NL + - "{10}" + - "{11}" + + "{10}" + + "{11}" + "{12}" + + "{13}" + " </saml:AttributeStatement>" + NL + "</saml:Assertion>"; @@ -103,9 +104,10 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + " <saml:AttributeValue>{10}</saml:AttributeValue>" + NL + " </saml:Attribute>" + NL + - "{11}" + - "{12}" + + "{11}" + + "{12}" + "{13}" + + "{14}" + " </saml:AttributeStatement>" + NL + "</saml:Assertion>"; /** @@ -156,6 +158,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String bkuURL, String signerCertificateBase64, boolean businessService, + String sourceID, List extendedSAMLAttributes) throws BuildException { @@ -195,6 +198,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String assertion; try { + assertion = MessageFormat.format(AUTH_DATA, new Object[] { authData.getAssertionID(), authData.getIssuer(), @@ -206,6 +210,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB StringUtils.removeXMLDeclaration(xmlPersonData), isQualifiedCertificate, bkuURL, + buildSourceIDSAMLAttributes(sourceID), publicAuthorityAttribute, signerCertificateAttribute, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); @@ -244,6 +249,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String bkuURL, String signerCertificateBase64, boolean businessService, + String sourceID, List extendedSAMLAttributes) throws BuildException { @@ -295,6 +301,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB StringUtils.removeXMLDeclaration(xmlMandateData), isQualifiedCertificate, bkuURL, + buildSourceIDSAMLAttributes(sourceID), publicAuthorityAttribute, signerCertificateAttribute, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 3ab8ff819..5a18b720b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -62,6 +62,11 @@ public class AuthenticationSession { * Friendly name for the target, if target is configured via MOA-ID configuration */ private String targetFriendlyName; + + /** + * SourceID + */ + private String sourceID; /** * Indicates if target from configuration is used or not */ @@ -155,7 +160,7 @@ public class AuthenticationSession { private boolean businessService; /** - * Signer certificate of the foreign citizen + * Signer certificate of the foreign citizen or for mandate mode */ private X509Certificate signerCertificate; /** @@ -212,11 +217,11 @@ public class AuthenticationSession { infoboxValidators = new ArrayList(); } - public X509Certificate getForeignSignerCertificate() { + public X509Certificate getSignerCertificate() { return signerCertificate; } - public void setForeignSignerCertificate(X509Certificate signerCertificate) { + public void setSignerCertificate(X509Certificate signerCertificate) { this.signerCertificate = signerCertificate; } @@ -285,6 +290,14 @@ public class AuthenticationSession { } /** + * Returns the sourceID. + * @return String + */ + public String getSourceID() { + return sourceID; + } + + /** * Returns the target friendly name. * @return String */ @@ -332,6 +345,15 @@ public class AuthenticationSession { this.target = target; } } + + /** + * Sets the sourceID + * @param sourceID The sourceID to set + */ + public void setSourceID(String sourceID) { + this.sourceID = sourceID; + } + /** * Sets the target. If the target includes the target prefix, the prefix will be stripped off. * @param target The target to set diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java index da5ad6ab9..b5c72ef9f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java @@ -87,6 +87,7 @@ public class GetAuthenticationDataService implements Constants { String statusMessageCode = null; String statusMessage = null; String samlAssertion = ""; + boolean useUTC = false; if (requests.length > 1) { // more than 1 request given as parameter statusCode = "samlp:Requester"; @@ -113,8 +114,11 @@ public class GetAuthenticationDataService implements Constants { requestID = request.getAttribute("RequestID"); String samlArtifact = DOMUtils.getText(samlArtifactElem); try { + AuthenticationData authData = AuthenticationServer.getInstance(). getAuthenticationData(samlArtifact); + + useUTC = authData.getUseUTC(); // success samlAssertion = authData.getSamlAssertion(); statusCode = "samlp:Success"; @@ -135,12 +139,13 @@ public class GetAuthenticationDataService implements Constants { } } try { - String responseID = Random.nextRandom(); - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); + String responseID = Random.nextRandom(); + String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC); if (statusMessage == null) statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); responses[0] = new SAMLResponseBuilder().build( responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion); + } catch (MOAIDException e) { AxisFault fault = AxisFault.makeFault(e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index ca3883dad..431af3c31 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -79,21 +79,22 @@ public class StartAuthenticationServlet extends AuthServlet { authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); + String sourceID = req.getParameter(PARAM_SOURCEID); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); String templateURL = req.getParameter(PARAM_TEMPLATE); String sessionID = req.getParameter(PARAM_SESSIONID); String useMandate = req.getParameter(PARAM_USEMANDATE); - // escape parameter strings target = StringEscapeUtils.escapeHtml(target); + sourceID = StringEscapeUtils.escapeHtml(sourceID); oaURL = StringEscapeUtils.escapeHtml(oaURL); bkuURL = StringEscapeUtils.escapeHtml(bkuURL); templateURL = StringEscapeUtils.escapeHtml(templateURL); sessionID = StringEscapeUtils.escapeHtml(sessionID); useMandate = StringEscapeUtils.escapeHtml(useMandate); - + resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); @@ -111,7 +112,9 @@ public class StartAuthenticationServlet extends AuthServlet { if (!ParamValidatorUtils.isValidSessionID(sessionID)) throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); if (!ParamValidatorUtils.isValidUseMandate(useMandate)) - throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + if (!ParamValidatorUtils.isValidSourceID(sourceID)) + throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); @@ -130,11 +133,11 @@ public class StartAuthenticationServlet extends AuthServlet { if (!ParamValidatorUtils.isValidTarget(target)) throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); + getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID); } else { // use target from config - getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); + getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID); } resp.setContentType("text/html;charset=UTF-8"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index f7f9d8fed..17cbe7a3d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -24,26 +24,40 @@ package at.gv.egovernment.moa.id.auth.servlet; +import iaik.pki.PKIException; +import iaik.x509.X509Certificate; + import java.io.IOException; +import java.security.GeneralSecurityException; import java.util.Map; +import javax.net.ssl.SSLSocketFactory; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; +import org.w3c.dom.Element; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.ServletUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.URLEncoder; /** @@ -143,27 +157,31 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); + if (samlArtifactBase64 == null) { //mandate Mode + + callMISService(session, req, resp); - Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); + //Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); - String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); + //String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); // build dataurl - String dataurl = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_VERIFY_CERTIFICATE, - session.getSessionID()); +// String dataurl = +// new DataURLBuilder().buildDataURL( +// session.getAuthURL(), +// REQ_VERIFY_CERTIFICATE, +// session.getSessionID()); //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + //Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); + //ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); } + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { redirectURL = session.getOAURLRequested(); if (!session.getBusinessService()) { @@ -187,6 +205,78 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } } + + /** + * Calls the MIS Service + * @param session + * @throws IOException + */ + private void callMISService(AuthenticationSession session, HttpServletRequest req, HttpServletResponse resp) throws IOException { + + try { + AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); + + // get identitity link as byte[] + Element elem = session.getIdentityLink().getSamlAssertion(); + String s = DOMUtils.serializeNode(elem); + + System.out.println("IDL: " + s); + + byte[] idl = s.getBytes(); + + // redirect url + // build redirect(to the GetMISSessionIdSerlvet) + String redirectURL = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + GET_MIS_SESSIONID, + session.getSessionID()); + + String oaURL = session.getOAURLRequested(); + OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL); + String profiles = oaParam.getMandateProfiles(); + + if (profiles == null) { + Logger.error("No Mandate/Profile for OA configured."); + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); + } + + String profilesArray[] = profiles.split(","); + for(int i = 0; i < profilesArray.length; i++) { + profilesArray[i] = profilesArray[i].trim(); + } + + String oaFriendlyName = oaParam.getFriendlyName(); + String mandateReferenceValue = session.getMandateReferenceValue(); + X509Certificate cert = session.getSignerCertificate(); + MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); + String redirectMISGUI = misSessionID.getRedirectURL(); + + if (misSessionID == null) { + Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); + throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); + } + + session.setMISSessionID(misSessionID.getSessiondId()); + + resp.setStatus(302); + resp.addHeader("Location", redirectMISGUI); + Logger.debug("REDIRECT TO: " + redirectURL); + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } catch (GeneralSecurityException ex) { + handleError(null, ex, req, resp); + } catch (PKIException e) { + handleError(null, e, req, resp); + } catch (MISSimpleClientException e) { + handleError(null, e, req, resp); + } catch (TransformerException e) { + handleError(null, e, req, resp); + } + } /** * Adds a parameter to a URL. * @param url the URL diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index acf8b0b64..27f956c40 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -146,56 +146,8 @@ public class VerifyCertificateServlet extends AuthServlet { if (useMandate) {
- // Mandate Modus
- // make request to MIS
-
- AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
- SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-
- // get identitity link as byte[]
- Element elem = session.getIdentityLink().getSamlAssertion();
- String s = DOMUtils.serializeNode(elem);
- byte[] idl = s.getBytes();
-
- // redirect url
- // build redirect(to the GetMISSessionIdSerlvet)
- String redirectURL =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- GET_MIS_SESSIONID,
- session.getSessionID());
-
- String oaURL = session.getOAURLRequested();
- OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
- String profiles = oaParam.getMandateProfiles();
-
- if (profiles == null) {
- Logger.error("No Mandate/Profile for OA configured.");
- throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
- }
-
- String profilesArray[] = profiles.split(",");
- for(int i = 0; i < profilesArray.length; i++) {
- profilesArray[i] = profilesArray[i].trim();
- }
- - String oaFriendlyName = oaParam.getFriendlyName(); - String mandateReferenceValue = session.getMandateReferenceValue();
- MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
- String redirectMISGUI = misSessionID.getRedirectURL();
-
- if (misSessionID == null) {
- Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
- throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
- }
-
- session.setMISSessionID(misSessionID.getSessiondId());
-
- resp.setStatus(302);
- resp.addHeader("Location", redirectMISGUI);
- Logger.debug("REDIRECT TO: " + redirectURL);
-
+ Logger.error("Online-Mandate Mode for foreign citizencs not supported."); + throw new AuthenticationException("auth.13", null);
}
else {
// Foreign Identities Modus
@@ -218,15 +170,7 @@ public class VerifyCertificateServlet extends AuthServlet { }
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
- } catch (GeneralSecurityException ex) {
- handleError(null, ex, req, resp);
- } catch (PKIException e) {
- handleError(null, e, req, resp);
- } catch (MISSimpleClientException e) {
- handleError(null, e, req, resp);
- } catch (TransformerException e) {
- handleError(null, e, req, resp);
- }
+ }
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 6d4a21674..fc5d82936 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -150,7 +150,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { // create the InfoboxReadRequest to get the certificate String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); - // build dataurl (to the GetForeignIDSerlvet) + // build dataurl (to the VerifyCertificateSerlvet) String dataurl = new DataURLBuilder().buildDataURL( session.getAuthURL(), diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index 7fe85cfae..8cc51bf93 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -579,6 +579,7 @@ public class ConfigurationBuilder { oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink"))); oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); oap.setProvideFullMandatorData(BoolUtils.valueOf(authComponent.getAttribute("provideFullMandatorData"))); + oap.setUseUTC(BoolUtils.valueOf(authComponent.getAttribute("useUTC"))); oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL)); oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index f85666acf..65e21cbce 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -84,6 +84,9 @@ public class OAAuthParameter extends OAParameter { * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data */ private boolean provideFullMandatorData; + + /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/ + private boolean useUTC; /** * url to a template for web page "Auswahl der Bürgerkartenumgebung" */ @@ -191,6 +194,14 @@ public class OAAuthParameter extends OAParameter { return provideFullMandatorData; } + /** + * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>. + * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>. + */ + public boolean getUseUTC() { + return useUTC; + } + /** * Returns the key box identifier. @@ -305,6 +316,16 @@ public class OAAuthParameter extends OAParameter { public void setProvideFullMandatorData(boolean provideFullMandatorData) { this.provideFullMandatorData = provideFullMandatorData; } + + /** + * Sets the useUTC variable. + * @param useUTC The useUTC value to set + */ + public void setUseUTC(boolean useUTC) { + this.useUTC = useUTC; + } + + /** * Sets the key box identifier. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 44eb98dad..79f3b4e30 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -107,6 +107,9 @@ public class AuthenticationData { * the corresponding <code>lt;saml:Assertion></code> */ private String samlAssertion; + + /** useUTC */ + private boolean useUTC; /** * creation timestamp */ @@ -166,6 +169,14 @@ public class AuthenticationData { public String getWBPK() { return wbPK; } + + /** + * Returns useUTC + * @return useUTC + */ + public boolean getUseUTC() { + return useUTC; + } /** * Sets the minorVersion. @@ -215,6 +226,10 @@ public class AuthenticationData { this.wbPK = wbPK; } + public void setUseUTC(boolean useUTC) { + this.useUTC = useUTC; + } + /** * Returns the assertionID. * @return String diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java index 5ce952662..2493f42b8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java @@ -63,7 +63,7 @@ public class SAMLRequestBuilder implements Constants { */ public Element build(String requestID, String samlArtifactBase64) throws BuildException { try { - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); + String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), true); String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64}); Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); return requestElem; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 8c3bccab3..fa220d13d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -75,6 +75,36 @@ public class ParamValidatorUtils { return false;
}
+ } + + /** + * Checks if the given target is valid + * @param sourceID HTTP parameter from request + * @return + */ + public static boolean isValidSourceID(String sourceID) { + + Logger.debug("Überprüfe Parameter sourceID"); + + // if non parameter is given return true + if (sourceID == null) { + Logger.debug("Parameter Target ist null"); + return true; + } + + + Pattern pattern = Pattern.compile("[\\w-_]{1,50}"); + Matcher matcher = pattern.matcher(sourceID); + boolean b = matcher.matches(); + if (b) { + Logger.debug("Parameter sourceID erfolgreich überprüft"); + return true; + } + else { + Logger.error("Fehler Überprüfung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-50 Zeichen lang)"); + return false; + } + }
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index 1181253f1..620919c61 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -149,7 +149,8 @@ public class MISSimpleClient { Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest");
Element idlElement = doc.createElementNS(MIS_NS, "IdentityLink");
-
+ + idlElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(idl))));
mirElement.appendChild(idlElement);
@@ -237,7 +238,18 @@ public class MISSimpleClient { }
}
- private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException {
+ private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException { + +// try { +// System.out.println("REQUEST-MIS: \n" + DOMUtils.serializeNode(request)); +// } catch (TransformerException e1) { +// // TODO Auto-generated catch block +// e1.printStackTrace(); +// } catch (IOException e1) { +// // TODO Auto-generated catch block +// e1.printStackTrace(); +// } +
if (webServiceURL == null) {
throw new NullPointerException("Argument webServiceURL must not be null.");
}
@@ -249,7 +261,8 @@ public class MISSimpleClient { PostMethod post = new PostMethod(webServiceURL);
StringRequestEntity re = new StringRequestEntity(DOMUtils.serializeNode(packIntoSOAP(request)),"text/xml", "UTF-8");
post.setRequestEntity(re);
- int responseCode = httpclient.executeMethod(post);
+ int responseCode = httpclient.executeMethod(post); +
if (responseCode != 200) {
throw new MISSimpleClientException("Invalid HTTP response code " + responseCode);
}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java index fcf7477c5..818773794 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java @@ -47,7 +47,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { "http://localhost:9080/", //oaURL "file:" + findXmldata("AuthTemplate.html"), "http://localhost:3495/http-security-layer-request", - null, null, null); + null, null, null, null); htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED"); //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8")); assertEquals(readXmldata("htmlForm.html"),htmlForm); @@ -66,7 +66,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { null, "http://localhost:9080/", //oaURL null, - "http://localhost:3495/http-security-layer-request", null, null, null); + "http://localhost:3495/http-security-layer-request", null, null, null, null); htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED"); //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8")); assertEquals(readXmldata("htmlForm.html"),htmlForm); @@ -87,7 +87,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { "file:" + findXmldata("AuthTemplate.html"), null, null, - null, null); + null, null, null); htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED"); //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8")); assertEquals(readXmldata("htmlForm.html"),htmlForm); @@ -106,7 +106,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { "gb", //target null, "http://localhost:9080/", //oaURL - null, null, null, null, null); + null, null, null, null, null, null); //assertEquals("",htmlForm); System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); fail(this.getName() + " hat KEINE FEHLER geworfen"); @@ -126,7 +126,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { try { server.startAuthentication("http://localhost:8080/auth", //authURL "gb", null, "http://localhost:9080/", //oaURL - null, null, null, null, null); + null, null, null, null, null, null); System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); fail(this.getName() + " hat KEINE FEHLER geworfen"); } @@ -144,7 +144,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { try { server.startAuthentication("https://localhost:8443/auth", //authURL "gb", null, "http://host_not_in_config/", //oaURL - null, null, null, null, null); + null, null, null, null, null, null); System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); fail(this.getName() + " hat KEINE FEHLER geworfen"); } @@ -163,7 +163,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { try { server.startAuthentication("https://localhost:8443/auth", //authURL "gb", null, null, //oaURL - null, null, null, null, null); + null, null, null, null, null, null); System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); fail(this.getName() + " hat KEINE FEHLER geworfen"); } @@ -182,7 +182,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { try { server.startAuthentication("https://localhost:8443/auth", //authURL null, null, "http://localhost:9080/", //oaURL - null, null, null, null, null); + null, null, null, null, null, null); System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); fail(this.getName() + " hat KEINE FEHLER geworfen"); } diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java index 6ebb3cf3e..d9cd13259 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java @@ -598,7 +598,7 @@ public class Test300VerifyAuthBlock extends AbnahmeTestCase { authData.setMinorVersion(0); authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); - authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); + authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance(), false)); String vpkBase64 = new BPKBuilder().buildBPK( identityLink.getIdentificationValue(), session.getTarget()); authData.setBPK(vpkBase64); @@ -619,7 +619,7 @@ public class Test300VerifyAuthBlock extends AbnahmeTestCase { oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : ""; String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : ""; String samlAssertion = new AuthenticationDataAssertionBuilder().build( - authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null); + authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null, null); authData.setSamlAssertion(samlAssertion); return authData; } diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java index a66e6072c..fab258e09 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java @@ -228,7 +228,7 @@ public class Test600GetAuthenticationDataService extends AbnahmeTestCase { String request = "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"" + moaSessionID + "\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"" + - DateTimeUtils.buildDateTime(Calendar.getInstance())+"\">" + + DateTimeUtils.buildDateTime(Calendar.getInstance(), false)+"\">" + "</samlp:Request>"; Element samlPRequest = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); diff --git a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java index 69f33f82c..8e38c7673 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java @@ -142,7 +142,7 @@ public class AbnahmeTestCase extends MOAIDTestCase { null, null, null, - null); + null, null); String sessionID = parseSessionIDFromForm(htmlForm); return sessionID; } diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java index 052c1fed4..187f577a3 100644 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java @@ -54,7 +54,7 @@ public class AuthenticationServerTest extends UnitTestCase { public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception { String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/"; AuthenticationServer server = AuthenticationServer.getInstance(); - String htmlForm = server.startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, null, null, null); + String htmlForm = server.startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, null, null, null, null); String sessionID = parseSessionIDFromForm(htmlForm); String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml"); HashMap parameters = new HashMap(1); |